RE: [Declude.JunkMail] Another Hijack question
Alex, I have seen no issues with Hijack and Imail V. 8. Are you using DAISYCHAIN any where in Declude? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Artigues Sent: Wednesday, June 25, 2003 7:56 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Another Hijack question Scott, Has anything changed in Imail 8 that changes the way hijack clears hold 1? I've had to raise the hold one to a high number to basically disable hijack. If anything gets caught in 1 and 2 is not reached it just sits in hold one, closing the console doesn't help. hasn't been much of an issue to me but since John just brought up hijack it made me think of it. Thanks, Alex
[Declude.JunkMail] Test on Imail X-header
How would I test in Declude for the presence of the X-Imail-Spam header? (or does running order prevent this?) I want Declude to put a Spam notation in the subject line when an email fails enough of either Imail or Declude checking. Thanks, John
[Declude.JunkMail] AOL
I know I saw a bunch of strings last week regarding AOL so I hate to ask again but here it goes. I have users who were able to send to AOL accounts until recently. What needs to be done on either my end or the AOL end to send mail to them? Thanks for any insight to this. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL
I have noticed that AOL frequently rejects connect attempts so it requires multiple retries to get mail to AOL users. Set you retries to a higher number and see if that helps like it did for us. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bridges, Samantha Sent: Thursday, June 26, 2003 6:54 AM To: Junkmail 'Declude. (E-mail) Subject: [Declude.JunkMail] AOL I know I saw a bunch of strings last week regarding AOL so I hate to ask again but here it goes. I have users who were able to send to AOL accounts until recently. What needs to be done on either my end or the AOL end to send mail to them? Thanks for any insight to this. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test on Imail X-header
Create a filterfile test, then have it check HEADERS for that string. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Thursday, June 26, 2003 5:48 AM To: Declude JunkMail Subject: [Declude.JunkMail] Test on Imail X-header How would I test in Declude for the presence of the X-Imail-Spam header? (or does running order prevent this?) I want Declude to put a Spam notation in the subject line when an email fails enough of either Imail or Declude checking. Thanks, John
RE: [Declude.JunkMail] AOL
Samantha, You could start with this: WARNING: One or more of your mailservers claims to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but is a technical violation of RFC821 4.3. macombisd.org claims to be host http://www.dnsreport.com/tools/dnsreport.ch?domain=macombisd.org+ David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, 26 June, 2003 16:54 To: Junkmail 'Declude. (E-mail) Subject: [Declude.JunkMail] AOL I know I saw a bunch of strings last week regarding AOL so I hate to ask again but here it goes. I have users who were able to send to AOL accounts until recently. What needs to be done on either my end or the AOL end to send mail to them? Thanks for any insight to this. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL
I'm getting that indication when I run the DNS report from dnsreport.com. I'm running Imail 8.0 does anybody know how to fix this? Terry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Sent: Thursday, June 26, 2003 7:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] AOL Samantha, You could start with this: WARNING: One or more of your mailservers claims to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but is a technical violation of RFC821 4.3. macombisd.org claims to be host http://www.dnsreport.com/tools/dnsreport.ch?domain=macombisd.org+ David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, 26 June, 2003 16:54 To: Junkmail 'Declude. (E-mail) Subject: [Declude.JunkMail] AOL I know I saw a bunch of strings last week regarding AOL so I hate to ask again but here it goes. I have users who were able to send to AOL accounts until recently. What needs to be done on either my end or the AOL end to send mail to them? Thanks for any insight to this. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DECCON
Anybody have documentation on how to interpret the displayed information from DECCON? Terry --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL
macombisd.org claims to be host I'm getting that indication when I run the DNS report from dnsreport.com. I'm running Imail 8.0 does anybody know how to fix this? It's actually not an IMail issue -- it's a firewall issue. You've got a broken firewall that is preventing your mailserver from being RFC-compliant (a lot of Ciscos seem to do this). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Console and Hijack question
I thought Win2003 was supposed to have added console access to Terminal Services (I have some recollection that you are running 2003, could be wrong though)? If you are not running 2003, just install VNC for the occasions you need console access. That's what I had to do. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, June 25, 2003 6:21 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Console and Hijack question If the console is not being used at all, how does Hijack keep track of IP addresses? It does not. Without the Declude console running, Declude Hijack will not work. However, if the \IMail\Deccon.exe file exists, then it will automatically get started by Declude Hijack as needed. Thanks. Along that same line then, as has been discussed before, any thought to changing deccon.exe so as to be able to access from other than the console, and other than the lengthy work around we discussed last year but that I have not had the time to try yet? Not high priority. (Unless of course an IP gets listed ala hold 2 and the server has to be restarted.) John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Console and Hijack question
I don't know what they did, and it is running as a service, but, SimpleDNS Plus by jhsoftware.com had a similar issue with the need for console access, however they found a way around it in their beta version (not publicly released thought). I may have to poke at it a bit to see if I can figure it out. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, June 25, 2003 7:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Console and Hijack question Along that same line then, as has been discussed before, any thought to changing deccon.exe so as to be able to access from other than the console, and other than the lengthy work around we discussed last year but that I have not had the time to try yet? The problem is that it must run when the system is first started, but it seems that Terminal Services doesn't have any way to let you access the default window. There may be a way to get around this in Declude, but we haven't stumbled across anything yet. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test on Imail X-header
Of all of the spam tests that IMail V8.0 now supports, all but the statistical content filtering test (which is the one that places the X-Imail-Spam entry into the header) run before being passed to Declude JunkMail. Unfortunately, the IMail statistical test does not run until JunkMail passes the message back to IMail for delivery. I'm not sure what the rationale was for this, but maybe if we ask IPSwitch (wishlist) to change the process order and run this test before handing off to Declude, this could get changed in a future release. Also, maybe there is a registry entry that can be modified to change the process order? A good question for IPSwitch... Bill - Original Message - From: John Carter To: Declude JunkMail Sent: Thursday, June 26, 2003 5:48 AM Subject: [Declude.JunkMail] Test on Imail X-header How would I test in Declude for the presence of the X-Imail-Spam header? (or does running order prevent this?) I want Declude to put a Spam notation in the subject line when an email fails enough of either Imail or Declude checking. Thanks, John
RE: [Declude.JunkMail] AOL
I run an Exchange 5.5 server that IMail forward to. The Exchange server allows you to put in a Reply Address. My Exchange server is macombisd.org and the IMail server is misd.net. Sorry for the confusion. Samantha -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 11:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] AOL macombisd.org claims to be host I'm getting that indication when I run the DNS report from dnsreport.com. I'm running Imail 8.0 does anybody know how to fix this? It's actually not an IMail issue -- it's a firewall issue. You've got a broken firewall that is preventing your mailserver from being RFC-compliant (a lot of Ciscos seem to do this). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL
Yah.. Something is wack with your mail server... telnet exmail.macombisd.org 25 Trying 64.88.82.249... Connected to exmail.macombisd.org. Escape character is '^]'. 220 2* From: David [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 26 Jun 2003 17:31:14 +0300 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] AOL Samantha, You could start with this: WARNING: One or more of your mailservers claims to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). This probably won't cause any harm, but is a technical violation of RFC821 4.3. macombisd.org claims to be host http://www.dnsreport.com/tools/dnsreport.ch?domain=macombisd.org+ David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Console and Hijack question
I thought Win2003 was supposed to have added console access to Terminal Services (I have some recollection that you are running 2003, could be wrong though)? If you are not running 2003, just install VNC for the occasions you need console access. That's what I had to do. I was using Windows Server 2003 on one server, but that server is no longer in use. Do to business startup and move, I have not had time to do the testing with it on Windows Server 2003 in a lab. I will not leave any production server logged on. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL
Yah.. Something is wack with your mail server... telnet exmail.macombisd.org 25 Trying 64.88.82.249... Connected to exmail.macombisd.org. Escape character is '^]'. 220 ** ** 2* You need to turn off SMTP fixup protocol on your Cisco PIX firewall. ~Patrick --- [This E-mail scanned for viruses by Declude/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test on Imail X-header
Not possible with the current process order. IMail does not run this test until after Declude has finished and passed the message back to IMail for delivery. Bill - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 7:14 AM Subject: RE: [Declude.JunkMail] Test on Imail X-header Create a filterfile test, then have it check HEADERS for that string. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John CarterSent: Thursday, June 26, 2003 5:48 AMTo: Declude JunkMailSubject: [Declude.JunkMail] Test on Imail X-header How would I test in Declude for the presence of the X-Imail-Spam header? (or does running order prevent this?) I want Declude to put a Spam notation in the subject line when an email fails enough of either Imail or Declude checking. Thanks, John
RE: [Declude.JunkMail] Console and Hijack question
You don't have to leave it logged on, you can log in and out remotely with VNC, you can even lock out the local inputs while in remote mode. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 26, 2003 10:33 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Console and Hijack question I thought Win2003 was supposed to have added console access to Terminal Services (I have some recollection that you are running 2003, could be wrong though)? If you are not running 2003, just install VNC for the occasions you need console access. That's what I had to do. I was using Windows Server 2003 on one server, but that server is no longer in use. Do to business startup and move, I have not had time to do the testing with it on Windows Server 2003 in a lab. I will not leave any production server logged on. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Another Hijack question
John, I'm not using daisychain. Actually I just looked and it appears to only happen when hold one is reachedwhen people are sendingfrom killerwebmail. Alex - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 2:27 AM Subject: RE: [Declude.JunkMail] Another Hijack question Alex, I have seen no issues with Hijack and Imail V. 8. Are you using DAISYCHAIN any where in Declude? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex ArtiguesSent: Wednesday, June 25, 2003 7:56 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Another Hijack question Scott, Has anything changed in Imail 8 that changes the way hijack clears hold 1? I've had to raise the hold one to a high number to basically disable hijack. If anything gets caught in 1 and 2 is not reached it just sits in hold one, closing the console doesn't help. hasn't been much of an issue to me but since John just brought up hijack it made me think of it. Thanks, Alex
RE: [Declude.JunkMail] Another Hijack question
Ah, the IP address of the server is being caught. In that case, you should use ALLOWIP and the IP of the server. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Artigues Sent: Thursday, June 26, 2003 9:37 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Another Hijack question John, I'm not using daisychain. Actually I just looked and it appears to only happen when hold one is reachedwhen people are sendingfrom killerwebmail. Alex - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 2:27 AM Subject: RE: [Declude.JunkMail] Another Hijack question Alex, I have seen no issues with Hijack and Imail V. 8. Are you using DAISYCHAIN any where in Declude? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Artigues Sent: Wednesday, June 25, 2003 7:56 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Another Hijack question Scott, Has anything changed in Imail 8 that changes the way hijack clears hold 1? I've had to raise the hold one to a high number to basically disable hijack. If anything gets caught in 1 and 2 is not reached it just sits in hold one, closing the console doesn't help. hasn't been much of an issue to me but since John just brought up hijack it made me think of it. Thanks, Alex
Re: [Declude.JunkMail] Test order and whitelist
I found archived messages about the order in which tests are run, but nothing which directly applies to something I noticed in our logs. Whitelisting works, but many messages are getting tests run on them before the whitelist. Seems like a waste of CPU. Is there a way to make Declude skip all tests on a whitelisted address? Here are edited sample log entries ... What you want is the PREWHITELIST ON option of the latst beta version. That will automatically bypass scanning of E-mail that gets whitelisted for certain reasons (not all, though). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Test order and whitelist
I found archived messages about the order in which tests are run, but nothing which directly applies to something I noticed in our logs. Whitelisting works, but many messages are getting tests run on them before the whitelist. Seems like a waste of CPU. Is there a way to make Declude skip all tests on a whitelisted address? Here are edited sample log entries ... 00:08:20 Q2e41244d034235f2 SPAMDOMAINS:5 NOPOSTMASTER:6 . Total weight = 11 00:08:20 Q2e41244d034235f2 E-mail whitelisted - automatically passing all spam tests [ListedText] 00:08:20 Q2e41244d034235f2 Subject: ListedText (192.168.1.1) Alerts 00:08:20 Q2e41244d034235f2 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 13:15:14 Qe68d132103581e07 WHITELISTFROM:-20 nNOLEGITCONTENT:-1 REVDNS:3 nIPNOTINMX:-2 . Total weight = -20 13:15:14 Qe68d132103581e07 E-mail whitelisted - automatically passing all spam tests [EMAIL PROTECTED] 13:15:14 Qe68d132103581e07 Subject: RE: Fixed assets 13:15:14 Qe68d132103581e07 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL
According to you guys its not the mail server it is the Firewallright? What needs to be changed on the Firewall and why is the current setup so bad? Thanks Samantha -Original Message- From: Patrick Childers [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] AOL Yah.. Something is wack with your mail server... telnet exmail.macombisd.org 25 Trying 64.88.82.249... Connected to exmail.macombisd.org. Escape character is '^]'. 220 ** ** 2* You need to turn off SMTP fixup protocol on your Cisco PIX firewall. ~Patrick --- [This E-mail scanned for viruses by Declude/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Domlist or other Log tool
What I'm looking for is a way to monitor store and forward domains. It appears that the domlist tool doesn't count messages for these domains. Am I missing something with domlist, or does anybody know of a tool that will be able to give me stats like the following: Total number of messages (smtpd) for example.com. Total number of messages (smtp-) for example.com. How many virus were stopped by Declude for example.com. And finally how many messages failed WEIGHT20 test for example.com. Any help would be greatly appreciated!! Thanks, Russ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test order and whitelist
You know, this brings up another point. We use a weighting method and consider all 20 weights to be spam. Once that weight is reached, it would make sense to stop testing to save proc time. Just food for thought. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, June 26, 2003 9:58 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Test order and whitelist I found archived messages about the order in which tests are run, but nothing which directly applies to something I noticed in our logs. Whitelisting works, but many messages are getting tests run on them before the whitelist. Seems like a waste of CPU. Is there a way to make Declude skip all tests on a whitelisted address? Here are edited sample log entries ... What you want is the PREWHITELIST ON option of the latst beta version. That will automatically bypass scanning of E-mail that gets whitelisted for certain reasons (not all, though). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL
According to you guys its not the mail server it is the Firewallright? Correct. What needs to be changed on the Firewall I believe someone said it is the SMTP Fixup Protocol that needs to be turned off. and why is the current setup so bad? Two reasons: [1] It makes your server non-RFC-compliant [2] The security feature is broken (specifically, it is leaking information it was designed to hide) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test order and whitelist
That seems all well and good, but what if you next test has a large negative weight? If your email didn't get the chance to fail that test, you may get many more false positives. Perhaps if there was a way to order the tests so the admin could put all the tests that have the potential of a negative weight first then you could implement such an option. But, I get the feeling that the bulk of our tests are DNS based and there is more waiting for the results than anything else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Brody Sent: Thursday, June 26, 2003 10:37 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Test order and whitelist You know, this brings up another point. We use a weighting method and consider all 20 weights to be spam. Once that weight is reached, it would make sense to stop testing to save proc time. Just food for thought. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, June 26, 2003 9:58 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Test order and whitelist I found archived messages about the order in which tests are run, but nothing which directly applies to something I noticed in our logs. Whitelisting works, but many messages are getting tests run on them before the whitelist. Seems like a waste of CPU. Is there a way to make Declude skip all tests on a whitelisted address? Here are edited sample log entries ... What you want is the PREWHITELIST ON option of the latst beta version. That will automatically bypass scanning of E-mail that gets whitelisted for certain reasons (not all, though). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL
Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows only SMTP Anyone using Imail peering will not be able to disable ESMTP Rick Davidson Buckeye Internet Inc www.buckeyeweb.com 440-953-1900 ext: 222 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:48 PM Subject: RE: [Declude.JunkMail] AOL According to you guys its not the mail server it is the Firewallright? Correct. What needs to be changed on the Firewall I believe someone said it is the SMTP Fixup Protocol that needs to be turned off. and why is the current setup so bad? Two reasons: [1] It makes your server non-RFC-compliant [2] The security feature is broken (specifically, it is leaking information it was designed to hide) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL
Isn't that backwards? Firewall with Fixup - ESMTP will not work, and mail defaults to ordinary SMTP transaction Firewall without Fixup -- ESMTP works fine Jason - Original Message - From: Rick Davidson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:02 PM Subject: Re: [Declude.JunkMail] AOL Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows only SMTP Anyone using Imail peering will not be able to disable ESMTP Rick Davidson Buckeye Internet Inc www.buckeyeweb.com 440-953-1900 ext: 222 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:48 PM Subject: RE: [Declude.JunkMail] AOL According to you guys its not the mail server it is the Firewallright? Correct. What needs to be changed on the Firewall I believe someone said it is the SMTP Fixup Protocol that needs to be turned off. and why is the current setup so bad? Two reasons: [1] It makes your server non-RFC-compliant [2] The security feature is broken (specifically, it is leaking information it was designed to hide) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL
Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows only SMTP Anyone using Imail peering will not be able to disable ESMTP Does that mean that Cisco firewalls can't be set up not to interfere with SMTP transactions? If enabling the fixup protocol breaks RFC-compliance and doesn't do all that it is supposed to, and disabling it disables SMTP AUTH, those firewalls need to be thrown out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Another Hijack question
good idea - thanks John. I was just stumped as to why they never cleared out of hold 1 but that solution will work:) - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 12:55 PM Subject: RE: [Declude.JunkMail] Another Hijack question Ah, the IP address of the server is being caught. In that case, you should use ALLOWIP and the IP of the server. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex ArtiguesSent: Thursday, June 26, 2003 9:37 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Another Hijack question John, I'm not using daisychain. Actually I just looked and it appears to only happen when hold one is reachedwhen people are sendingfrom killerwebmail. Alex - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 2:27 AM Subject: RE: [Declude.JunkMail] Another Hijack question Alex, I have seen no issues with Hijack and Imail V. 8. Are you using DAISYCHAIN any where in Declude? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex ArtiguesSent: Wednesday, June 25, 2003 7:56 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Another Hijack question Scott, Has anything changed in Imail 8 that changes the way hijack clears hold 1? I've had to raise the hold one to a high number to basically disable hijack. If anything gets caught in 1 and 2 is not reached it just sits in hold one, closing the console doesn't help. hasn't been much of an issue to me but since John just brought up hijack it made me think of it. Thanks, Alex
RE: [Declude.JunkMail] Test order and whitelist
You know, this brings up another point. We use a weighting method and consider all 20 weights to be spam. Once that weight is reached, it would make sense to stop testing to save proc time. Just food for thought. That's one we've given some thought to. The catch, though, is negative weights -- for example, E-mail from @yahoo.com will fail the NOPOSTMASTER/NOABUSE tests, so lots of people give it a negative weight. If the processing is stopped when a weight of 20 is reached, Declude JunkMail might miss a test that would have reduced the weight to less than 20. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] AOL
Does that mean that Cisco firewalls can't be set up not to interfere with SMTP transactions? Nah, PIXes are fine with no smtp fixup. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL
If it is a CISCO pix you need to add the line no fixup protocol smtp 25 I just looked in our PIX and this is the exact line. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Newland Sent: Thursday, June 26, 2003 11:12 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] AOL Isn't that backwards? Firewall with Fixup - ESMTP will not work, and mail defaults to ordinary SMTP transaction Firewall without Fixup -- ESMTP works fine Jason - Original Message - From: Rick Davidson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:02 PM Subject: Re: [Declude.JunkMail] AOL Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows only SMTP Anyone using Imail peering will not be able to disable ESMTP Rick Davidson Buckeye Internet Inc www.buckeyeweb.com 440-953-1900 ext: 222 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:48 PM Subject: RE: [Declude.JunkMail] AOL According to you guys its not the mail server it is the Firewallright? Correct. What needs to be changed on the Firewall I believe someone said it is the SMTP Fixup Protocol that needs to be turned off. and why is the current setup so bad? Two reasons: [1] It makes your server non-RFC-compliant [2] The security feature is broken (specifically, it is leaking information it was designed to hide) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Cisco Pix firewall fixup
I have talked to cisco people in Cebit Hannover about the PIX problem Rifat : The Fix-up protocol does not support ESMTP , my clients need to use SMTP Authentication. Cisco Tech Guy : Just use the Vpn client to get the client to local subnet. Rifat : My clients PIX is a cheaper model it does not support VPN Cisco Tech Guy : We just released a IPSEC pack just dowload it from the web site. Result : As a company which have the biggest sale volume in our country of cisco routers, we are using Netscreen firewall. Fact : Pix router is not a real cisco product , it is a product added to the list after the acquisition of a security company. Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Test on Imail X-header
I'm not sure what the rationale was for this... Simplicity and performance: if you separated the all-in-one Queue Manager into a separate Content Scanner and a Queue Manager (with the ability to interpolate third-party processors at any point), an all-IMail setup would be (relatively) handicapped. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] AOL
Yes ,exactly Remove the smtp fixup and everything works fine Better , remove the PIX firewall from your system , and add a real firewall , You will have much less problems. Rifat - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: R. Scott Perry [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:26 PM Subject: Re[2]: [Declude.JunkMail] AOL Does that mean that Cisco firewalls can't be set up not to interfere with SMTP transactions? Nah, PIXes are fine with no smtp fixup. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Cisco Pix firewall fixup
But just because your Cisco tech guy doesn't know anything about the application-level effects of the Cisco fixup features doesn't mean there's anything wrong or unreal about the PIX as a firewall, as long as you eliminate the fixup problem. If neither you nor the tech thought or wondered about turning off fixup, which is very well documented, that's no fault of the product itself (though I can understand the desire for vengeance at a vendor rep who didn't know his stuff). The PIX is a highly resilient enterprise firewall. Like other products that dabble in application proxying (WatchGuard, etc.), its proxy functions are not as well thought out. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Cisco Pix firewall fixup
Terry here, Now I am lost...should the fix-up protocol be used or not? If not, how is it turned off? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis Sent: Thursday, June 26, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Cisco Pix firewall fixup I have talked to cisco people in Cebit Hannover about the PIX problem Rifat : The Fix-up protocol does not support ESMTP , my clients need to use SMTP Authentication. Cisco Tech Guy : Just use the Vpn client to get the client to local subnet. Rifat : My clients PIX is a cheaper model it does not support VPN Cisco Tech Guy : We just released a IPSEC pack just dowload it from the web site. Result : As a company which have the biggest sale volume in our country of cisco routers, we are using Netscreen firewall. Fact : Pix router is not a real cisco product , it is a product added to the list after the acquisition of a security company. Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] AOL
We run a PIX with no Issues. Like any thing else if it is configured properly it will run great. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis Sent: Thursday, June 26, 2003 11:45 AM To: [EMAIL PROTECTED] Subject: Re: Re[2]: [Declude.JunkMail] AOL Yes ,exactly Remove the smtp fixup and everything works fine Better , remove the PIX firewall from your system , and add a real firewall , You will have much less problems. Rifat - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: R. Scott Perry [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:26 PM Subject: Re[2]: [Declude.JunkMail] AOL Does that mean that Cisco firewalls can't be set up not to interfere with SMTP transactions? Nah, PIXes are fine with no smtp fixup. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Cisco Pix firewall fixup
Terry , just disable the fixup protocol for smtp And all your problems will be over . Rifat - Original Message - From: Terry Parks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:03 PM Subject: RE: [Declude.JunkMail] Cisco Pix firewall fixup Terry here, Now I am lost...should the fix-up protocol be used or not? If not, how is it turned off? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis Sent: Thursday, June 26, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Cisco Pix firewall fixup I have talked to cisco people in Cebit Hannover about the PIX problem Rifat : The Fix-up protocol does not support ESMTP , my clients need to use SMTP Authentication. Cisco Tech Guy : Just use the Vpn client to get the client to local subnet. Rifat : My clients PIX is a cheaper model it does not support VPN Cisco Tech Guy : We just released a IPSEC pack just dowload it from the web site. Result : As a company which have the biggest sale volume in our country of cisco routers, we are using Netscreen firewall. Fact : Pix router is not a real cisco product , it is a product added to the list after the acquisition of a security company. Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] Test on Imail X-header
All so much hokum. This should be a configurable option to run all tests either before or after third-party plug-ins, but not a hard-coded split in the spam processing (again, at least not without a configuration option). Bill - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: Bill Landry [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 11:43 AM Subject: Re[2]: [Declude.JunkMail] Test on Imail X-header I'm not sure what the rationale was for this... Simplicity and performance: if you separated the all-in-one Queue Manager into a separate Content Scanner and a Queue Manager (with the ability to interpolate third-party processors at any point), an all-IMail setup would be (relatively) handicapped. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Cisco Pix firewall fixup
OK, What's the command to do this? Terry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis Sent: Thursday, June 26, 2003 12:12 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Cisco Pix firewall fixup Terry , just disable the fixup protocol for smtp And all your problems will be over . Rifat - Original Message - From: Terry Parks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:03 PM Subject: RE: [Declude.JunkMail] Cisco Pix firewall fixup Terry here, Now I am lost...should the fix-up protocol be used or not? If not, how is it turned off? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis Sent: Thursday, June 26, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Cisco Pix firewall fixup I have talked to cisco people in Cebit Hannover about the PIX problem Rifat : The Fix-up protocol does not support ESMTP , my clients need to use SMTP Authentication. Cisco Tech Guy : Just use the Vpn client to get the client to local subnet. Rifat : My clients PIX is a cheaper model it does not support VPN Cisco Tech Guy : We just released a IPSEC pack just dowload it from the web site. Result : As a company which have the biggest sale volume in our country of cisco routers, we are using Netscreen firewall. Fact : Pix router is not a real cisco product , it is a product added to the list after the acquisition of a security company. Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Cisco Pix firewall fixup
no fixup protocol smtp 25 I just looked in our PIX and this is the exact line. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Terry Parks Sent: Thursday, June 26, 2003 12:40 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Cisco Pix firewall fixup OK, What's the command to do this? Terry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis Sent: Thursday, June 26, 2003 12:12 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Cisco Pix firewall fixup Terry , just disable the fixup protocol for smtp And all your problems will be over . Rifat - Original Message - From: Terry Parks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:03 PM Subject: RE: [Declude.JunkMail] Cisco Pix firewall fixup Terry here, Now I am lost...should the fix-up protocol be used or not? If not, how is it turned off? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis Sent: Thursday, June 26, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Cisco Pix firewall fixup I have talked to cisco people in Cebit Hannover about the PIX problem Rifat : The Fix-up protocol does not support ESMTP , my clients need to use SMTP Authentication. Cisco Tech Guy : Just use the Vpn client to get the client to local subnet. Rifat : My clients PIX is a cheaper model it does not support VPN Cisco Tech Guy : We just released a IPSEC pack just dowload it from the web site. Result : As a company which have the biggest sale volume in our country of cisco routers, we are using Netscreen firewall. Fact : Pix router is not a real cisco product , it is a product added to the list after the acquisition of a security company. Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail scanned for viruses by SURFSIDE INTERNET] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDomains- Prodigy?
Title: Message Hi; Does anyone know of the Spamdomain entries for Prodigy? This is what I saw in a spam.. X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT, BASE64, FILTER-SUBJECT, FILTER-HEADER-XMAIL, COUNTRY, WEIGHT20s, WEIGHT20r, FREEEMAILSX-Weight: 49X-Mailfrom: ggreggoryspre.prodigy.netX-Note: Sent from: [EMAIL PROTECTED]X-Note: Sent from Reverse DNS: dsl-200-67-73-3.prodigy.net.mx ([200.67.73.3]). Is this the correct revdns for this? Regards, Kami
Re: [Declude.JunkMail] AOL
Correct. It will disable SMTP AUTH as well The fixup was added to IOS to allow ESMTP its quite a pickle Rick Davidson Buckeye Internet Inc www.buckeyeweb.com 440-953-1900 ext: 222 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 2:14 PM Subject: Re: [Declude.JunkMail] AOL Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows only SMTP Anyone using Imail peering will not be able to disable ESMTP Does that mean that Cisco firewalls can't be set up not to interfere with SMTP transactions? If enabling the fixup protocol breaks RFC-compliance and doesn't do all that it is supposed to, and disabling it disables SMTP AUTH, those firewalls need to be thrown out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL
I afraid you have got it backwards. The fixup protocol disables ESMTP, which would include SMTP Auth, because fixup or permits SMTP attributes, but none of the extended atributes. Disabling the fixup protocol allow for ESMTP to pass through the PIX, including SMTP Auth. Bill - Original Message - From: Rick Davidson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 3:04 PM Subject: Re: [Declude.JunkMail] AOL Correct. It will disable SMTP AUTH as well The fixup was added to IOS to allow ESMTP its quite a pickle Rick Davidson Buckeye Internet Inc www.buckeyeweb.com 440-953-1900 ext: 222 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 2:14 PM Subject: Re: [Declude.JunkMail] AOL Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows only SMTP Anyone using Imail peering will not be able to disable ESMTP Does that mean that Cisco firewalls can't be set up not to interfere with SMTP transactions? If enabling the fixup protocol breaks RFC-compliance and doesn't do all that it is supposed to, and disabling it disables SMTP AUTH, those firewalls need to be thrown out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDomains- Prodigy?
Title: Message This looks to be most likely a dynamic DSL customer of Unity Telephone: dig -x 200.67.73.3 ;; ANSWER SECTION:3.73.67.200.in-addr.arpa. 3380 IN PTR dsl-200-67-73-3.prodigy.net.mx. ;; AUTHORITY SECTION:73.67.200.in-addr.arpa. 3380 IN NS nsgdl2.uninet.net.mx.73.67.200.in-addr.arpa. 3380 IN NS nsmex2.uninet.net.mx.73.67.200.in-addr.arpa. 3380 IN NS nsmex4.uninet.net.mx.73.67.200.in-addr.arpa. 3380 IN NS nsmty2.uninet.net.mx.73.67.200.in-addr.arpa. 3380 IN NS dnsadm-interno.uninet.net.mx. ;; ADDITIONAL SECTION:nsgdl2.uninet.net.mx. 680 IN A 200.23.242.201nsmex2.uninet.net.mx. 680 IN A 200.33.146.201nsmex4.uninet.net.mx. 680 IN A 200.33.146.217nsmty2.uninet.net.mx. 680 IN A 200.33.148.201dnsadm-interno.uninet.net.mx. 680 IN A 200.33.150.193= whois -h whois.networksolutions.com uninet.net Registrant:Unity Telephone (UNINET2-DOM) 25 Main St Unity, ME 04988 US Domain Name: UNINET.NET Administrative Contact, Technical Contact: Unitel, Inc. (NA4701-ORG) [EMAIL PROTECTED] 25 Main St Unity, ME 04988 US 207-948-3900 Record expires on 03-Dec-2008. Record created on 04-May-2002. Database last updated on 26-Jun-2003 19:25:32 EDT. Domain servers in listed order: NS1.MEGALINK.NET 205.243.60.3 NS2.MEGALINK.NET 63.164.60.7 AUTH50.NS.UU.NET 198.6.1.161 This one most certainly should have failed the spamdomains test, and would have if setup correctly. Bill - Original Message - From: Kami Razvan To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 3:02 PM Subject: [Declude.JunkMail] SPAMDomains- Prodigy? Hi; Does anyone know of the Spamdomain entries for Prodigy? This is what I saw in a spam.. X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT, BASE64, FILTER-SUBJECT, FILTER-HEADER-XMAIL, COUNTRY, WEIGHT20s, WEIGHT20r, FREEEMAILSX-Weight: 49X-Mailfrom: ggreggoryspre.prodigy.netX-Note: Sent from: [EMAIL PROTECTED]X-Note: Sent from Reverse DNS: dsl-200-67-73-3.prodigy.net.mx ([200.67.73.3]). Is this the correct revdns for this? Regards, Kami
Re: [Declude.JunkMail] SPAMDomains- Prodigy?
Title: Message Scott, after thinking some more about Kami's situation, would this scenario pass or fail the spamdomains test?: == SpamDomain.txt file entry: prodigy.net Message from (X-Declude Sender): [EMAIL PROTECTED] Connecting mail server (or one tested based on HOP and IPBYPASS settings) IP Address: 1.2.3.4 RDNS for 1.2.3.4: abc.prodigy.net.biz == If the spamdomains test is setup as "CONTAINS", then I suspect it would pass the test. However, I don't think that is what we want, asin Kami's real-life example. This would most likely be a messages you would want to fail the spamdomains test. Several people, including myself, have asked for a way to define an exact match, or a way to define a delimiter in the config file so that we could define, for example, the spamdomains tests like: global.cfg: DELIMITER ~ prodigy.net~ ~mx1.abc.net~ ~mx2.xyz. ~mx5.cbs.com~ .nbc.net~.msnbc.com~ This could apply to the filter tests, as well. This would certainly remove a lot of the ambiguity and uncertainty surrounding these tests. Bill - Original Message - From: Bill Landry To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 4:32 PM Subject: Re: [Declude.JunkMail] SPAMDomains- Prodigy? This looks to be most likely a dynamic DSL customer of Unity Telephone:
Re: [Declude.JunkMail] SPAMDomains- Prodigy?
Scott, after thinking some more about Kami's situation, would this scenario pass or fail the spamdomains test?: == SpamDomain.txt file entry: prodigy.net Message from (X-Declude Sender): mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Connecting mail server (or one tested based on HOP and IPBYPASS settings) IP Address: 1.2.3.4 RDNS for 1.2.3.4: abc.prodigy.net.biz == Yes, it would. Several people, including myself, have asked for a way to define an exact match, or a way to define a delimiter in the config file so that we could define, for example, the spamdomains tests like: The real question is whether or not this will really happen -- I'm not sure that spammers will go to the trouble (and legal risk!) of doing something like that. If they have enough control over an IP that they can change the reverse DNS entry, they are very likely trackable, and if they use a Prodigy return address *and* use a reverse DNS entry with prodigy in it, they could very likely get sued for anything that they may have made from the spamming. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fail two tests, get extra points
We run Sniffer, and we're testing Alligate (soon to be buying). I'd like to set up a test that adds points if BOTH tests fail. An Accelerator test, I guess. For instance, let's say failing Alligate adds 5 points, and failing Sniffer adds 5 points. If an e-mail fails both, I want the total added to be 12 (new math). Conversely, a test that takes away points if both tests pass might also be interesting. I don't recall seeing anything like this. Is it possible? Rob www.iGive.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Double RDNS
We just purchased and implemented Declude Junkmail here. I am attempting to understand what should be changed to catch more messages. We are using the default values. Many messages are getting through with low values. One thing came to me tonight, I turned on the XINHEADER option to show the RDNS value. Is there a test that can do a DNS lookup with the hostname that is returned from the RDNS? The IP address returned should match the IP address originally used for the RDNS. I would like to see how often this is not the case on the messages that are getting through. Thanks, Mike K --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Political Spam
I preface this by saying that my techniques are based on studying and understanding spammers and the way they behave. More Sun Ztu than Zen: I've been noticing an increasing number of politically oriented spam, starting after the war with Iraq. The most wanted playing card spam turned into getting those who opposed the war. Since, I've seen anti Bush, pro Bush, and now anti Hillary and pro Hillary. This begs the question, are spammers (as a group) more Republican or Democrat? Maybe the 2010 US Census will have Spammer as an occupation... Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
