[Declude.JunkMail] strange DNS failures
First the backround ... Imail 8.01, Declude 1.75i2, WinXP Professional, Simple DNS 3.20.02 IN the past week, I've noticed the occasional REVDNS and SPAMDOMAINS failures ... when I look, the tests are positive because Declude is not getting a reverse DNS PTR record on the IP, and fails the test thinking the IP doesn't have a PTR record. But when I go to simple DNS, and look in the cache, the IP and PTR record are there ... they are being lookup. I then go to a workstation away from the Imail server, point to the DNS address, do a PTR lookup on the record, and the correct PTR record is returned. So it appears that Simple DNS is looking up the PTR records correctly, and will respond to an inquiry about them. As I said, it is not always happening ... noticed two false lookups this afternoon, but records were present. To possibly help the issue, I put the DNS statement into Junkmail global.cfg file so Junkmail has no excuse not to find the DNS server. Any other ideas? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interesting spam...
Yes, I got one of those personally. Incredibly cheeky, but no doubt there are people dumb enough to fall for it. If there weren't, we wouldn't still be getting those Nigerian scams. Got one of those yesterday, too. Visited their web site (which offers English and Russian language versions) and they have a not-too-convincing disclaimer saying they had nothing to do with the spam. -- --- Matt Robertson, [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DNS/mail guru?
We host a web site for a client who hosts and runs their own mail server. Their mail to me fails as following: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 209.83.72.234 with no reverse DNS entry. X-Declude-Sender: [EMAIL PROTECTED] [209.83.72.234] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: HELOBOGUS, IPNOTINMX, REVDNS, WEIGHT10 [10] They would like to set their server up properly. Who can I steer them to? Thanks, Harlan Young I Like It Like That, Inc. Pequot Lakes, MN 56472 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IPBYPASS not working
Thomas, I just implemented VirusWall, but in a different configuration than you have. I think you should start by turning off the Disable insertion of InterScan Received: header when processing messages. This is on the Advanced Options of the GUI, or in the intscan.ini in the [EMail-Scan] section by setting DisabledReceivedHeader=no. Then put in an IPBYPASS for that IP, which you say is 10.0.0.14 I'll have to leave it to others to comment on how this will affect your SPAMDOMAINS test. And FWIW, the Trend Micro InterScan VirusWall SMTP module does not gateway the TCP connection. It is a normal mail relay. It behaves as a normal MTA, receiving the entire message and committing it to disk before it scans the message for a virus. The confusing bit is that it happens to have a feature that it can happily forward mail to any port you specify (instead of just tcp/25), which is a convenience for many who want to run the VirusWall on the same box as their usual MTA. More implementation notes (off topic): - Trend doesn't do a sterling job of organizing the updates to this product. I found it necessary to make several tickets with their support desk and as a result applied: - the latest VSAPI engine 6.510-1002 - isnt3.53_servicepack_au1.32_b1000.zip to get the latest ActiveUpdate software - ISNTHotFix_B1563.zip to fix the logging of the inbound message action And the following changes to the intscan.ini to turn on silently quarantining the whole message if a virus is found in an inbound message (this is documented in the readme.txt): [EMail-Scan] HoldInfectedInboundMsgs=Yes I advise turning off this restrictive behaviour to prevent false positives in Trend Micro Solution ID 13509: [EMail-Scan] AllowMultiContentType=yes (default is no) VirusWall has the default behaviour of throttling the mail if there are more than 20 bad attempts to address mail through it. You'll want to set it to whatever number you feel comfortable with (note, these entries must be created): [EMail-Scan] MaxInServerTryCount=0 (default is 20) MaxOutServerTryCount=0 (default is 20) Andrew 8) -Original Message- From: Thomas Kishel [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 7:05 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] IPBYPASS not working Scott, The question here is What do you want IPBYPASS to do? We are using TrendMicro's VirusWall in front of our IMail server. It's SMTP service appears to gateway a tcp connection between the sending and receiving mail servers. Therefore, IMail sees incoming connections with the sending server representing itself with its configured host name but with the IP address of the gateway. I have configured Declude (1.75) to IPBYPASS that address, but the SPAMDOMAINS test always fails. Are my expectations unrealistic considering my environment, or is SPAMDOMAINS not honoring IPBYPASS? -- Topology: Internet - Firewall [(NAT) 208.20.231.2 - 10.0.0.2] - TrendMicro VirusWall [10.0.0.14] - Declude-IMail [10.0.0.4] -- Headers: Received: from web80703.mail.yahoo.com [10.0.0.14] by email.meridiancg.com (SMTPD32-8.00) id AD711A3011C; Wed, 06 Aug 2003 09:06:57 -0400 Message-ID: [EMAIL PROTECTED] Received: from [208.20.231.2] by web80703.mail.yahoo.com via HTTP; Wed, 06 Aug 2003 06:09:53 PDT Date: Wed, 6 Aug 2003 06:09:53 -0700 (PDT) From: Thomas Kishel [EMAIL PROTECTED] Subject: Test -- Declude Log: 08/06/2003 09:06:59 Qfd7101a3011ca7cd Msg failed SPAMDOMAINS (Spamdomain 'yahoo.com' found: Address of [EMAIL PROTECTED] sent from invalid .). Action=LOG. 08/06/2003 09:06:59 Qfd7101a3011ca7cd Subject: Test 08/06/2003 09:06:59 Qfd7101a3011ca7cd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 10.0.0.14 ID: -- IMail Log: SMTPD (01A3011C) [10.0.0.4] connect 10.0.0.14 port 42167 SMTPD (01A3011C) [10.0.0.14] HELO web80703.mail.yahoo.com SMTPD (01A3011C) [10.0.0.14] MAIL FROM:[EMAIL PROTECTED] SMTPD (01A3011C) [10.0.0.14] RCPT TO:[EMAIL PROTECTED] -- Thomas Kishel, Department Head - Systems Larson Texts, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] REVDNS- Blacklist revisit
Title: Message Hi; A while back I suggested a test based on REVDNS. The idea was simply trying to track spammers that are not just occasional senders but do this on a much larger scale. Since then we started tracking REVDNS of all addresses that send more than 1 email in a batch. Simply spammers that show up repeatedly in a single day and they send to a number of people on our servers.. The entries are taken from the results of this header entry: X-Note: Sent from Reverse DNS: This is just one of the many entries that shows some convergence...: .denyandpurify.com 65.214.161.222 .foxonthetrot.com 65.214.161.229 .elevengetseven.com 65.214.161.229.denyandpurify.com65.214.161.230 .elevengetseven.com 65.214.161.231 Different REVDNS .. same IP family.. two being identical IP's One thing about this company is the domains they use all follow similar thinking.. the server they use to send the emails are different .. but their name server appears to be the same. This could be a great test if added. Just some thoughts... Regards, Kami
Re: [Declude.JunkMail] ATTACH method not working properly
We're trying to make use of the ATTACH method (spamhider, whatever it's called) but aren't able to get it working properly. Here's the current spamattach.eml file (I think it's the default): You have spam! Subject: %SUBJECT% From: %MAILFROM% Tests Failed: %TESTSFAILED% To view the E-mail, just click the attachment. The problem here is that you also need the headers. The file should start with: Message-ID: [EMAIL PROTECTED] From: Declude JunkMail [EMAIL PROTECTED] To: %ALLRECIPS% Subject: You have spam Date: %RFCDATETIME% MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=%RANDOMSTRING% This is a multi-part message in MIME format. ... -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE : [Declude.JunkMail] BADHEADERS Question
Hi, Do you know also how to fix too that with ASPMAil ? Thanks Mehdi Blagui -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Jose Gosende Envoyé : lundi 11 août 2003 15:49 À : [EMAIL PROTECTED] Objet : RE: [Declude.JunkMail] BADHEADERS Question Interesting. Thanks for the info! Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, August 11, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BADHEADERS Question Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. Why would I need to upgrade my mail client? Because most people don't like running broken software on their servers. Most likely, you're running a beta version of the software involved. It's a ColdFusion page that's sending the email, by the way. AH! That explains the problem. http://www.mail-archive.com/[EMAIL PROTECTED]/msg00661.html covers getting CF not to fail the SPAMHEADERS test. Most likely, another broken part of CF (a bogus HELO/EHLO) is causing IMail to add a broken header (since IMail generates the header on the assumption that the HELO/EHLO information is valid), causing it to fail the BADHEADERS test. But, that problem will actually go away with the information at the above URL (since CF will add the header that IMail was adding). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fwd: SBL soon only from sbl.spamhaus.org
This was posted on NANOG today. Another MUST READ if you use the OSSOFT test or any other tests utilizing the Spamhaus SBL. Rick Rountree Dundee.net Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] X-Anti-Virus: Scanned for known viruses by sentinel.ultradesign.net Date: Wed, 6 Aug 2003 18:42:07 +0100 To: [EMAIL PROTECTED] From: Steve Linford [EMAIL PROTECTED] Subject: SBL soon only from sbl.spamhaus.org Sender: [EMAIL PROTECTED] X-Loop: nanog X-Declude-Sender: [EMAIL PROTECTED] [198.108.1.26] X-Spam-Tests-Failed: IPNOTINMX, LOCALFILTER, COUNTRY [-9] X-Note: Total spam weight of this E-mail is -9. X-Country-Chain: UNITED KINGDOM-UNITED STATES-destination X-RCPT-TO: [EMAIL PROTECTED] If you currently use the SBL by querying the master zone sbl.spamhaus.org then you can ignore this message. If you are using the SBL via 3rd party composite DNSBLs and not directly from sbl.spamhaus.org, then please read this as the following change affects your DNSBL setup. For a long time the SBL has been available either directly from Spamhaus (as sbl.spamhaus.org) or via 3rd party composite zones such as relays.osirusoft.com (as spamhaus.relays.osirusoft.com) and blackholes.easynet.nl which import SBL data from Spamhaus. This distribution is now changing. In order to better manage SBL logistics, DNSBL zone and query traffic, from Monday 11 August 2003 the SBL should only be available from sbl.spamhaus.org. The fact the SBL was available from multiple DNSBLs was causing some confusion, plus other small factors (such as the different zones having different build times - which for example meant that we'd tell someone an IP had been removed, but they'd contact us a few hours later to say it was still blocked), plus the likely emergence of further composite lists which may add confusion, meant that it was time to make a change now rather than in a year or two. So, if you are not using sbl.spamhaus.org but would like to continue using the SBL, please add sbl.spamhaus.org to your mail server's DNSBL list. -- Steve Linford The Spamhaus Project http://www.spamhaus.org --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Ebay and Spamdomians
In my experience, for HOTMAIL.COM in particular I've never seen a message sent through a non-Hotmail server. I think you might have a configuration problem if you are seeing tons of legitimate e-mail from non Hotmail servers. Especially since it's a web-based e-mail client I wouldn't think they could use anything but Microsoft owned, e.g. hotmail.com, msn.com, servers. I'm glad I posted on this as I am realizing that I am not understanding exactly what is going on. When I had the spamdomains test set at 2/3s of the hold weight, I would find 4 or 5 legitimate messages a day held, with spamdomains putting each message over the top. A quick look in my logs shows that 4 or 5 messages a day is a tiny percentage compared to the number of spammy messages that fail spamdomains. The problem is that these 4 or 5 messages a day are too many for me. It seems somebody is on my case whenever there is a false positive. I realize now that yahoo.com was probably a bad example, although I am sure that I have seen it happen. Perhaps Sheldon's explanation is correct. The bottom line is that I think I need to pay better attention to those false positives and see if I can figure out more about them. Thanks for the feedback, Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ebay and Spamdomians
Hey, Paul, et.al., My current SPAMDOMAINS has a weight of 10. The hold weights on most of my domains is well below 10 so almost every message failing SPAMDOMAINS is held. My current SD.TXT file has 118 lines in it. I'll see maybe 1 legit e-mail caught by SPAMDOMAINS for every 1000 messages, i.e. a message being sent from a spam domain through an alternate. So far I've been able to tweak SD.TXT and add an alias to deal with those. In my experience, for HOTMAIL.COM in particular I've never seen a message sent through a non-Hotmail server. I think you might have a configuration problem if you are seeing tons of legitimate e-mail from non Hotmail servers. Especially since it's a web-based e-mail client I wouldn't think they could use anything but Microsoft owned, e.g. hotmail.com, msn.com, servers. Later, Dan - Original Message - From: Paul Navarre [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 4:13 PM Subject: RE: [Declude.JunkMail] Ebay and Spamdomians I've been surprised at everyone waxing poetic over the spamdomains test. I have had to give this test very little wieght because we constantly get legitimate mail from spam domain addresses, but sent through other servers. For example, I see a ton of legitimate email from hotmail but where the sender sent it presumably through their work server. That's not a knock against Declude. The test works as advertised, and I do use it. I just have to give it very little weight. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] I am kinda confused.
I keep getting spam mails that should be caught. Here are the spam tests it fails. X-Spam-Tests-Failed: DSBL, SPAMCOP, EASYNET-DNSBL, EASYNET-PROXIES, BLITZEDALL, BASE64, HELOBOGUS, MAILFROM, IPNOTINMX, ROUTING, LONGSUBJECT, BLACKLIST, NOLEGITCONTENT, WEIGHT10, WEIGHT12, WEIGHT15, WEIGHT20 [85] The emails are kind of weird. The goto a postmaster alias on a different domain, then goto our abuse alias, then finally goes to two people, me and another person. I have a personalized .junkmail file that says: WEIGHT10 MAILBOX Spam WEIGHT12 MAILBOX Spam WEIGHT15 MAILBOX Spam WEIGHT20 MAILBOX Spam While the other person that recieves the email has a .junkmail file that says: WEIGHT10 SUBJECT [SPAM 10] WEIGHT12 SUBJECT [SPAM 12] WEIGHT15 SUBJECT [SPAM 15] WEIGHT20 SUBJECT [SPAM 20] Thanks for your help. Nathan Fouarge --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Link obfuscation in e-mail body
Will Declude see viphosts.net in the below obfuscated URL, when it is in the body of the e-mail? A Href=http://[EMAIL PROTECTED]#105;p#104;o#115;t#115;.net/cws.htm?jid=32022 title=GKjBK No, it will not. This is something that we plan to add support for at some point, though. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ip4r test
Is there a way to have an ip4r test match on several specific matchstring values? No, there is not. You would need to define one test for each matching value. I don't want to make a rule for each string I want to match, as this would do a DNS lookup for each string test. Actually, with v1.75, only one lookup will be performed, even if there are multiple tests defined. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
In almost all cases, this is a situation where someone thought it would be cool to tweak a setting that they weren't familiar with (Gee, Split attachments into multiple E-mails probably will make my E-mail faster!, they think). Heh, in our case it would be Hey, good way to get your message deleted. =) I've been deleting the Vulnerabilities, and more than 95% have all been SPAM, only 1 person I've spoken with to correct this problem ever complained, and as Scott mentioned, he thought it was to help speed up delivery. I just explained that ANY potential threat to our users is taken seriously, and we'll not risk the whole for someone too lazy to fix their mail. He fixed his problem. =) What about the rest on the list? Do you delete vulnerabilities? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test No Messages
I just finished getting all the latest updates, service packs and patches on my servers last week (spent a couple days double checking and catching what auto update doesn't show). I believe they all had that patch already, but could have been bad. I have been considering putting filters on all my access servers (I'm an ISP) to kill anything in our out for the commonly exploited windows ports (135, 139, etc.) to protect my users, and the internet. My concern is, that it might break some other type of functionality for users. Ayone have any thoughts? Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of paul Sent: Wednesday, August 13, 2003 2:25 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Test No Messages Too many people dealing with the msblast virus to complain about getting spam... :) Isn't THAT the truth sheesh. And what's even funnier, is the # of machines I've cleaned that have HAD the update sitting, waiting to be installed ARGH! What's updates ready to install mean? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPBYPASS not working
Andrew, I think you should start by turning off the Disable insertion of InterScan Received: header when processing messages. This is on the Advanced Options of the GUI, or in the intscan.ini in the [EMail-Scan] section by setting DisabledReceivedHeader=no. That is not available in the Unix version of VirusWall that we are using. InterScan v3.8 for UNIX Version Information : Scan Engine: 5.600-1011 Pattern Number: 600 SMTP version: 3.8-Build_1080 FTP version: 3.8-Build_1080 HTTP version: 3.8-Build_1080 Then put in an IPBYPASS for that IP, which you say is 10.0.0.14 That is already configured as such. And FWIW, the Trend Micro InterScan VirusWall SMTP module does not gateway the TCP connection. It is a normal mail relay. It behaves as a normal MTA, receiving the entire message and committing it to disk before it scans the message for a virus. The confusing bit is that it happens to have a feature that it can happily forward mail to any port you specify (instead of just tcp/25), which is a convenience for many who want to run the VirusWall on the same box as their usual MTA. That is true of VirusWall NT (which we used to implement), but is not true of VirusWall Linux. When you telnet to VirusWall Linux, you recieve the SMTP greeting from IMail. If IMail is not running, you cannot establish a connection to VirusWall Unix. -- Thomas Kishel, Department Head - Systems Larson Texts, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ebay and Spamdomians
I had the same thing with emails from Hotjobs and Monster.com. Because they all have the same basic subject line I chose to whitelist them. JP - Original Message - From: Sheldon Koehler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 12:01 PM Subject: [Declude.JunkMail] Ebay and Spamdomians I searched but with so many emails regarding SPAMDOMAINS I could not find the answer. I know it was discussed a few weeks ago about email coming from Ebay and legit greeting card sites that use the senders email address. Email from domains in the SD get bounced. Any ideas? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interesting spam...
Thanks, Kami. I've started a new section in one of my JunkMail Pro text filter files called Phishing for similar attempts to garner e-mail addresses and credit cards numbers. Andrew 8) -Original Message- From: Kami Razvan [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 2:11 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Interesting spam... Hi; I just saw a spam that I think we all need to block... = Important notice We have just charged your credit card for money laundry service in amount of $234.65 (because you are either child pornography webmaster or deal with dirty money, which require us to layndry them and then send to your checking account). If you feel this transaction was made by our mistake, please press No. If you confirm this transaction, please press Yes and fill in the form below. Enter your credit card number here: Enter your credit card expiration date: Contacts: Phone: +5982 902 5627 Fax: +5982 902 3114 E-mail: [EMAIL PROTECTED] ICQ: 156746629 == It should be interesting to see variations of this .. Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE : [Declude.JunkMail] RBL Question
Hi, Wich are the most effichient test that declude can check and have high rate of spam ? Also what do you think about combining declude power and Imail rules for keyword to check all the e-maisl that declude detected ( weight 0 ). For eg a suspecious mail with a subject Viagra is a 99.99% spam ? The objective is to avoid FP!! Also what do you think about combining declude + rules + Imail antispam to get the best efficiency. I'm actually trying to reach 80 % and have very very incredible FP rate ( less than 0.5 is my objective ). Also I had actually activate DELETE instruction for weight 25. I had run declude for mounths and very rarely so a FP getting so bad weight. Thanks for your help. Mehdi Blagui --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Transient Failure???
Off topic, maybe... We are seeing the error Persistent Transient Failure on email returned to other domains trying to email our user accounts. This is most frequently with email from the domain worldnet.att.net. Just what is this failure? Terry --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Ebay and Spamdomians
I've been surprised at everyone waxing poetic over the spamdomains test. I have had to give this test very little wieght because we constantly get legitimate mail from spam domain addresses, but sent through other servers. For example, I see a ton of legitimate email from hotmail but where the sender sent it presumably through their work server. That's not a knock against Declude. The test works as advertised, and I do use it. I just have to give it very little weight. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] What's a q*.gmd spool file?
Some spam made it through our Imail+JunkMail gateway last night, and I was wondering how it did it, because there were NO headers added by JunkMail Pro. According to my sys0806.txt logfile, the message was received by IMail, then it was later delivered to my internal mail server. I found a few messages like this, all of which were received, then the IMail smtpd service was administratively stopped and started, and when the messages were delivered inbound, they had a .GMD extension instead of .SMD I didn't find any mention of this in either the Mail Archives or the Ipswitch IMail support archive. I'm running Declude JunkMail v1.65 on IMail v7.13 Andrew 8) Excerpted sys0806.txt is in the small text attachment. 08:06 17:10 SMTPD(007B014E) [10.192.99.216] connect 64.156.222.31 port 40726 08:06 17:10 SMTPD(007B014E) [64.156.222.31] HELO mail31.webhostads.com 08:06 17:10 SMTPD(007B014E) [64.156.222.31] MAIL FROM: [EMAIL PROTECTED] 08:06 17:10 SMTPD(007B014E) [64.156.222.31] RCPT TO: [EMAIL PROTECTED] 08:06 17:10 SMTPD(007B014E) [64.156.222.31] D:\IMail\spool\D98e2007b014e333d.SMD 5007 08:06 20:17 SMTP-(0384) D:\IMail\spool\Q98e2007b014e333d.GMD 08:06 20:17 SMTP-(0384) processing D:\IMail\spool\Q98e2007b014e333d.GMD 08:06 20:17 SMTP-(0384) Trying bentall.com (0) 08:06 20:17 SMTP-(0384) Connect bentall.com [10.192.0.215:25] (1) 08:06 20:17 SMTP-(0384) 220 BT4Exch1.bentall.com InterScan VirusWall NT ESMTP 3.53 (build 1563) ready at Wed, 06 Aug 2003 20:17:10 -0700 08:06 20:17 SMTP-(0384) EHLO mail.bentall.com 08:06 20:17 SMTP-(0384) 250-BT4Exch1.bentall.com supports the following ESMTP extensions: 08:06 20:17 SMTP-(0384) 250 SIZE 0 08:06 20:17 SMTP-(0384) MAIL FROM:[EMAIL PROTECTED] 08:06 20:17 SMTP-(0384) 250 [EMAIL PROTECTED]: Sender Ok 08:06 20:17 SMTP-(0384) RCPT To:[EMAIL PROTECTED] 08:06 20:17 SMTP-(0384) 250 [EMAIL PROTECTED]: Recipient Ok 08:06 20:17 SMTP-(0384) DATA 08:06 20:17 SMTP-(0384) 354 BT4Exch1.bentall.com: Send data now. Terminate with . 08:06 20:17 SMTP-(0384) . 08:06 20:17 SMTP-(0384) 250 BT4Exch1.bentall.com: Message accepted for delivery 08:06 20:17 SMTP-(0384) rdeliver bentall.com [EMAIL PROTECTED] (1) [EMAIL PROTECTED] 4972 08:06 20:17 SMTP-(0384) QUIT 08:06 20:17 SMTP-(0384) 221 BT4Exch1.bentall.com closing connection. Goodbye! 08:06 20:17 SMTP-(0384) finished D:\IMail\spool\Q98e2007b014e333d.GMD status=1
[Declude.JunkMail] ip4r test
Is there a way to have an ip4r test match on several specific matchstring values? I don't want to make a rule for each string I want to match, as this would do a DNS lookup for each string test. ie, could I do something like: SPEWSip4rspews.relays.osirusoft.com127.0.0.2,127.0.0.3,127.0.0.9 60 Rob Salmond Ontario Die Company (519)-576-8950 ext. 132 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
I've always wondered about this. So how do you desensitize Outlook? i.e. tell it not to break apart attachments as John posted? Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Test No Messages
I have not received a message from the list in about 15 hours. This is a test message Kevin Bilbee Network Administrator Standard Abrasives, Inc. Changing the way industry works. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Just confirming syntax for whitelist.
Is this correct for my global.cfg? WHITELISTIP ipfile C:\IMail\Declude\whiteip.txtx -99 0 That will work fine, and will subtract 99 points from the weight of any E-mail coming from an IP listed in the whiteip.txt file. The name WHITELISTIP may cause confusion down the line (as it will work differently than the WHITELIST IP option), though. And for the syntax for the whiteip.txt file will this work? 63.126.244.0/24 That will work fine. Or for an individual IP, you could use 63.126.244.25. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] imail upgrade
If you install 8.01 the default settings are to place a header only. I did the upgrade using the 8.01 installer. If you do not have it contact IPSwitch and they will give you a link and passowrd. The install went smooth. and imail did not act on any email except for placing the header. I still went to the spam section for our ip and turned off all checking. I have not had time to test and read up on imails spam filtering. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Serge Sent: Thursday, August 07, 2003 5:11 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] imail upgrade hi scott i put this question on imail forum but did not get the answer i wan to upgrade from 7.15 to 8, but i do not want it to interferer with junkmail is there any default setting in 8 that will cause it to hold/delete spam ? i rememember many users having problems with default settings, but when I installed on a test server, no v8 action defaulted to hold/delete maybe ipswitch changed all defaults meanwhile? any help appreciated TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] re: Ideas
This probably won't be your only reply, but, the netblock is 69.60.0.0/24 (256 addresses), they only have a standard Class C allocation. I have 9 of them, if you can prove to your upstream provider the need, the good ones will give them to you, or many others will let you pay a one time setup for the routing. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, August 05, 2003 1:02 PM To: JunkMail Declude Subject: [Declude.JunkMail] re: Ideas This ISP or what ever they are send us a lot of spam I would not usually block this many IP addresses but? What do you all think? Ultimate Offers LLC. NET-69-60-0-0-24 (NET-69-60-0-0-2) 69.60.0.0 - 69.60.0.2 How did they get such a large block of IP Addresses I have randomly picked address in this block and they all come up in spam databases. 69.60.0.0/20 is listed in SBL. Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] strange DNS failures
Also, to eliminate options of what is causing the problem, I would suggest setting a different DNS server in the global.cfg and see if the error still occurs. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Sunday, August 10, 2003 3:35 PM To: R. Scott Perry Subject: Re[2]: [Declude.JunkMail] strange DNS failures That is unusual. Declude JunkMail should only fail the REVDNS test if it does get an answer from the DNS server, which says the reverse DNS entry does not exist (if there is a timeout, it should not fail the test). I agree .. and the DNS / Imail / Declude all reside on the same machine, so I would doubt if there were any type of timeouts getting the information. If this happens often, you could use the DEBUG mode (LOGLEVEL DEBUG), which records more details about the reverse DNS lookup in the log file. I'll have to keep that in mind. It only seems to happen once or twice a day if that ... very erratic. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] strange DNS failures
Could it be a timeout issue because of some network failure? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Sunday, August 10, 2003 12:41 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] strange DNS failures First the backround ... Imail 8.01, Declude 1.75i2, WinXP Professional, Simple DNS 3.20.02 IN the past week, I've noticed the occasional REVDNS and SPAMDOMAINS failures ... when I look, the tests are positive because Declude is not getting a reverse DNS PTR record on the IP, and fails the test thinking the IP doesn't have a PTR record. But when I go to simple DNS, and look in the cache, the IP and PTR record are there ... they are being lookup. I then go to a workstation away from the Imail server, point to the DNS address, do a PTR lookup on the record, and the correct PTR record is returned. So it appears that Simple DNS is looking up the PTR records correctly, and will respond to an inquiry about them. As I said, it is not always happening ... noticed two false lookups this afternoon, but records were present. To possibly help the issue, I put the DNS statement into Junkmail global.cfg file so Junkmail has no excuse not to find the DNS server. Any other ideas? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] GSC Files
Declude scnas GSC files. Is there an option to have them not be scanned. I have a situation where outlook users will log onto web mail and reply to a message they will also bcc them selves so they will get a copy sent to outlook. The messages are being caught by the mail from test and being held on the server. Is there a way to stop this from happening??? When will declude support whitlising authenticated users? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] capturing one email address
I have an email address that belongs to a domain we gate for that we would like to capture the email. Is there a way I could use Declude Junkmail to capture that specific email address ([EMAIL PROTECTED]) to attach it to me so we could look at it? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Suggestions for blocking certain sender-adresses for a single virt.Host
We have hundreds of virt. hosts on our Imail server and use Declude Virus and Junkmail Pro. At the moment we use on single $default$.junkmail file with the same settings for all hosts. Now a customer asked us if we can block mails from certain sender addresses directed to his own virt.host. What's the best way to do this? Imail? JM Blacklist? Separate JM Action file? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist file?
Recently, I attempted to add a WHITELIST entry to the Global.cfg, but accidently mistyped whitelist. This appeared to cause the entire .cfg file to stop working and effectively let all mail through unfiltered. That is quite unusual -- I'm not sure how a typo like that could prevent Declude JunkMail from working. If it sees a line WHITLIST IP 192.0.2.25, it would think that you are defining a test named WHITLIST, and just add a warning to the log file. To prevent this in the future, I was wondering if there's a way to reference a separate whitelist sender file in Global.cfg, similar to how a sender blacklist file can be configured. This can be done with the new WHITELISTFILE option in 1.75 -- it isn't listed in the manual yet (soon!), but searching the Declude JunkMail mailing list archives for WHITELISTFILE should bring up references to it. Also, is there any updates in the works to prevent one bad config line from wrecking the system? Yes -- we've been doing that for years. :) If you can send me the config file (or line) that was causing this problem, we can investigate to see why it happened. If you don't have it anymore, unfortunately there isn't much that we can do. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Process Tree
Can someone give me the order(IMAIL/DECLUDE JM/DECLUDE VIRUS) in which an email is processed? I have Imail rules which 'I think' are setup properly: B~(name=.*\.pif\s|name=.*\.exe\s|name=.*\.lnk\s):NUL B~(begin 6.*\.pif\s|begin 6.*\.exe\s|begin 6.*\.lnk\s):NUL but I still see these emails in the Virus directory. Should'nt an email that get routed to NUL never get to declude? TIA Robert --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filtering (Pro version)
On the Filtering (Pro version) - create your own filters, similar to the filters in IMail, 1. Is there a space character like iMail filters (/s) For example: BODY 3 CONTAINS /ssex/s 2. Realistically, how many rules can you put in a filter file. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPNOTINMX
I get a ton of spam that is marked with the IPNOTINMX. What is the best way to block this? The best way is NOT to block it. The IPNOTINMX test will indeed catch a lot of spam, but it will also catch a lot of legitimate E-mail. Normally, it should be used to help legitimate E-mail (with the test definition ending in 0 -3 or something similar). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DLAnalyzer Reporting Tool
Yesterday we received a lot of positive feedback on the reporting tool. We have since released a new beta incorporating in some of the suggestions we have received. In addition to fixing a few issues related to the non-rfc compliant email that was being generated. There are going to be a lot of beta's released over the next couple weeks due to the suggestions we have been receiving. If you would like to be on a notification list when new beta's are released let us know. Darrell [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS/mail guru?
They need a DNS 'A' record for their mail servers HELO line which you did not include. And they need to setup a Reverse DNS entry for 209.83.72.234. They need to have whom ever is hosting there DNS about a reverse dns entry, a quick check on DNS stuff shows the ip belonging to Silver Star Industries NLG-RAD-72-232 (NET-209-83-72-232-1) 209.83.72.232 - 209.83.72.239 I would start with their contact at their ISP or their IT person to findout who controls the DNS records and have them fix the issues. Here is additional info about Siver Star, CustName: Silver Star Industries Address:122 HYW 25 NE City: Brainerd StateProv: MN PostalCode: 56401 Country:US RegDate:1999-06-08 Updated:1999-06-08 NetRange: 209.83.72.232 - 209.83.72.239 CIDR: 209.83.72.232/29 NetName:NLG-RAD-72-232 NetHandle: NET-209-83-72-232-1 Parent: NET-209-83-0-0-1 NetType:Reassigned Comment: RegDate:1999-06-08 Updated:1999-06-08 TechHandle: NA16-ORG-ARIN TechName: Norlight Telecommunications, Inc. TechPhone: +1-262-792-9700 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: NAA4-ARIN OrgAbuseName: Norlight Abuse account OrgAbusePhone: +1-800-876-7842 OrgAbuseEmail: [EMAIL PROTECTED] OrgNOCHandle: NMC2-ARIN OrgNOCName: Network Management Center OrgNOCPhone: +1-800-876-7842 OrgNOCEmail: [EMAIL PROTECTED] OrgTechHandle: HR201-ARIN OrgTechName: Ryu, Hyunseog OrgTechPhone: +1-262-792-7965 OrgTechEmail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Harlan Young Sent: Wednesday, August 13, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] DNS/mail guru? We host a web site for a client who hosts and runs their own mail server. Their mail to me fails as following: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 209.83.72.234 with no reverse DNS entry. X-Declude-Sender: [EMAIL PROTECTED] [209.83.72.234] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: HELOBOGUS, IPNOTINMX, REVDNS, WEIGHT10 [10] They would like to set their server up properly. Who can I steer them to? Thanks, Harlan Young I Like It Like That, Inc. Pequot Lakes, MN 56472 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ebay and Spamdomians
What is the LA? - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 4:30 PM Subject: RE: [Declude.JunkMail] Ebay and Spamdomians Sending messages from a hotmail address but not through a hotmail server may not be allowed under the LA. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Paul Navarre Sent: Wednesday, August 06, 2003 1:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Ebay and Spamdomians I've been surprised at everyone waxing poetic over the spamdomains test. I have had to give this test very little wieght because we constantly get legitimate mail from spam domain addresses, but sent through other servers. For example, I see a ton of legitimate email from hotmail but where the sender sent it presumably through their work server. That's not a knock against Declude. The test works as advertised, and I do use it. I just have to give it very little weight. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. === This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPBYPASS not working
I am using the HOP 1 setting and recently tried to use the IPBYPASS and found it did not work for me either. Declude was still using the servers I had listed as bypass for its tests. I have two separate internet connections with a NAV SMTP Gateway on each forwarding to IMail. I entered an ipbypass for each of the servers. HOP 1 had been working so when I saw IPBYPASS was messing up my tests I just went back to HOP 1 and didn't think much about it. Normally, we recommend using HOP 0 (the default setting), and using IPBYPASS lines for each backup/gateway. The HOP setting should only be used in cases where there will *always* be one or more hops before the IMail server (for example, if you have 2 gateways, and the MX record points to those 2 gateways, and not the IMail server, *and* nobody will connect directly to the IMail server to send outgoing E-mail). The HOP setting will often cause confusion. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Ebay and Spamdomians
I searched but with so many emails regarding SPAMDOMAINS I could not find the answer. I know it was discussed a few weeks ago about email coming from Ebay and legit greeting card sites that use the senders email address. Email from domains in the SD get bounced. Any ideas? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] What's a q*.gmd spool file?
I found a few messages like this, all of which were received, then the IMail smtpd service was administratively stopped and started, and when the messages were delivered inbound, they had a .GMD extension instead of .SMD I didn't find any mention of this in either the Mail Archives or the Ipswitch IMail support archive. The only reference I could find to a .GMD file didn't have any information about it. This would probably be best asked on the IMail Forum. My guess is that it is part of a feature recently added to IMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS/mail guru?
We host a web site for a client who hosts and runs their own mail server. Their mail to me fails as following: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 209.83.72.234 with no reverse DNS entry. X-Declude-Sender: [EMAIL PROTECTED] [209.83.72.234] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: HELOBOGUS, IPNOTINMX, REVDNS, WEIGHT10 [10] They would like to set their server up properly. Who can I steer them to? There are two problems here. The first is that the IP address of their mailserver (at 209.83.72.234) is missing a reverse DNS entry (see http://www.dnsstuff.com/tools/ptr.ch?ip=209.83.72.234 -- the norlight.net nameservers need to have the reverse DNS entry listed). The second problem is that their mailserver is identifying itself improperly. Without the Received: header that IMail added (or the HELO or EHLO log file entry), I can't say what name their mailserver is claiming to be. However, whatever name it is does not exist in DNS (there needs to be either an MX or A record for it). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] RBL Question
I saw the below message on the forum: -BEGIN QUOTE--- For a long time the SBL has been available either directly from Spamhaus (as sbl.spamhaus.org) or via 3rd party composite zones such as relays.osirusoft.com (as spamhaus.relays.osirusoft.com) and blackholes.easynet.nl which import SBL data from Spamhaus. This distribution is now changing. In order to better manage SBL logistics, DNSBL zone and query traffic, from Monday 11 August 2003 the SBL should only be available from sbl.spamhaus.org. The fact the SBL was available from multiple DNSBLs was causing some confusion, plus other small factors (such as the different zones having different build times - which for example meant that we'd tell someone an IP had been removed, but they'd contact us a few hours later to say it was still blocked), plus the likely emergence of further composite lists which may add confusion, meant that it was time to make a change now rather than in a year or two. So, if you are not using sbl.spamhaus.org but would like to continue using the SBL, please add sbl.spamhaus.org to your mail server's DNSBL list. ---END QUOTE I use OSSOFT and OSSRC in my global file, what should I alter to pickup just the sbl.spamhaus.org database? Thanks for the aid. Keith Johnson
RE : [Declude.JunkMail] BADHEADERS Question
Do you know also how to fix too that with ASPMAil ? Upgrading ASPMail to the latest version should take care of the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Is your E-mail blocked by AOL?
Wednesday, August 13, 2003, 9:12:05 PM, you wrote: RSP I'm trying to gather some information about small businesses whose E-mail RSP is being blocked by AOL (as well as information on small businesses using RSP cable or DSL that are *not* being blocked). RSP If your E-mail is being blocked by AOL (or you are not being blocked by RSP AOL, and use cable or DSL), could you please E-mail me (off-list, to RSP [EMAIL PROTECTED])? If possible, I would be interested in knowing: Hi Scott. We have one client who is getting a user unknown error. Here is the fun part. I can send an email from one machine with one email [EMAIL PROTECTED] address and it's working fine, we can contact the person no problem. I can go to another machine on the same network, use a different email address [EMAIL PROTECTED] and email the same person and it gets bounced with a user unknown error. High speed cable modem connection to the net on both machine, Outlook 2000 same version on both machines. I contacted AOL and here was the response: --- Hello! My name is Rye from America Online Technical Department. I understand you have concern about e-mail returned to you with an error message from America Online (AOL). I would like to apologize for the inconvenience this has caused you. ABOUT E-MAIL RETURNED WITH ERROR MESSAGES The message is an automated response from AOL. The message means an intended recipient of the e-mail is a Screen Name that does not exist: either the account is closed, or the Screen Name is misspelled or there might have been system difficulties. TO RESOLVE THE ISSUE, PLEASE REFER TO THE INFORMATION BELOW: AOL allows members the option to block incoming e-mail with the Mail Controls feature. It is possible that the AOL member has blocked their mailbox from receiving Internet e-mail. America Online values the privacy of all AOL members. AOL members can select the type of e-mail they receive. If you feel your e-mail address may have been blocked in error, please contact the recipient through other means to resolve the issue. For more information, please visit the AOL Postmaster Web site: http://members.aol.com/postmaster Please feel free to write back for any inquiries, comments or suggestions and I will be more than happy to assist you. Have a great day and take care! :-) I gave them the same info I just told you. Glad I am not an AOL customer :-) -- Cheers Mark ProNet 22A Colborne Street West Orillia, Ontario L3V 2Y3 ph: [705] 329-3949 fx: [705] 327-9880 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
Hi, Paul, I don't delete on any one test. But currently any e-mail messages that have an overall weight of 50 get deleted automatically. This is based on the default scoring system for DJM and a few 10 point tests of my own. I've never seen a legit message with a weight that high. I've been doing more analysis and I'm hoping within 2 weeks to have my delete weight pushed down to 40. Dan - Original Message - From: paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 11, 2003 2:53 PM Subject: Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS) In almost all cases, this is a situation where someone thought it would be cool to tweak a setting that they weren't familiar with (Gee, Split attachments into multiple E-mails probably will make my E-mail faster!, they think). Heh, in our case it would be Hey, good way to get your message deleted. =) I've been deleting the Vulnerabilities, and more than 95% have all been SPAM, only 1 person I've spoken with to correct this problem ever complained, and as Scott mentioned, he thought it was to help speed up delivery. I just explained that ANY potential threat to our users is taken seriously, and we'll not risk the whole for someone too lazy to fix their mail. He fixed his problem. =) What about the rest on the list? Do you delete vulnerabilities? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RPC Vulnerability
I have noticed a problem with the symantec instructions. It does not have a procedure for protecting the machine while doing the critical updates and the updates for the virus sigs! When the user reconnects to the internet they get re-infected before being able to complete the updates. A few suggestions. 1. If not XP or there is not a firewall available on the machine. a. Install a firewall package on the machine to block port 139. b. Do the updates behind a router so the machine will not get re-infected 2. If XP turn on the Internet Connection Firewall feature and add a block for port 139 Once this is complete then the user can continue to update their machine without getting re-infected. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Terry Parks Sent: Monday, August 11, 2003 6:04 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] RPC Vulnerability This might be of use: Here is a link to the full page with this information on it: http://www.microsoft.com/technet/treeview/default.asp?url=/technet /security/ bulletin/MS03-026.asp Subject: Fix for the RPC and NT Authority Shutdown Body: This is the Fix for the NT Authority Shutdown, please follow the link that corresponds with your operating system. -Windows 2000 http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541 -4C15-8C9F -220354449117displaylang=en Windows XP 32 bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6 -44AC-9532 -3DE40F69C074displaylang=en Terry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Richard Farris Sent: Monday, August 11, 2003 5:47 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] RPC Vulnerability Does anyone know of a fix once a customer is experiecing this problem and how are they getting it...we have updated our F-Prot and are locking down our routers now.. The message says RPC terminated unexpectedly and is shutting down Windows in 60 seconds.. Richard Farris Ethixs Online 1.800.548.3877 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 11, 2003 2:58 PM Subject: RE: [Declude.JunkMail] GSC Files -Original Message- Any idea when the next release will be availabel??? No idea at this point. However, as soon as the feature is added, we will have an interim release for people who need the feature as soon as possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Surfside Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
Hi Matt, MR So, since I can't find this setting in Outlook XP I'm going to assume MR its due to an old copy of Outlook 97 or somesuch. Or am I wrong about MR that? well, I didn't see it in XP version (outlook 2002) but I could have missed it I guess. But, I did see it in Outlook 2000... so, it's there and maybe in earlier versions. -j --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
Interesting. I've been using email since FidoNet but never messed with that. Ignorance truly is bliss :D So, since I can't find this setting in Outlook XP I'm going to assume its due to an old copy of Outlook 97 or somesuch. Or am I wrong about that? --Matt-- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS Question
Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
Hi, Declude is catching all of the MS Outlook attachments due to vulnerability issue. How can desensitize the scan? Thank you. --- [This E-mail scanned for viruses by Friend.ly.net.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] capturing one email address
I have an email address that belongs to a domain we gate for that we would like to capture the email. Is there a way I could use Declude Junkmail to capture that specific email address ([EMAIL PROTECTED]) to attach it to me so we could look at it? In this case, the COPYTO action could be used (if you are using the Pro version). To do this, you could either create a per-user configuration file for the user with a line CATCHALLMAILS COPYTO [EMAIL PROTECTED]. Or, you could create a filter test with a line ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] (and then use MYFILTER COPYTO [EMAIL PROTECTED]). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPBYPASS not working
Scott, The question here is What do you want IPBYPASS to do? We are using TrendMicro's VirusWall in front of our IMail server. It's SMTP service appears to gateway a tcp connection between the sending and receiving mail servers. Therefore, IMail sees incoming connections with the sending server representing itself with its configured host name but with the IP address of the gateway. I have configured Declude (1.75) to IPBYPASS that address, but the SPAMDOMAINS test always fails. Are my expectations unrealistic considering my environment, or is SPAMDOMAINS not honoring IPBYPASS? -- Topology: Internet - Firewall [(NAT) 208.20.231.2 - 10.0.0.2] - TrendMicro VirusWall [10.0.0.14] - Declude-IMail [10.0.0.4] -- Headers: Received: from web80703.mail.yahoo.com [10.0.0.14] by email.meridiancg.com (SMTPD32-8.00) id AD711A3011C; Wed, 06 Aug 2003 09:06:57 -0400 Message-ID: [EMAIL PROTECTED] Received: from [208.20.231.2] by web80703.mail.yahoo.com via HTTP; Wed, 06 Aug 2003 06:09:53 PDT Date: Wed, 6 Aug 2003 06:09:53 -0700 (PDT) From: Thomas Kishel [EMAIL PROTECTED] Subject: Test -- Declude Log: 08/06/2003 09:06:59 Qfd7101a3011ca7cd Msg failed SPAMDOMAINS (Spamdomain 'yahoo.com' found: Address of [EMAIL PROTECTED] sent from invalid .). Action=LOG. 08/06/2003 09:06:59 Qfd7101a3011ca7cd Subject: Test 08/06/2003 09:06:59 Qfd7101a3011ca7cd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 10.0.0.14 ID: -- IMail Log: SMTPD (01A3011C) [10.0.0.4] connect 10.0.0.14 port 42167 SMTPD (01A3011C) [10.0.0.14] HELO web80703.mail.yahoo.com SMTPD (01A3011C) [10.0.0.14] MAIL FROM:[EMAIL PROTECTED] SMTPD (01A3011C) [10.0.0.14] RCPT TO:[EMAIL PROTECTED] -- Thomas Kishel, Department Head - Systems Larson Texts, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist file?
Just run declude -diag Cheers, Adrian Agid, Corby wrote: Indeed I also had some blank whitelist from lines to make it easier to cut and paste new entries, without retyping another entry. I cleaned those out at the same time that I fixed the misspelled line. I searched through the archives for the WHITELISTFILE and found many postings about the option, but so far haven't found one that shows the syntax. Perhaps it's time for a manual entry:) I'll get the latest version, which I thought I had. How to tell which version is currently running? C -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 1:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Whitelist file? Below is a snippet from the log file from that day. I had attempted to whilelist adp.com. Every incoming message had the same result. 07/26/2003 00:10:39 Q2969017b00f264ed E-mail whitelisted - automatically passing all spam tests [] Ah -- I see what happened. It looks like you had a line such as WHITELIST IP or WHITELIST FROM, that didn't contain any information to whitelist on. v1.75 takes care of this (previous versions would do as they were told, and would whitelist any E-mails with appearing in the IP, or appearing in the return address -- which would end up whitelisting all E-mail). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability From: [EMAIL PROTECTED] To: %ALLRECIPS%,[EMAIL PROTECTED] Subject: We blocked an e-mail sent to you! Delivery blocked: %ALLRECIPS% The mail server for %LOCALHOST% scans each e-mail for Viruses, SPAM (Junk Mail) and e-mail vulnerabilities. We caught an e-mail addressed to you that is formatted with %VIRUSNAME%, and have quarantined it for your protection. If you recognize the below information as a valid e-mail that you want or should have received, please let us know. Otherwise, the e-mail will be deleted after 3 days. FROM: %MAILFROM% TO: %ALLRECIPS% SUBJECT: %SUBJECT% Remote IP: %REMOTEIP% DATE: %DATE% @ %TIME% SPOOL FILE: %QUEUENAME% Headers of the e-mail in question: %HEADERS% John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Monday, August 11, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS) John. Would you mind sharing the vulnerability.eml message. Thanks - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 11, 2003 2:31 PM Subject: RE: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS) I have Declude send out a vulnerablility.eml message. If the receiver recognizes it, he replies and I put the files back into the spool folder letting them know to have the sender fix the problem. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of paul Sent: Monday, August 11, 2003 11:53 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS) In almost all cases, this is a situation where someone thought it would be cool to tweak a setting that they weren't familiar with (Gee, Split attachments into multiple E-mails probably will make my E-mail faster!, they think). Heh, in our case it would be Hey, good way to get your message deleted. =) I've been deleting the Vulnerabilities, and more than 95% have all been SPAM, only 1 person I've spoken with to correct this problem ever complained, and as Scott mentioned, he thought it was to help speed up delivery. I just explained that ANY potential threat to our users is taken seriously, and we'll not risk the whole for someone too lazy to fix their mail. He fixed his problem. =) What about the rest on the list? Do you delete vulnerabilities? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RPC Vulnerability
This might be of use: Here is a link to the full page with this information on it: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ bulletin/MS03-026.asp Subject: Fix for the RPC and NT Authority Shutdown Body: This is the Fix for the NT Authority Shutdown, please follow the link that corresponds with your operating system. -Windows 2000 http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F -220354449117displaylang=en Windows XP 32 bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=2354406C-C5B6-44AC-9532 -3DE40F69C074displaylang=en Terry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Richard Farris Sent: Monday, August 11, 2003 5:47 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] RPC Vulnerability Does anyone know of a fix once a customer is experiecing this problem and how are they getting it...we have updated our F-Prot and are locking down our routers now.. The message says RPC terminated unexpectedly and is shutting down Windows in 60 seconds.. Richard Farris Ethixs Online 1.800.548.3877 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 11, 2003 2:58 PM Subject: RE: [Declude.JunkMail] GSC Files -Original Message- Any idea when the next release will be availabel??? No idea at this point. However, as soon as the feature is added, we will have an interim release for people who need the feature as soon as possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Surfside Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
Declude is catching all of the MS Outlook attachments due to vulnerability issue. How can desensitize the scan? That's Declude Virus that is doing it -- and you need to desensitize Outlook, not Declude Virus. :) We're not aware of any vulnerabilities that are generating false positives. Which vulnerability is it? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Just confirming syntax for whitelist.
Is this correct for my global.cfg? WHITELISTIP ipfile C:\IMail\Declude\whiteip.txtx -99 0 And for the syntax for the whiteip.txt file will this work? 63.126.244.0/24 Nathan Fouarge --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and W2003
What do you mean AutoWhitelist? Is this a declude product or custom script? I think he is referring to the add-on product for Declude JunkMail. www.eservicesforyou.com/products/autowhite.html John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Discrepancies in New GLOBAL.CFG
Hi, Philip, What's life like in the near future? Does everyone have a flying car yet? That's my (not so) subtle way of saying your date/time stamp is way off. Just thought you should know. Take Care, Dan - Original Message - From: Phillip B. Holmes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 11:55 AM Subject: RE: [Declude.JunkMail] Discrepancies in New GLOBAL.CFG OSSRC is still in GLOBAL.CFG but it has been commented out and moved to the Not Commonly Used section. Does anyone know why this was changed? It also still seems to be a valid test and it's not a pay service so I don't understand the move. The reason for that is that the OSSRC test is the same as SPEWS, and SPEWS intentionally lists lots of legitimate mailservers, and makes it nearly impossible for them to get out. -Scott --- - Scott, I had a problem with SPEWS a while back. But after doing a little research on NANAE, I realized that the SPEWS strategy is to block the spammer first. If the ISP does not do anything about the spammer, they expand the block to include more subnets. This usually gets the ISP's attention and they boot the spammer. Then and only then is block is removed. Agree with it or not, it is an effective strategy. Best Regards, Sr.Consultant / Phillip B. Holmes Media Resolutions Inc. Macromedia Alliance Partner http://www.mediares.com [EMAIL PROTECTED] 1-888-395-4678 |Ext. 101 972-889-0201 |Ext. 101 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. === This E-mail is scanned and free from viruses. www.nexustechgroup.com This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test No Messages
Too many people dealing with the msblast virus to complain about getting spam... :) Isn't THAT the truth sheesh. And what's even funnier, is the # of machines I've cleaned that have HAD the update sitting, waiting to be installed ARGH! What's updates ready to install mean? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAM Volume
FS Is it just me or has anyone else noticed a large increase in the volume FS of SPAM over the last two days? Nope, not particularly high. Actually, it's back to normal, because we saw a lull last week. My poor little server suffers from a backlog during our peak hours; to manage the contention for the CPU time, I reduced the number of connections in IMail, which Declude obeys to restrict the number of copies that can be running (Declude instances are the the busiest processes I have on this box). I dropped it a few at a time until the age of files in the overflow directory was manageable. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Ebay and Spamdomians
Sending messages from a hotmail address but not through a hotmail server may not be allowed under the LA. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Paul Navarre Sent: Wednesday, August 06, 2003 1:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Ebay and Spamdomians I've been surprised at everyone waxing poetic over the spamdomains test. I have had to give this test very little wieght because we constantly get legitimate mail from spam domain addresses, but sent through other servers. For example, I see a ton of legitimate email from hotmail but where the sender sent it presumably through their work server. That's not a knock against Declude. The test works as advertised, and I do use it. I just have to give it very little weight. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RPC Vulnerability
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.htm l Nathan Fouarge Amberwave Communications 114 N Dodge Algona, IA 50511 515-295-6900 x33 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Monday, August 11, 2003 7:47 PM To: [EMAIL PROTECTED] Does anyone know of a fix once a customer is experiecing this problem and how are they getting it...we have updated our F-Prot and are locking down our routers now.. The message says RPC terminated unexpectedly and is shutting down Windows in 60 seconds.. Richard Farris Ethixs Online 1.800.548.3877 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 11, 2003 2:58 PM Subject: RE: [Declude.JunkMail] GSC Files -Original Message- Any idea when the next release will be availabel??? No idea at this point. However, as soon as the feature is added, we will have an interim release for people who need the feature as soon as possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPBYPASS not working
I am using the HOP 1 setting and recently tried to use the IPBYPASS and found it did not work for me either. Declude was still using the servers I had listed as bypass for its tests. I have two separate internet connections with a NAV SMTP Gateway on each forwarding to IMail. I entered an ipbypass for each of the servers. HOP 1 had been working so when I saw IPBYPASS was messing up my tests I just went back to HOP 1 and didn't think much about it. I have used IPBYPASS successfully in the past but went back to HOP 1 because I was moving some things around HOP was simpler. Todd - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 9:20 AM Subject: Re: [Declude.JunkMail] IPBYPASS not working We are using TrendMicro's VirusWall in front of our IMail server. It's SMTP service appears to gateway a tcp connection between the sending and receiving mail servers. Therefore, IMail sees incoming connections with the sending server representing itself with its configured host name but with the IP address of the gateway. I have configured Declude (1.75) to IPBYPASS that address, but the SPAMDOMAINS test always fails. Unfortunately, it seems that VirusWall is broken (not RFC-compliant), and will need to be fixed. Most likely, upgrading it will take care of the problem. Are my expectations unrealistic considering my environment, or is SPAMDOMAINS not honoring IPBYPASS? The problem is that VirusWall is spammer friendly (it anonymizes the IP address of the sender of the E-mail, so it is impossible to track down the sender, except perhaps by looking at the VirusWall log file). Since VirusWall doesn't record the IP that connected to it in the headers of the E-mail, it's impossible to know the true source. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and W2003
Running W2003 Enterprise Imail 7.15 with Declude 7.15i2 HJ, JM, V (all pro versions) F-Prot. Runs like a Swiss watch (now that we figured out the bulk of the Spool mess and added dedicated DNS servers). W2003 is Super Stable for us. Still haven't pinpointed the remainder of the Spool issue but are making definite progress. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan Sent: Monday, August 11, 2003 4:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Declude and W2003 No... We have been running for several months are all run very well. - Win 2003 Standard Edition - IMail 8.1 - Declude JM Virus - AutoWhitelist - F-Prot - AVG Runs smoothly... Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Barnett Sent: Monday, August 11, 2003 6:38 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Declude and W2003 Are there any issues that anyone knows about with Declude and W2003? Thx MB --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Surfside Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and W2003
At 07:25 PM 8/11/2003 -0400, Kami Razvan wrote: No... We have been running for several months are all run very well. - Win 2003 Standard Edition - IMail 8.1 - Declude JM Virus - AutoWhitelist What do you mean AutoWhitelist? Is this a declude product or custom script? Thanks. - F-Prot - AVG Runs smoothly... Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Barnett Sent: Monday, August 11, 2003 6:38 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Declude and W2003 Are there any issues that anyone knows about with Declude and W2003? Thx MB --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by friend.ly.net.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Link obfuscation in e-mail body
Will Declude see viphosts.net in the below obfuscated URL, when it is in the body of the e-mail? A Href=http://[EMAIL PROTECTED]#105;p#104;o#115;t#115;.net/cws.htm?jid=32022 title=GKjBK Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filtering (Pro version)
We are not that big yet, but are getting there on the filters. On the other hand, our server is not as robust as the big guys (and our mail volume would not justify upgrading). I moved most of the blacklists (fromfile) entries into the kill list for IMAIL, just because these seemed to catch about 1/3 of our spam emails. The rest are run thru the filters and end up being 80% spam. One of the hazards of the same email addresses for 8 years, I suppose. However, setting up free accounts elsewhere usually results in 20-30 spam per day within a few weeks, even if the account is never given out to anyone. I believe Kami moved most of his ip4r tests into imail also, don't know if that helped his performance. K -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan Sent: Wednesday, August 13, 2003 3:28 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Filtering (Pro version) Hi; Just to give you an idea... We have over 20 or so filter files and most have over 1,000 lines.. 2 of the filter files have about 4,000 lines in them. URL's found in body: 3,890 lines Blacklist in body: 3,458 lines Blacklist in header: 4,458 lines There is some performance degradation but the server handles it well so we are not concerned with it. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, August 13, 2003 3:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Filtering (Pro version) On the Filtering (Pro version) - create your own filters, similar to the filters in IMail, 1. Is there a space character like iMail filters (/s) For example: BODY 3 CONTAINS /ssex/s No, there is not. If you have a space before the search string, it will be ignored (otherwise, it won't know where the search string starts). If you have a space after the search string, Declude JunkMail will look for it. So BODY 3 CONTAINS sex would look for sex (sex with one space after it). 2. Realistically, how many rules can you put in a filter file. Technically, you can have an unlimited number. However, each filter line will use up extra CPU time (the BODY and ANYWHERE filter types use the most CPU time). We do have people with thousands of lines in their filter files. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] strange DNS failures
Saturday, August 9, 2003, 7:12:51 PM, Omar K. wrote: Could it be a timeout issue because of some network failure? I doubt it ... the DNS Server and Imail/Declude all reside on the same machine. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] I am kinda confused.
I keep getting spam mails that should be caught The emails are kind of weird. The goto a postmaster alias on a different domain, then goto our abuse alias, then finally goes to two people, me and another person. That's probably the problem. In this case, IMail translates the first alias, so you would need the per-user settings to be for the abuse alias. I have a personalized .junkmail file that says: The problem is that IMail tells Declude JunkMail The intended address was postmaster@, but the real address is [EMAIL PROTECTED] IMail does not tell Declude JunkMail about the other aliases/forwards. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] empty Reverse-Path
Hello,Does preventing empty Reverse-Path violate current standards?Bennie
[Declude.JunkMail] Interesting spam...
Title: Message Hi; I just saw a spam that I think we all need to block... = Important notice We have just charged your credit card for money laundry service in amount of $234.65 (because you are either child pornography webmaster or deal with dirty money, which require us to layndry them and then send to your checking account). If you feel this transaction was made by our mistake, please press "No". If you confirm this transaction, please press "Yes" and fill in the form below. Enter your credit card number here: Enter your credit card expiration date: Contacts: Phone: +5982 902 5627 Fax: +5982 902 3114 E-mail: [EMAIL PROTECTED] ICQ: 156746629 == It should be interesting to see variations of this .. Regards, Kami
RE: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
I've always wondered about this. So how do you desensitize Outlook? i.e. tell it not to break apart attachments as John posted? In exactly the same way that it became broken in the first place. :) Assuming that the problem is the Partial Vulnerability, the reason it started occurring is because someone is running a version of Outlook that allows attachments to be split into multiple E-mails (something that was used back when most mailservers limited E-mail to 50K each). All they need to do is switch back to the default setting of not splitting up the attachments among multiple E-mails. In almost all cases, this is a situation where someone thought it would be cool to tweak a setting that they weren't familiar with (Gee, Split attachments into multiple E-mails probably will make my E-mail faster!, they think). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Question
Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. Why would I need to upgrade my mail client? Because most people don't like running broken software on their servers. Most likely, you're running a beta version of the software involved. It's a ColdFusion page that's sending the email, by the way. AH! That explains the problem. http://www.mail-archive.com/[EMAIL PROTECTED]/msg00661.html covers getting CF not to fail the SPAMHEADERS test. Most likely, another broken part of CF (a bogus HELO/EHLO) is causing IMail to add a broken header (since IMail generates the header on the assumption that the HELO/EHLO information is valid), causing it to fail the BADHEADERS test. But, that problem will actually go away with the information at the above URL (since CF will add the header that IMail was adding). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam volume
We have been tuning our Declude over the past couple months. We have added some of the new tests and also started using Spamcheck. So far this month we have held over 17k spam emails in less than 14 days. Last month we held 24k spam emails for the entire month. That means on average we were filtering 775/day in July and over 1,215/day in August. The tuning and Spamcheck have helped catch a lot more spam.But there is no doubt we have seen an increase in the volume recently also. Todd Hunter Progressive Systems
RE: [Declude.JunkMail] Filtering (Pro version)
Hi; Just to give you an idea... We have over 20 or so filter files and most have over 1,000 lines.. 2 of the filter files have about 4,000 lines in them. URL's found in body: 3,890 lines Blacklist in body: 3,458 lines Blacklist in header: 4,458 lines There is some performance degradation but the server handles it well so we are not concerned with it. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, August 13, 2003 3:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Filtering (Pro version) On the Filtering (Pro version) - create your own filters, similar to the filters in IMail, 1. Is there a space character like iMail filters (/s) For example: BODY 3 CONTAINS /ssex/s No, there is not. If you have a space before the search string, it will be ignored (otherwise, it won't know where the search string starts). If you have a space after the search string, Declude JunkMail will look for it. So BODY 3 CONTAINS sex would look for sex (sex with one space after it). 2. Realistically, how many rules can you put in a filter file. Technically, you can have an unlimited number. However, each filter line will use up extra CPU time (the BODY and ANYWHERE filter types use the most CPU time). We do have people with thousands of lines in their filter files. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering (Pro version)
On the Filtering (Pro version) - create your own filters, similar to the filters in IMail, 1. Is there a space character like iMail filters (/s) For example: BODY 3 CONTAINS /ssex/s No, there is not. If you have a space before the search string, it will be ignored (otherwise, it won't know where the search string starts). If you have a space after the search string, Declude JunkMail will look for it. So BODY 3 CONTAINS sex would look for sex (sex with one space after it). 2. Realistically, how many rules can you put in a filter file. Technically, you can have an unlimited number. However, each filter line will use up extra CPU time (the BODY and ANYWHERE filter types use the most CPU time). We do have people with thousands of lines in their filter files. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test No Messages
Too many people dealing with the msblast virus to complain about getting spam... :) Nathan Fouarge Amberwave Communications 114 N Dodge Algona, IA 50511 515-295-6900 x33 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Wednesday, August 13, 2003 12:40 PM To: JunkMail Declude I have not received a message from the list in about 15 hours. This is a test message Kevin Bilbee Network Administrator Standard Abrasives, Inc. Changing the way industry works. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
I have Declude send out a vulnerablility.eml message. If the receiver recognizes it, he replies and I put the files back into the spool folder letting them know to have the sender fix the problem. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of paul Sent: Monday, August 11, 2003 11:53 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS) In almost all cases, this is a situation where someone thought it would be cool to tweak a setting that they weren't familiar with (Gee, Split attachments into multiple E-mails probably will make my E-mail faster!, they think). Heh, in our case it would be Hey, good way to get your message deleted. =) I've been deleting the Vulnerabilities, and more than 95% have all been SPAM, only 1 person I've spoken with to correct this problem ever complained, and as Scott mentioned, he thought it was to help speed up delivery. I just explained that ANY potential threat to our users is taken seriously, and we'll not risk the whole for someone too lazy to fix their mail. He fixed his problem. =) What about the rest on the list? Do you delete vulnerabilities? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spamdomains
A few days ago I mentioned that I've had to reduce the weight I give to the spamdomains test drastically due to false positives. Here is an example of the type of thing I am running into: ... Again, this isn't a criticism. I just wanted to show what is happening in the real world. Just a few notes here: [1] The SPAMDOMAINS test should not be set up so that failing the SPAMDOMAINS test alone will block an E-mail (for exactly the reason you describe -- there are some services that send out E-mail on behalf of others that may be using a Hotmail or similar E-mail address). [2] If an E-mail is caught and your SPAMDOMAINS test isn't weighted heavily enough to block the E-mail on its own, then the problem often lies with the sender. If someone is going to be sending out E-mail on behalf of their customers (such as Kodak and eBay), they need to make sure that their mailserver is set up perfectly. While it may be acceptable for a small company to have some problems with their mailserver (such as no reverse DNS entry), it isn't acceptable for a company the size of Kodak or eBay. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] RPC Vulnerability
Does anyone know of a fix once a customer is experiecing this problem and how are they getting it...we have updated our F-Prot and are locking down our routers now.. The message says RPC terminated unexpectedly and is shutting down Windows in 60 seconds.. Richard Farris Ethixs Online 1.800.548.3877 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 11, 2003 2:58 PM Subject: RE: [Declude.JunkMail] GSC Files -Original Message- Any idea when the next release will be availabel??? No idea at this point. However, as soon as the feature is added, we will have an interim release for people who need the feature as soon as possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude and W2003
Are there any issues that anyone knows about with Declude and W2003? Thx MB --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] GSC Files
-Original Message- Any idea when the next release will be availabel??? No idea at this point. However, as soon as the feature is added, we will have an interim release for people who need the feature as soon as possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
I'm seeing a lot of these: 08/11/2003 00:05:37 Q1610005b050c0a12 Outlook 'CR' vulnerability [From: vi] in line 7 08/11/2003 02:12:51 Q33e12758026284fb File(s) are INFECTED [[Outlook 'Blank Folding' Vulnerability]: 0] The 'CR' are messages that do not have attachements. The 'CR' vulnerability occurs when there is a long CR character (carriage return) in the E-mail headers, which the RFCs do not allow (and causes a vulnerability, so Declude Virus has to quarantine the E-mail). As usual, upgrading the broken mail client normally fixes the problem. The Blank Folding vulnerability is a bit different (it occurs when there is a line in the header with just a single space or tab and nothing else; this is technically valid but never necessary, and causes a vulnerability). Upgrading the mail client should fix this, as well. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
quarantine, quick san once a month and have only rescued one -- rest to the bit bucket. Most don't even have correctly spelled subject lines. -Original Message- From: paul What about the rest on the list? Do you delete vulnerabilities? --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
I don't delete on any one test. But currently any e-mail messages that have an overall weight of 50 get deleted automatically. But that's using junkmail. I'm talking Declude Virus. There's no weights in virus scanning, it is or it isn't. Some people ignore the vulnerability detections, others, like me, delete them, some HOLD for review. They may not be viruses now, but COULD be in the future. But you are right about junkmail tests, you shouldn't delete mail on one test alone. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] dial up users at qwest
What a mess! Aside from buying AutoWhite, does anyone have a suggestion for letting mail in from valid dial up users at Qwest, while still keeping out the spammers? SPAMDOMAINS may be appropriate here, to reward a person from qwest who actually says they're from qwest... e.g. Received: from mpls-qmqp-04.inet.qwest.net [63.231.195.115] by mail.bentall.com (SMTPD32-7.13) id A48566011A; Thu, 07 Aug 2003 12:12:05 -0700 Received: (qmail 64848 invoked by uid 0); 7 Aug 2003 19:12:05 - Received: from mpls-pop-12.inet.qwest.net (63.231.195.12) by mpls-qmqp-04.inet.qwest.net with QMQP; 7 Aug 2003 19:12:05 - Received: from sttldslgw13poolc21.sttl.uswest.net (HELO mrlegit) (65.102.138.21) by mpls-pop-12.inet.qwest.net with SMTP; 7 Aug 2003 19:12:05 - Date: Thu, 7 Aug 2003 12:14:10 -0700 Message-ID: [EMAIL PROTECTED] From: Mr. Legitimate [EMAIL PROTECTED] Unfortunately for this and other users, the mail server subnet and the dial-up subnet are heavily blacklisted, and easily reached my HOLD weight. Andrew... --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Question
Interesting. Thanks for the info! Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, August 11, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BADHEADERS Question Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. Why would I need to upgrade my mail client? Because most people don't like running broken software on their servers. Most likely, you're running a beta version of the software involved. It's a ColdFusion page that's sending the email, by the way. AH! That explains the problem. http://www.mail-archive.com/[EMAIL PROTECTED]/msg00661.html covers getting CF not to fail the SPAMHEADERS test. Most likely, another broken part of CF (a bogus HELO/EHLO) is causing IMail to add a broken header (since IMail generates the header on the assumption that the HELO/EHLO information is valid), causing it to fail the BADHEADERS test. But, that problem will actually go away with the information at the above URL (since CF will add the header that IMail was adding). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fwd: Link obfuscation in e-mail body
FWIW, I just got one with the entire body obfuscated. This is a forwarded message From: Don Brown [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Friday, August 8, 2003, 2:34:55 PM Subject: Link obfuscation in e-mail body ==Original message text=== Will Declude see viphosts.net in the below obfuscated URL, when it is in the body of the e-mail? A Href=http://[EMAIL PROTECTED]#105;p#104;o#115;t#115;.net/cws.htm?jid=32022 title=GKjBK Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate ===End of original message text=== Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] strange DNS failures
That is unusual. Declude JunkMail should only fail the REVDNS test if it does get an answer from the DNS server, which says the reverse DNS entry does not exist (if there is a timeout, it should not fail the test). I agree .. and the DNS / Imail / Declude all reside on the same machine, so I would doubt if there were any type of timeouts getting the information. If this happens often, you could use the DEBUG mode (LOGLEVEL DEBUG), which records more details about the reverse DNS lookup in the log file. I'll have to keep that in mind. It only seems to happen once or twice a day if that ... very erratic. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamcop as reliable source?
Lately a reputable Listserv I belong to has begun failing the Spamcop test. I've whitelisted the domain, but it's got me wondering...is Spamcop a reliable source of spam, or would I do better by downgrading their weight. Currently I have Spamcop fails set to label subject as Spam regardless of the weight (the weight is 9). Usually, it's very reliable -- but certainly not completely reliable. The two main issues are [1] They will list a server when even a single spam report has occurred, and [2] In the case of lists, some people may decide that it is spam even if they did sign up for it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Ebay and Spamdomians
I'm glad I posted on this as I am realizing that I am not understanding exactly what is going on. When I had the spamdomains test set at 2/3s of the hold weight, I would find 4 or 5 legitimate messages a day held, with spamdomains putting each message over the top. Hi Paul I had the same problem here and solved it by setting up two different spamdomain tests. SPAMDOMAINS_H spamdomains E:\IMail\Declude\spamdomains_high.txt x 10 0 SPAMDOMAINS_L spamdomains E:\IMail\Declude\spamdomains_low.txt x 6 0 As you can see each of this test has his own text-file with the domains listed. I recommend to put first all the domains you actually have in the high-file. Now you can move domain per domain to the low-file if it has created a FP. Our current weight for the high file is 50% of the hold weight. For the low-file we give 30% of the hold weight. With this setting we have had not a single FP caused by the spamdomains-tests in the last 5 weeks. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Ebay and Spamdomians
License agreement. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You 626-737-6003 [EMAIL PROTECTED] www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Wednesday, August 06, 2003 1:40 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Ebay and Spamdomians What is the LA? - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 4:30 PM Subject: RE: [Declude.JunkMail] Ebay and Spamdomians Sending messages from a hotmail address but not through a hotmail server may not be allowed under the LA. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Paul Navarre Sent: Wednesday, August 06, 2003 1:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Ebay and Spamdomians I've been surprised at everyone waxing poetic over the spamdomains test. I have had to give this test very little wieght because we constantly get legitimate mail from spam domain addresses, but sent through other servers. For example, I see a ton of legitimate email from hotmail but where the sender sent it presumably through their work server. That's not a knock against Declude. The test works as advertised, and I do use it. I just have to give it very little weight. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. === This E-mail is scanned and free from viruses. www.nexustechgroup.com === = This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AVG emails bouncing?
We had a bad rule, it was removed yesterday. Sheldon, I hope you got my response by now. If not please let me know, also any others. Sorry for any confusion. _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Sheldon Koehler |Sent: Monday, August 04, 2003 2:29 PM |To: [EMAIL PROTECTED] |Subject: Re: [Declude.JunkMail] AVG emails bouncing? | | | In this case, you would really need to see at least the full bounce |message | (which would determine if IMail or Declude bounced the |E-mail, whether | it was a real bounce or a mailbox full bounce, etc.). | |Sniffer is the cause of the bounces and I have not had any |response from them on this. I hate to disable sniffer altogether! | | |Sheldon | | |Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com |Ten Forward Communications 360-457-9023 |Nationwide access, neighborhood support! | |Whenever you find yourself on the side of the majority, it's |time to pause and reflect. Mark Twain | | |--- |[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.