Just a followup here - I found that relays.osirusoft.com is dead to me. I
may be late here that they have closed down, or the spammer DDOS attack
against SPEWS is still ongoing. I disabled them and the logjam cleared up
pronto.
A theory about the other DNS server solving the problem - th
> No, you only need to use IPBYPASS if a "good" mailserver will be receiving
> the spam and passing it on to you (typically either a gateway mailserver or
> backup mailserver).
So instead of using HOP=1 when you know the IP address of the smtp
gateway, it is
preferable to use IPBYPASS=[ip address
"R. Scott Perry" wrote:
> >I do have a whitelist with about 50 entries but these
> >are known domain names and email addresses that I have verified personally.
>
> Are any of them your domains? For example, if we were to whitelist
> @declude.com, we would receive a lot more spam (because many spa
Scott,
We have received two postmaster messages this morning from Declude users
who are not using the "SKIPIFVIRUSNAMEHAS Sobig". Any chance to
send a broadcast message to Declude users to remind them they can be
part of the solution by tweaking their outgoing message templates???
Michael
We have received two postmaster messages this morning from Declude users
who are not using the "SKIPIFVIRUSNAMEHAS Sobig". Any chance to
send a broadcast message to Declude users to remind them they can be
part of the solution by tweaking their outgoing message templates???
Unfortunately, t
Message Sniffer has rules in place for this (about 30+ of them).
We've also lifted the delay restriction on the demo license temporarily
so that ANYONE can get this protection by running the demo license
(sniffer2.snf) with Declude Junkmail. BE SURE TO DOWNLOAD THE LATEST
VERSION OF THE RULEBASE -
(I was going to point you to the MailArchive website rather than re-post,
but I couldn't find my own message there.)
You're probably getting 4 kinds of nuisance messages:
1) The SoBig.F virus messages
2) Broken versions of the message with all the text but no virus
3) Bounce notifications (undeli
We are only running Declude JunkMail is anyone setting up any rules to
filter out the SoBig virus other than using Declud virus software.
If you aren't going to get Declude Virus, you may want to temporarily block
on just the BADHEADERS test, as it should catch all copies of Sobig.F from
what we
We are only running Declude JunkMail is anyone setting up any rules to
filter out the SoBig virus other than using Declud virus software.
Thanks,
Dom
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
The notifications serve a valuable purpose primarily to notify my
customers that they have virus-protected email. For forging viruses a
responsible admin has to use skipifvirusnamehas to shut them off. I do
not send notices to the sender... Not my problem, imho.
> >What opinion do others have about these notifications?
>
> They absolutely, positively should not be sent out for forging viruses
> (such as Sobig).
I turned off the postmaster and other postmaster emails the second day we
ran Declude Virus. It was a huge waste of time.
Then I have tried to ke
That line sounds like part of the generic otherpostmaster.eml file, and
therefore is probably a Declude user. Post the full headers, or send off
list so we can pursue this and get this person to fix it.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
>
What opinion do others have about these notifications?
They absolutely, positively should not be sent out for forging viruses
(such as Sobig).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Cat
I have been swamped with notifications to postmaster that one of our mail
server sent SoBig/F to their mail server. Since Sobig/F seems to forge the
from address and use its own SMTP process - it definetely does not come from
our servers. I am finding these notification annoying, waste of time, a
What does this line mean in the declude log:
08/22/2003 08:53:39 Q124905aa0274e442 Bogus IP: ?.?.?.?
That means that the IP address you wanted Declude JunkMail to scan was
listed as "?.?.?.?". This can happen if you use the HOPHIGH setting (for
scanning multiple hops), as that will scan Receiv
What does this line mean in the declude log:
08/22/2003 08:53:39 Q124905aa0274e442 Bogus IP: ?.?.?.?
Thanks,
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-ma
I'm trying to track down what I suspect is one or more slow DNS-Based spam
database. The effect is that mail delivery is slow. I can get temporary
relief by pointing to a different DNS server.
If you the problem goes away when pointing to a different DNS server, the
problem probably is not with
I'm trying to track down what I suspect is one or more slow DNS-Based spam
database. The effect is that mail delivery is slow. I can get temporary
relief by pointing to a different DNS server. Short of packet sniffing a
session, is the DNS response time recorded in the logfile for any log level?
Hi,
I have actually Declude Weight test + Imail Rules with a filter on
keywords. The result since a week on my personal mailbox 898 email were
supposed to be deleted and all are spam NO False positive anywhere and
I'm checking.
Before activating any delete function I always test the filters with
19 matches
Mail list logo