Yesterday's volume was about 25K. The server is also running Kiwi, which
also acts as a syslog for their Sonicwall Firewall, of which that alone had
a log file of about The Sonicwall logs them selves totaled about 109MB. So
I would say it was the combined load on the NIC and TCP/IP connections.
My God, did the programmers of that software actually opt to base64
encode US-ASCII in the subject line???
Sorry, I just has to point that out in case anyone missed it :)
Matt
R. Scott Perry wrote:
Here are the headers from a message that was blocked. I had to
whitelist the address so that
Has anyone seen an increase in spam with subjects of rr or ss or something
similar? I've seen a huge increase in these, as well as bogus yahoo/hotmail
accounts.
Would filters like these be good?
SUBJECT 0 IS RR
CONTAINS in this case would catch words like correct Hi Barry! etc.
There doesn't
I have an Adult message with this entry in the headers:
X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL -
http://blackholes.easynet.nl/errors.html
Is easynet.nl one of the spamdomains that was taken down? Imail rules
caught this, not Declude. It says above that it is Blacklisted,
You shouldn't waste your time when third party programmers can do this
stuff.
We'll have a syslog version of the log renamer by tomorrow morning.
Not at this time, mainly because of the amount of work that
would need to
go into creating the option and testing it. At this point,
new
For what it's worth, I use TextPad from the eponymous .com website, which
behaves the same way as has been remarked for UltraEdit. TextPad seems to
be a more rounded tool, whereas UltraEdit seems to lean towards widgets for
programmers.
Andrew 8)
-Original Message-
From: Bud Durland
Paul, I've seen a few today. From literally all over the world,
spamvertising a website in China with a disposable name.
aa
gg
kk
ll
nn
I found that the various following tests were good enough to catch all of
the ones we received, and are typical of the tests that were triggered. You
We've been watching this. Indications are that it will be a short lived
phenomena that's probably not worth filtering - since filtering would be
difficult and easy to overcome. Indications from this source are that
they've already begun to abandon this - if they haven't already
abandoned it. If
Title: IP as REVDNS
Hi;
I am just curious as to how legitimate it is to have IP showing up as the REVDNS.
Interesting enough we are seeing a series of spam coming where the REVDNS is showing up as just the REMOTEIP.
X-Declude-Sender: [EMAIL PROTECTED] [216.22.16.66]
I am just curious as to how legitimate it is to have IP showing up as the
REVDNS.
It should never happen. It is not valid for a reverse DNS entry to be an IP.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Interesting...
So why it has not failed the REVDNS test?
I have seen repeatedly from this spammer...
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Tuesday, September 30, 2003 3:22 PM
To: [EMAIL PROTECTED]
Subject:
So why it has not failed the REVDNS test?
Because the REVDNS test just checks for the presence of a reverse DNS
entry; it does not check the validity of it.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Maybe this is a clue?
http://www.dnsstuff.com/tools/ptr.ch?ip=216.22.16.66
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent:
Mike,
There are other filters there, but I have yet to put up an interface
for downloading them and I haven't yet put together the changes in the
last two weeks from the feedback that I have received. I'll post new
links soon :)
Until then, there are links to what is available from the
http://fabel.dk/relay/test/
Now returns a farewell page. It looks like only the tester is gone, and
that the ip4r lookup still works, e.g.
nslookup 2.0.0.127.spamsources.fabel.dk
Non-authoritative answer:
Name:2.0.0.127.spamsources.fabel.dk
Address: 127.0.0.2
I don't use FABELSOURCES so
15 matches
Mail list logo