[Declude.JunkMail] web-o-trust python output
I have not seen a single hit from the web-o-trust IP4R database, so I am wondering if they have populated it with any other than the test IP address. Anyway, if anybody is interested, here are the IP addresses that can be gathered by running the python script (that can be downloaded from the web-o-trust web site) against their own WOT file: === 216.161.119.28/32 63.227.74.40/29 206.154.12.6 206.154.12.5 206.154.12.1 216.239.181.44 199.181.178.202 199.181.178.210 199.181.178.249 206.161.134.0/24 64.4.213.160/28 192.220.90.245 64.42.30.33 64.42.30.59 195.127.133.64/26 63.107.174.0/25 63.107.174.9 63.107.174.74 63.107.174.79 66.101.136.32 216.153.138.70 66.218.0.195 66.218.0.196 12.5.16.230 12.5.18.101 12.5.20.80 12.5.20.81 12.5.20.100 12.5.20.105 12.5.20.108 12.5.20.109 131.161.246.241 127.0.0.4 216.239.181.44 131.161.246.241 216.161.119.28/32 63.227.74.40/29 65.39.146.50 65.39.146.51 216.158.54.130 66.187.244.0/24 66.187.250.0/24 66.187.254.0/24 216.64.213.0/24 208.31.42.38 208.31.42.42 208.31.42.38 208.31.42.42 208.31.212.48 127.0.0.1 68.59.9.227 66.143.181.9 66.143.181.11 68.14.232.127 216.19.203.209 207.217.120.0/24 204.127.202.0/24 204.127.198.0/24 193.115.218.0/24 204.74.64.0/18 207.126.97.0/24 207.126.97.0/24 128.223.142.13 128.223.142.14 128.223.32.18 128.223.32.6 128.223.60.21 208.31.40.0/21 216.99.221.0/24 18.7.21.0/24 204.178.72.212 65.83.168.66 209.98.250.78 209.98.98.0/23 208.42.156.0/25 202.14.177.1 203.9.150.1 203.9.150.105 212.17.35.15 127.0.0.3 195.8.166.131 195.8.166.134 195.8.189.42 146.101.158.130 195.92.253.3 82.195.234.0/28 82.36.140.4 216.37.23.2 206.135.50.0/24 208.254.47.10 208.254.47.11 66.199.168.4 200.112.193.11 65.172.240.34 192.203.178.0/24 63.107.174.65 63.107.174.14 63.107.174.32 65.119.204.32 63.107.174.8 63.107.174.78 219.122.122.130 221.188.40.145 212.32.4.25 82.195.234.0/28 69.59.138.210 203.56.139.100 66.181.128.0/27 131.161.246.241 65.39.146.50 65.39.146.51 192.136.111.0/24 208.128.241.224/29 216.239.181.44 204.189.38.0/24 204.189.39.254 206.114.136.0/23 131.161.246.241 205.179.156.40 204.152.188.42 128.223.142.13 128.223.142.14 128.223.32.18 128.223.32.6 128.223.60.21 208.31.212.35 208.31.212.43 208.31.214.2 195.92.253.3 63.107.174.65 63.107.174.14 63.107.174.32 65.119.204.32 63.107.174.8 63.107.174.78 24.107.232.14 208.31.212.48 127.0.0.2 68.168.78.0/24 24.48.57.4 24.48.58.217 24.48.57.10 24.48.58.218 209.18.32.0/20 24.75.0.0/17 24.75.128.0/20 66.109.0.0/20 68.168.64.0/20 24.49.141.249 24.48.52.0/24 24.48.31.79 216.88.36.96 216.88.36.160/27 209.98.1.0/26 209.98.1.224/27 204.249.106.2 209.114.181.235 209.114.181.237 208.249.185.98 82.34.1.89 216.239.181.44 64.35.140.249 64.35.140.251 192.94.170.0/24 66.93.190.199 66.93.190.238 207.217.120.0/24 204.127.202.0/24 204.127.198.0/24 67.89.105.244 207.166.198.224/29 207.166.198.22 12.169.125.2 131.161.246.241 64.65.64.0/25 66.92.144.25 66.92.144.195 66.92.144.187 66.92.144.211 208.31.42.38 208.31.42.42 209.208.127.0/29 209.208.127.8/30 209.208.127.36 209.208.121.25 209.208.0.105 209.208.0.71 209.208.0.20 209.208.0.4 209.208.48.121 209.208.48.114 208.152.224.3 208.152.224.2 208.152.224.4 209.208.0.15 216.239.181.44 64.69.80.178 195.92.253.3 82.195.234.0/28 82.36.140.4 212.32.5.0/28 195.200.1.58 209.10.69.128/25 209.63.164.120 192.150.103.0/24 204.74.68.55 192.83.249.28 206.55.70.42 216.239.181.44 65.39.146.37 209.17.183.249 198.63.208.11 198.63.208.9 198.63.208.144 216.177.97.41 207.126.97.64 192.150.103.17 204.74.68.55 38.113.200.0/24 128.223.142.13 128.223.142.14 128.223.32.18 128.223.32.6 128.223.60.21 216.239.181.44 64.65.77.46/32 === With these address you can create an ipfile like Scott illustrated in a previous post to the list: WOT ipfile D:\IMail\Declude\wotfile.txt x -10 x Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] END in Filter
Title: Message Hi Scott, I'm not clear what happens if the "END" matches in a filter. I know that the REST of the filter will not be processed. But let say, I have reached a weight of 20 in my filter by the time I reach the "END" statement - what weight will be added to the weight of the mail: - 20 (because that's what was accumulated in the lines prior to the END statement) - 0 (because some prior emails talk about "zeroeing" out the filter) Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206
[Declude.JunkMail] HIDETESTS
Title: Message Hi Scott: The next release will allow for an option HIDETESTS in the global.cfg file ..., which will prevent those tests from showing up in the X-Spam-Tests-Failed: header. hm - not sure that I know this header. In various config files I use... XINHEADERX-Declude: Triggered %TESTSFAILED% [%WEIGHT%] WEIGHTHDRWARNX-RBL-Warning: Failed %TESTSFAILED% [%WEIGHT%] - Will the "HIDETESTS" effect the %TESTSFAILED% variable in the global.cfg and $default$.junkmail - Will the "HIDETESTS" effect the %TESTSFAILED% variable in my eml templates that I use for "bounceonlyifscottletsyou" or "alert"? If so, then I suggest that the description in your release notes may be misleading. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206
Re: [Declude.JunkMail] END in Filter
I'm not clear what happens if the END matches in a filter. If an END line matches in a filter, processing of that filter will stop. I know that the REST of the filter will not be processed. But let say, I have reached a weight of 20 in my filter by the time I reach the END statement - what weight will be added to the weight of the mail: - 20 (because that's what was accumulated in the lines prior to the END statement) - 0 (because some prior emails talk about zeroeing out the filter) It's actually set up right now so that [1] the E-mail will stop processing, [2] the test will *not* fail (this may change -- I'm not sure why it was set up that way), and [3] the weight will be exactly what it should have been when END was reached. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MAILFROM vs FROMFILE
Is MAILFROM in a filterfile equivalent to an entry in a FROMFILE? Is there an advantage to use one over the other? The fromfile test type is nearly equivalent to MAILFROM CONTAINS in a filter. However, there are some slight differences -- for example, [EMAIL PROTECTED] in a fromfile would be the same as MAILFROM IS in a filter (rather than MAILFROM CONTAINS). A filter has a bit more flexibility. The performance for both are about the same. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MAILFROM vs FROMFILE
Is MAILFROM in a filterfile equivalent to an entry in a FROMFILE? Is there an advantage to use one over the other? Thanks! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] HIDETESTS not working?
Title: Message My installed.bin says = 1.77i2. My Global.cfg contains a line: HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT WEIGHT8 WEIGHT10 WEIGHTHDR NJABL AHBL SORBS My $Default$.Junkmail contains a line: WEIGHTHDRWARNX-RBL-Warning: Failed %TESTSFAILED% [%WEIGHT%] My .EML template contains (snippet): In case your message was legitimate, we are including technical information that will assist us with reviewing the matter. Mail Server: %REMOTEIP% for %RHSBL% [%SENDERHOST%] DNS Pointer: %REVDNS% Host Name: %HELO% Triggers: %TESTSFAILED% (%WARNING%) Yet, Declude generates the following: In case your message was legitimate, we are including technical information that will assist us with reviewing the matter. Mail Server: 219.47.200.12 for verizon.net [verizon.net] DNS Pointer: YahooBB219047200012.bbtec.net Host Name: YahooBB219047200012.bbtec.net Triggers: SORBS, SORBS-DUL, BADHEADERS, SPAMROUTING, SPAMDOMAINS, WEIGHT10 (Total weight between 10 and 19.) And I just received an email with the following header: X-Declude: Triggered SORBS, WEIGHTFILTER [5] Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
Re: [Declude.JunkMail] HIDETESTS not working?
My installed.bin says = 1.77i2. The installed.bin file isn't meant to be human-readable. Given that we don't have a record of having given out a 1.77i2, it's probably wrong. What does \IMail\Declude -diag say? HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT WEIGHT8 WEIGHT10 WEIGHTHDR NJABL AHBL SORBS Triggers: SORBS, SORBS-DUL, BADHEADERS, SPAMROUTING, SPAMDOMAINS, WEIGHT10 (Total weight between 10 and 19.) The WEIGHT10 shouldn't have been in there -- there is a bug with 1.77 that can prevent the HIDETESTS option from working properly. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Hardware Recommendation's
Based on my previous posting about the mail hanging, I believe that it is do to my hardware. I was curious if the following specs would work as a gateway server: Xeon 2.8GHz 73Gb 15K Scsi 1GB Ram This server will have Imail installed, Windows 2000 Server, Windows DNS, Declude Junkmail Pro and Declude Virus Pro, Fprot. Thanks, Kris McElroy [EMAIL PROTECTED] Chief Technology Officer Duracom, INC. www.duracom.net I am always doing that which I can not do, in order that I may learn how to do it. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HIDETESTS not working?
Given that we don't have a record of having given out a 1.77i2, it's probably wrong. Scott: The 1.77i folder has now the version 2. The following is the header from our email. = Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-IMAIL-SPAM-DNSBL: (BLARS,23200366,127.1.0.1) X-Declude-Sender: [EMAIL PROTECTED] [24.107.232.14] X-Declude-Spoolname: De25a0162026e458d.SMD X-Note: This E-mail was scanned filtered by Declude [1.77i2] for SPAM virus. == This is what our version says.. So 1.77i2 definitely is there. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 12, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HIDETESTS not working? My installed.bin says = 1.77i2. The installed.bin file isn't meant to be human-readable. Given that we don't have a record of having given out a 1.77i2, it's probably wrong. What does \IMail\Declude -diag say? HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT WEIGHT8 WEIGHT10 WEIGHTHDR NJABL AHBL SORBS Triggers: SORBS, SORBS-DUL, BADHEADERS, SPAMROUTING, SPAMDOMAINS, WEIGHT10 (Total weight between 10 and 19.) The WEIGHT10 shouldn't have been in there -- there is a bug with 1.77 that can prevent the HIDETESTS option from working properly. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HIDETESTS not working?
Hi Scott: The WEIGHT10 shouldn't have been in there -- there is a bug with 1.77 Okay, but what about SORBS, that appears even though it's included in the HIDETESTS. Given that we don't have a record of having given out a 1.77i2, it's probably wrong. Huh? Where do you think I downloaded it from? Declude 1.77i2 (C) Copyright 2000-2003 Computerized Horizons. NoMaxQueProc Diagnostics ON (Declude v1.77i2). Declude JunkMail: Config file found (D:\IMAIL\Declude\global.CFG). Declude Virus: Config file found (D:\IMAIL\Declude\Virus.CFG). WARNING: Could not delete eicar.com file [2]! Declude Hijack:Not installed (no D:\IMAIL\Declude\Hijack.CFG file). Declude Confirm: Not installed (no D:\IMAIL\Declude\Confirm.CFG file). 64 spam tests defined: BYPASSWHITELIST BYPASSMULTIRECP DSBL DSBLMULTI ORDB KUNDE NSERVER SPAMCOP BLITZEDALL NJABL NJABLRELAYS NJABLDUL NJABLSOURCES NJABLMULTI NJ ABLFORMMAIL NJABLPROXIES AHBL AHBLRELAYS AHBLPROXIES AHBLSOURCES AHBLPSSL AHBLFO RMMAIL AHBLENDUSER AHBLEXEMPT SORBS SORBS-HTTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-WEB SORBS-BLOCK SORBS-ZOMBIE SORBS-DUL SPAMHAUS CBL BONDEDSENDER WEB-O-TR UST RDNSBL AHBLDOMAINS SORBS-BADCONF SORBS-NOMAIL MAILPOLICE-PORN MAILFROM PERCE NT BADHEADERS BASE64 HELOBOGUS IPNOTINMX REVDNS SPAMROUTING SPAMHEADERS NOLEGITC ONTENT COMMENTS BCC4 BCC6 BCC8 HEUR10 HEUR9 HEUR8 SPAMDOMAINS WEIGHTFILTER WEIGH TKILL WEIGHT10 WEIGHT8 WEIGHTHDR IMail reports Official Host Name as: Maywood-IS-0002.Webhost.HM-Software.com. IMail's SendName registry seems OK: D:\IMAIL\Declude.exe. DNS Server: 63.107.174.65 Declude JunkMail Status: PRO version registered. Declude Virus Status:Pro Version Registered. Declude Hijack Status: NOT REGISTERED: No activation code. End of diagnostics. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 12, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HIDETESTS not working? My installed.bin says = 1.77i2. The installed.bin file isn't meant to be human-readable. Given that we don't have a record of having given out a 1.77i2, it's probably wrong. What does \IMail\Declude -diag say? HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT WEIGHT8 WEIGHT10 WEIGHTHDR NJABL AHBL SORBS Triggers: SORBS, SORBS-DUL, BADHEADERS, SPAMROUTING, SPAMDOMAINS, WEIGHT10 (Total weight between 10 and 19.) The WEIGHT10 shouldn't have been in there -- there is a bug with 1.77 that can prevent the HIDETESTS option from working properly. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HIDETESTS not working?
Given that we don't have a record of having given out a 1.77i2, it's probably wrong. The 1.77i folder has now the version 2. The following is the header from our email. This is exactly why there was such a big issue with interim releases last month. We only have a record of giving out the URL to the interim release to one of our customers. I just checked the stats for our web site, and it seems that 25 people have downloaded it. Perhaps next time, we'll need to come out with an interim release that does something creative to help people realize that interim releases are ONLY supposed to be downloaded when there is a specific feature or fix that is needed. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HIDETESTS not working?
The WEIGHT10 shouldn't have been in there -- there is a bug with 1.77 Okay, but what about SORBS, that appears even though it's included in the HIDETESTS. The HIDETESTS option requires an exact match. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] installed.bin readable?
The installed.bin file isn't meant to be human-readable. I know - you've claimed this in the past. Apparently, you are under the believe that this file format is binary? I remember me and other people reporting repeatedly that (fortunately) it is definitely human-readable and has been for as long as I can remember. Does anyone out there have an installed.bin file that is NOT? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
If you want to stop this stuff, hit 'em in the pocketbook. These actions are economically induced. This means fining them and shutting down the routing of their network traffic. Easier said than done, I know... Burzin At 08:08 PM 12/11/2003, you wrote: Obviously we all hate spam, but in a country where Enron's executives still haven't been charged with a crime, it seems that maybe we're making a bit too much out of an individual spammer. I consider these guys to be merely a nuisance on an individual basis and the only damage they are capable of on their own seems mostly to be the result of carelessness instead of something intentional. I think a moderate jail sentence for a first offense is reasonable, but they should be fined in an amount comparable to their revenues from such activities. I haven't read the article though, so maybe these guys are the worst of the worst and deserve something a bit more harsh. I'd just rather we jail violent felons for long periods of time instead of just people that lack good judgment or good moral character, especially since such sentences won't stop spammers, it will just cause them to move elsewhere, as they have already been doing for some time. Matt Todd Holt wrote: .02 The courts will see this as a victimless crime and give him a 2 month sentence, under house arrest, blah, blah, blah, ginger. Then companies can sue him in civil court for losses they can document... Can you document your monetary losses from SPAM from a specific source?? I know that I can't. That's what they count on. If they really wanted to stop SPAM they would, by making a mandatory 1 year in jail for conviction of sending a single piece of SPAM. That would make the punishment too great to risk committing the crime. Why do you think so many people break the speed limit? Not because they are unlikely to get caught, but if they do get caught, the punishment is only a small fine and traffic school (which you can now take at home in most states). The bottom line is that this is a political way to say they are doing something about the problem without spending a lot of money or effort on a problem they see as a nuisance. /.02 Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Keith Anderson Sent: Thursday, December 11, 2003 4:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges It's the five years that makes it a deterrent. Nobody cares about the amount of the arbitrary fines for committing murder, either. -Original Message- From: Todd Holt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 11, 2003 4:56 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I applaud there efforts, but... $2500 a piece will deter no one!!! http://www.washingtonpost.com/wp-dyn/articles/A56209-2003Dec11.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim Releases - A Suggestion
Scott: You can't fault people. With the last few betas it seemed as if the original beta was quickly replaced with a follow-up interims release before the new features really worked reliably. (A common scenario was oh, yeah, we know that's broken, go download the interims release.) I understand that you don't want to post an updated list of known caveats with a beta because of the workload involved. May be this would address the concerns of your customers without slowing down your development efforts: The official beta link will contain the original beta .exe, until (in your opinion) there is another good interims release that should be used by every beta tester instead. Then that .exe will be found at the regular beta. This way, customers could safely download from the beta link, get the best code - and you could keep the interims code strictly for one-on-one situations. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 12, 2003 11:10 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] HIDETESTS not working? Given that we don't have a record of having given out a 1.77i2, it's probably wrong. The 1.77i folder has now the version 2. The following is the header from our email. This is exactly why there was such a big issue with interim releases last month. We only have a record of giving out the URL to the interim release to one of our customers. I just checked the stats for our web site, and it seems that 25 people have downloaded it. Perhaps next time, we'll need to come out with an interim release that does something creative to help people realize that interim releases are ONLY supposed to be downloaded when there is a specific feature or fix that is needed. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HIDETESTS not working?
The HIDETESTS option requires an exact match. Yes - I understand that... Let's try this one more time G: As per my original bug report, my Global.cfg contains the line: HIDETESTS CATCHALLMAILS IPNOTINMX ... NJABL AHBL SORBS ^ My variable is replaced with Triggers: SORBS, SORBS-DUL, BADHEADERS, SPAMROUTING, ^ Notice how the first test listed is SORBS, which matches my last HIDETESTS SORBS character by character? And, no, there is not an extra space behind SORBS in my HIDETESTS - it's the end of the line. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim Releases - A Suggestion
You can't fault people. With the last few betas it seemed as if the original beta was quickly replaced with a follow-up interims release before the new features really worked reliably. (A common scenario was oh, yeah, we know that's broken, go download the interims release.) And that was part of the original design -- we could very quickly get fixes out for people that needed them. May be this would address the concerns of your customers without slowing down your development efforts: The official beta link will contain the original beta .exe, until (in your opinion) there is another good interims release that should be used by every beta tester instead. Then that .exe will be found at the regular beta. The problem here is that the interim releases would essentially become betas. That just makes the line between betas and interim releases much finer, which means more workload here for the interim releases. I believe the real problem with the original design is that we made it very easy for people to get the interim releases -- so easy, that only perhaps 10% of the people using them are people that are supposed to! Interim releases should only be run by people who have a specific need for the new features/fixes, and are willing to accept the potential consequences (odd things happening such as the C:\Declude.log file being used, having to go back to the last beta if problems come up with the interim releases, making sure to upgrade to the next beta when it comes out, etc.). Yes, new features in betas will often have problems. But rather than waiting for the next interim release, it may be best to wait for the next beta. And the idea that our customers were attempting to keep up-to-date with interim releases without knowing what they may contain -- that's something that we hadn't prepared for. Doing that is a dangerous thing. For example, an interim release might automatically turn on the debug mode -- which could result in gigabytes of log files for some systems, causing the hard drive to run out of space. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HIDETESTS not working?
Notice how the first test listed is SORBS, which matches my last HIDETESTS SORBS character by character? That is part of the bug I was referring to. I had not noticed that you had a generic SORBS test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hardware Recommendation's
I thought it was a no-no to have DNS running on your Imail server. Is it? At 09:50 AM 12/12/2003, you wrote: This server will have Imail installed, Windows 2000 Server, Windows DNS, Declude Junkmail Pro and Declude Virus Pro, Fprot. -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hardware Recommendation's
Not all. I initiated a recent posting on this topic and its fine as long as the server can handle all requests made of it. We're running SimpleDNS on our IMail server, others will choose Windows DNS etc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla Sent: 12 December 2003 16:33 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Hardware Recommendation's I thought it was a no-no to have DNS running on your Imail server. Is it? At 09:50 AM 12/12/2003, you wrote: This server will have Imail installed, Windows 2000 Server, Windows DNS, Declude Junkmail Pro and Declude Virus Pro, Fprot. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Hardware Recommendation's
I thought it was a no-no to have DNS running on your Imail server. Is it? Not at all. It's relatively lightweight (time tells for each envt, of course); gives you a centralized cache that, at worst, fails along with your mail server (as opposed to a remote DNS server, which is more likely to fail separately and have unexpected effects on mail delivery); and is helpful for increasing the reliability of both Declude and IMail, since both products have issues with talking directly to multiple DNS servers. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim Releases - A Suggestion
Scott, Just a suggestion, and it wouldn't be too much work, why not just distribute the special interim release in a password protected zip file when someone needs a quick fix? General interim release to fix a known bug (for everyone running a beta) would not be zipped. Just my two cents. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HIDETESTS not working?
Okay - thanks. Just wanted to make sure that you were aware that the bug was not related to WEIGHT... tests only. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
The problem with criminal fines is nobody ever pays them. We have over 100 criminal fraud judgements against former and current spammers, and they all carry fines. How are the fines collected? The judge reviews their personal financial condition and establishes a monthly payment that they can afford. Everyone knows that personal financial statements can be made to look like a person is living in poverty. In one case a fine of $1,250,000 is getting repaid at an astounding rate of $30 per month. And after a certain number of years they can appeal for a reduction or elimination of payments. There's no interest. Jail time means something. Granted, they can get probation and walk free after a short time. But even a few months in jail is time without spam from that person, and maybe the jail time is unpleasant enough to make them reconsider returning to their profession. The only people that will hit the spammers' pocketbooks are the ISPs getting together and forcing them out of their jobs... or to get people to stop buying their stuff! -Original Message- From: Burzin Sumariwalla [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 9:25 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges If you want to stop this stuff, hit 'em in the pocketbook. These actions are economically induced. This means fining them and shutting down the routing of their network traffic. Easier said than done, I know... --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hardware Recommendation's
I've had BIND 4, 8 and 9 running on my IMail 6, 7 and 8, both master and slave, for years, with no problems ever. Well...no problems relating to the interaction of IMail and DNS. :) At 11:33 AM 12/12/2003, Burzin Sumariwalla wrote: I thought it was a no-no to have DNS running on your Imail server. Is it? At 09:50 AM 12/12/2003, you wrote: This server will have Imail installed, Windows 2000 Server, Windows DNS, Declude Junkmail Pro and Declude Virus Pro, Fprot. -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hardware Recommendation's
It is a no-no to have the MS DNS service running on a Windows 2003 server with Imail 8.0x-4 and using Imail Anti-Spam DNS tests. Otherwise, fine. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla Sent: Friday, December 12, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Hardware Recommendation's I thought it was a no-no to have DNS running on your Imail server. Is it? At 09:50 AM 12/12/2003, you wrote: This server will have Imail installed, Windows 2000 Server, Windows DNS, Declude Junkmail Pro and Declude Virus Pro, Fprot. -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] RR.COM
Hi, We are having a problem sending e-mail to any user at rr.com. Our messages are refused as spam. I have checked all of the databases that they say they use and we are not listed in any of them. Over the last three weeks, I have sent several messages to [EMAIL PROTECTED] (the address that they say to use for problems like this) but have only gotten automated responses confirming receipt of the message. Has anyone else had a problem with rr.com? If so, how did you resolve it? Thanks, Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim Releases - A Suggestion
Just a suggestion, and it wouldn't be too much work, why not just distribute the special interim release in a password protected zip file when someone needs a quick fix? We may well need to do that. Or perhaps just a random URL that isn't easily guessable. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interim Releases - A Suggestion
We may well need to do that. Or perhaps just a random URL that isn't easily guessable. Yes Scott, I think that's necessary. The current method is pretty dangerous - let's take a real case from the last beta. If I remember I ultimately ended up having to use i18 to address various issues before it ran sufficiently stable. There were plenty of messages in the Mail-Archive.com that suggested that certain problems required the interims release iXX - AND where it would be found. Now, if some poor fellow would have installed the 1.76 beta a week later, they would have done their due diligence, searched the mail-archive about any caveats, read about the problem, read about downloading an interims release (i28 or whatever) - and possibly end up with one that you wouldn't want them to use. You really can't fault the customer here - if anything, the person was very thorough and acted entirely reasonable. I concur that it is necessary to keep the easily accessible interims release as mainline code and to place debug code at a unique URL. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RR.COM
We are having a problem sending e-mail to any user at rr.com. Our messages are refused as spam. I have checked all of the databases that they say they use and we are not listed in any of them. Over the last three weeks, I have sent several messages to [EMAIL PROTECTED] (the address that they say to use for problems like this) but have only gotten automated responses confirming receipt of the message. Have you checked your IMail SMTP log file to see the exact message? IIRC, they refuse to accept any mail from us, under any circumstances, unless we convince our Internet provider to send them an E-mail allowing it (in our case, the risks of doing that outweight the benefit of sending to rr.com). Since we occasionally send mail to rr.com users, we set up our mailserver to re-route E-mail to rr.com through another mailserver that they haven't blocked yet. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interim Releases - A Suggestion
Just a suggestion, and it wouldn't be too much work, why not just distribute the special interim release in a password protected zip file when someone needs a quick fix? We may well need to do that. Or perhaps just a random URL that isn't easily guessable. Well, I've seen from posts here that the interims have helped find/solve problems quickly, so they ARE helpful. However, they're not for everyone. I don't run them here, just the latest betas. Maybe Scott, you only offer the interims to those that request it, sort of a Declude-interim list, that way, we on the list here don't need to know that i10 has just fixed a problem in i9, etc, making us think we need to run it, unless it directly effects the previous Betas functionality. We recommend you run i10 to fix a problem in 1.76 beta, you may get it here. Which would probably just be a new beta anyway... I think I'm rambling, so I'll stop now. =) Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RR.COM
This is the info from the Imail log file: 20031211 125915 127.0.0.1 SMTP (075005D4) 220 ncmx03.mgw.rr.com ESMTP Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! *** 20031211 125915 127.0.0.1 SMTP (075005D4) EHLO wamusa.com 20031211 125915 127.0.0.1 SMTP (075005D4) 250-ncmx03.mgw.rr.com Hello 63-252-12-121.ip.mcleodusa.net [63.252.12.121], pleased to meet you 20031211 125915 127.0.0.1 SMTP (075005D4) 250 ENHANCEDSTATUSCODES 20031211 125915 127.0.0.1 SMTP (075005D4) MAIL FROM:[EMAIL PROTECTED] 20031211 125915 127.0.0.1 SMTP (075005D4) 550 5.7.1 Mail Refused - 63.252.12 - See http://security.rr.com/mail_blocks.htm#security - 20031103 20031211 125915 127.0.0.1 SMTP (075005D4) ERR undeliverable 550 5.7.1 Mail Refused - 63.252.12 - See http://security.rr.com/mail_blocks.htm#security - 20031103 20031211 125915 127.0.0.1 SMTP (075005D4) SMTP_DELIV_FAILED 20031211 125915 127.0.0.1 SMTP (075005D4) QUIT 20031211 125915 127.0.0.1 SMTP (075005D4) 221 2.0.0 ncmx03.mgw.rr.com closing connection Bill We are having a problem sending e-mail to any user at rr.com. Our messages are refused as spam. I have checked all of the databases that they say they use and we are not listed in any of them. Over the last three weeks, I have sent several messages to [EMAIL PROTECTED] (the address that they say to use for problems like this) but have only gotten automated responses confirming receipt of the message. Have you checked your IMail SMTP log file to see the exact message? IIRC, they refuse to accept any mail from us, under any circumstances, unless we convince our Internet provider to send them an E-mail allowing it (in our case, the risks of doing that outweight the benefit of sending to rr.com). Since we occasionally send mail to rr.com users, we set up our mailserver to re-route E-mail to rr.com through another mailserver that they haven't blocked yet. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
OT: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
I agree with you. The statement was more general than it should have been. Personally I think the ISP route is one of the best places to begin active anti-spam measures at (Sorry ISP admins). If legislatively, ISPs can be forced to have customers adhere to strict RFC compliance and if legislatively ISPs can be forced to take consistent and strict measures it might force spammers into smaller and smaller corners. I don't represent and ISP, so maybe I'm being to optimistic. Burzin At 10:59 AM 12/12/2003, you wrote: The only people that will hit the spammers' pocketbooks are the ISPs getting together and forcing them out of their jobs... or to get people to stop buying their stuff! -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hardware Recommendation's
Thanks for the clarification. Burzin At 11:09 AM 12/12/2003, you wrote: It is a no-no to have the MS DNS service running on a Windows 2003 server with Imail 8.0x-4 and using Imail Anti-Spam DNS tests. Otherwise, fine. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla Sent: Friday, December 12, 2003 8:33 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Hardware Recommendation's I thought it was a no-no to have DNS running on your Imail server. Is it? At 09:50 AM 12/12/2003, you wrote: This server will have Imail installed, Windows 2000 Server, Windows DNS, Declude Junkmail Pro and Declude Virus Pro, Fprot. -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RR.COM
on 12/12/03 12:49 PM, Bill Morgan wrote: We are having a problem sending e-mail to any user at rr.com. Our messages are refused as spam. I have checked all of the databases that they say they use and we are not listed in any of them. Over the last three weeks, I have sent several messages to [EMAIL PROTECTED] (the address that they say to use for problems like this) but have only gotten automated responses confirming receipt of the message. Has anyone else had a problem with rr.com? Yes, it just started recently, as far as we can tell. If so, how did you resolve it? Haven't yet. We've sent them e-mail messages but nothing has been changed yet. Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RR.COM
And they are the worst in the opposite direction. I got about 20 virus notifications this morning from them - where they cleaned the message, then they sent me the original message without the virus - which means, it was an empty email and it still file my mailbox. Even worse, their cover letter explains that they are NOT notifying the SENDER of the email. They expect ME to do that, even through the sender is usually forged and if anyone can identify who their customer at that IP address was - it's THEM. And, their attachments don't include the headers of the original email or any other identifying queue ID - so I can't just forward their message to their abuse address (even though that's what they ask you do to if the sender was forged). You have to manually retrieve the headers, forward the message and paste the headers back in. So - they are spamming me with virus notifications that I don't want to see, they don't stop the infected message and they do nothing to stop the infected PC from sending. Bunch o'morons. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] declude junkmail and external tests (info)
Previously posted on Imail site: When does declude junkmail add it's xheaders? Do it add as it conducts it's test(s)? can I conduct a test (if exists) on a previously added header? Maybe I should explain it better I wrote an external phrase test program. I'm trying to come up with a way of bypassing the test/program if the email is orginating from with the local domain. I've read the manual and I can pass variables to the external file per the paragraph: For more flexibility, you can have Declude JunkMail pass parameters to your program, using variables. For example, you can set up the test as 'TESTNAME external returnvalue "filename %INOROUT%"', which would send the %INOROUT% variable as a parameter to your program (which would be "incoming" for an incoming E-mail, or "outgoing" for an outgoing E-mail). if I'm passing a variable as a parameter would it be equal to program-name %variable% c:\IMail\spool\D1234567.SMD or program-namec:\IMail\spool\D1234567.SMD %variable% I need the recieving order of the "parameter list"
Re: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
If ISPs would block outbound port 25 that would go a long way towards keeping spam. Right now most of our spam is coming from cable and DSL IPs. We block outbound port 25 except from our mail servers and a couple of customers who have a legitimate reason to use another mail server. If so we open a hole to that mail server only. It's done on a case by case basis. Is it a pain in the ass? Most certainly but if any spam leaves our network it will be easy as hell to track. It really burns my ass to be spammed from these networks because the provider is either too lazy or incompetent to block these ports. David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Burzin Sumariwalla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:22 PM Subject: OT: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I agree with you. The statement was more general than it should have been. Personally I think the ISP route is one of the best places to begin active anti-spam measures at (Sorry ISP admins). If legislatively, ISPs can be forced to have customers adhere to strict RFC compliance and if legislatively ISPs can be forced to take consistent and strict measures it might force spammers into smaller and smaller corners. I don't represent and ISP, so maybe I'm being to optimistic. Burzin At 10:59 AM 12/12/2003, you wrote: The only people that will hit the spammers' pocketbooks are the ISPs getting together and forcing them out of their jobs... or to get people to stop buying their stuff! -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude junkmail and external tests (info)
if I'm passing a variable as a parameter would it be equal to program-name %variable% c:\IMail\spool\D1234567.SMD or program-name c:\IMail\spool\D1234567.SMD %variable% I need the recieving order of the parameter list The variables will appear before the spool file name. The spool file name will be the last parameter. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Line break (= sign)
Scott: You stated a while back that now Declude appends lines together before filtering. The following line: Doctor's office. /pp class=3D"style5"a href="" href="http://www.activerx.b">http://www.activerx.b=iz"bStart placing your order for meds here/b/a/p/body/html= The equal signs are causing issues with our filters. I have the filter: activerx.b=iz it still is not being caught. In testing the email it appears that perhaps a space is present after the equal sign.. I have done activerx.b= iz it is still not being caught. Any ideas? Regards, Kami
Re: [Declude.JunkMail] Line break (= sign)
That's base64 encoding, which Declude JunkMail doesn't attempt to decode. However, you should be able to block it based on the encoded text. Are you using DECODE OFF (in which case base64 decoding and the de-HTMLizing will not be done)? -Scott At 02:25 PM 12/12/2003, Kami Razvan wrote: Scott: You stated a while back that now Declude appends lines together before filtering. The following line: Doctor's office. /pp class=3Dstyle5a href=3Dhttp://www.activerx.bhttp://www.activerx.b= izbStart placing your order for meds here/b/a/p/body/html= The equal signs are causing issues with our filters. I have the filter: activerx.b=iz it still is not being caught. In testing the email it appears that perhaps a space is present after the equal sign.. I have done activerx.b= iz it is still not being caught. Any ideas? Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Line break (= sign)
Nope.. I do not have that line anywhere in the Global.cfg. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 12, 2003 2:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Line break (= sign) That's base64 encoding, which Declude JunkMail doesn't attempt to decode. However, you should be able to block it based on the encoded text. Are you using DECODE OFF (in which case base64 decoding and the de-HTMLizing will not be done)? -Scott At 02:25 PM 12/12/2003, Kami Razvan wrote: Scott: You stated a while back that now Declude appends lines together before filtering. The following line: Doctor's office. /pp class=3Dstyle5a href=3Dhttp://www.activerx.bhttp://www.activerx.b= izbStart placing your order for meds here/b/a/p/body/html= The equal signs are causing issues with our filters. I have the filter: activerx.b=iz it still is not being caught. In testing the email it appears that perhaps a space is present after the equal sign.. I have done activerx.b= iz it is still not being caught. Any ideas? Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Line break (= sign)
I do not have that line anywhere in the Global.cfg. The problem turns out to be that the deHTMLizing code would not remove the line break if it occurred in the middle of an HTML tag. This will be changed for the next release. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
I was thinking of something much simpler... Verifying that the IP appears in a MX record Verifying that Reverse DNS is set Basically the RFC ignorant stuff... Of course your network would have to deal with traffic before shunning it. :( I like your idea much better. Burzin At 01:10 PM 12/12/2003, you wrote: If ISPs would block outbound port 25 that would go a long way towards keeping spam. Right now most of our spam is coming from cable and DSL IPs. We block outbound port 25 except from our mail servers and a couple of customers who have a legitimate reason to use another mail server. If so we open a hole to that mail server only. It's done on a case by case basis. Is it a pain in the ass? Most certainly but if any spam leaves our network it will be easy as hell to track. It really burns my ass to be spammed from these networks because the provider is either too lazy or incompetent to block these ports. David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Burzin Sumariwalla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:22 PM Subject: OT: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I agree with you. The statement was more general than it should have been. Personally I think the ISP route is one of the best places to begin active anti-spam measures at (Sorry ISP admins). If legislatively, ISPs can be forced to have customers adhere to strict RFC compliance and if legislatively ISPs can be forced to take consistent and strict measures it might force spammers into smaller and smaller corners. I don't represent and ISP, so maybe I'm being to optimistic. Burzin At 10:59 AM 12/12/2003, you wrote: The only people that will hit the spammers' pocketbooks are the ISPs getting together and forcing them out of their jobs... or to get people to stop buying their stuff! -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Connection Type Filtering Policy
I was wondering what people's feelings were on blacklisting based on the sending computers connection type (of course based on IP range)? I have heard on other threads that some just assume that if a message came from a server that has an IP within a range of IPs that is listed as being cable, DSL, or dial-up it should be treated as spam. When talking about this are people referring to all DSL and cable IP ranges or just the dynamically assigned ones? The reason I am asking is because I am thinking of tinkering with a setup on my home network to provide email to my family. I wouldn't consider myself an expert mail admin but I know enough from the mail administration I do at work to configure my server securely (and of course run Declude AV and JM :)) The only thing holding me back from playing with this project is that I fear my mail will be filtered as spam by most other mail admins because there is no way I can afford a T1 or above for my home. I would be using business class DSL or cable with static IPs. Any thoughts? Andy Ognenoff Online Systems Administrator - Cousins Submarines, Inc. http://www.cousinssubs.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Curiosity question...
Scott, this is just an inquiring minds kind of question: Using [outgoing] CFG file global.cfg. Msg failed WOT-WL (WOT Reduction). Action=WARN. Using [outgoing] CFG file global.cfg. Msg failed WOT-WL ( WOT Reduction). Action=WARN. Just wondering why this ipfile entry outputs to the logs and headers with a leading space sometimes before ( WOT Reduction) and not (WOT Reduction) with others, especially since they are using the same [outgoing] file on the same server? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
I certainly DO NOT want the ISPs to block outbound port 25!! We have a number of mail customers that must send there outbound mail through the ISPs SMTP server. Now we rely on them to keep the SMTP server up and running, relaying in a timely manner, not adding footers to the email and providing customer service for outbound SMTP issues. Have you ever tried to call Earthlink, Sprint, SBC or PacBell about an SMTP issue?? The point fingers more than the telephone side does! I want the ISPs to be forced (by law) to shutdown users who send spam. But I don't see this happening any time soon. If it did, some spammer would probably sue the ISP for shutting him down after sending child pornography to pedophiles. I he would probably win. I have resigned myself to the fact that I must fight this battle myself (with a lot of help from my fellow mail admins) and not rely on the government for help. They don't want to get into the political mess this could cause. Thanks to the work of Scott, I have a great tool for this battle. And thanks to everyone else here, I have a place to educate myself on how to fight this battle. Fight the good fight, people!!! Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of David Daniels Sent: Friday, December 12, 2003 11:10 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges If ISPs would block outbound port 25 that would go a long way towards keeping spam. Right now most of our spam is coming from cable and DSL IPs. We block outbound port 25 except from our mail servers and a couple of customers who have a legitimate reason to use another mail server. If so we open a hole to that mail server only. It's done on a case by case basis. Is it a pain in the ass? Most certainly but if any spam leaves our network it will be easy as hell to track. It really burns my ass to be spammed from these networks because the provider is either too lazy or incompetent to block these ports. David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Burzin Sumariwalla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:22 PM Subject: OT: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I agree with you. The statement was more general than it should have been. Personally I think the ISP route is one of the best places to begin active anti-spam measures at (Sorry ISP admins). If legislatively, ISPs can be forced to have customers adhere to strict RFC compliance and if legislatively ISPs can be forced to take consistent and strict measures it might force spammers into smaller and smaller corners. I don't represent and ISP, so maybe I'm being to optimistic. Burzin At 10:59 AM 12/12/2003, you wrote: The only people that will hit the spammers' pocketbooks are the ISPs getting together and forcing them out of their jobs... or to get people to stop buying their stuff! -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Connection Type Filtering Policy
I was wondering what people's feelings were on blacklisting based on the sending computers connection type (of course based on IP range)? I have heard on other threads that some just assume that if a message came from a server that has an IP within a range of IPs that is listed as being cable, DSL, or dial-up it should be treated as spam. When talking about this are people referring to all DSL and cable IP ranges or just the dynamically assigned ones? Well, considering that the only reasonably priced high-speed connections here are via cable (as in the next step up is at least 5 times the price), such a test would catch our E-mail. I think that what most people are referring to is a test that detects E-mail coming from dynamic IPs. However, the fundamental flaw with such a test is that there isn't any way to know if an IP is dynamic or static. Every so often our mail bounces because someone thinks (incorrectly, of course) that our IP is dynamic. However, we see no problem in having such a test, which could be set up as a filter with REVDNS ... CONTAINS lines in them. Depending on the source of your information, our E-mail might get caught by the test -- but used in a weighting system, our mail wouldn't get caught. The reason I am asking is because I am thinking of tinkering with a setup on my home network to provide email to my family. I wouldn't consider myself an expert mail admin but I know enough from the mail administration I do at work to configure my server securely (and of course run Declude AV and JM :)) The only thing holding me back from playing with this project is that I fear my mail will be filtered as spam by most other mail admins because there is no way I can afford a T1 or above for my home. I would be using business class DSL or cable with static IPs. In that case, you should be fine. However, be prepared for a few fanatics that may block your E-mail anyways. If that happens, the best thing to do is usually just to forget about it. If that happens to us, we try re-routing through our Internet provider, but find that more than half the time the fanatics are blocking our Internet provider, as well. So unless you really need the E-mail to get through, it may not be worth the time trying to bypass the spam filters (I remember the days when it was the spammers trying to bypass spam filters!). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Curiosity question...
Scott, this is just an inquiring minds kind of question: Using [outgoing] CFG file global.cfg. Msg failed WOT-WL (WOT Reduction). Action=WARN. Using [outgoing] CFG file global.cfg. Msg failed WOT-WL ( WOT Reduction). Action=WARN. Just wondering why this ipfile entry outputs to the logs and headers with a leading space sometimes before ( WOT Reduction) and not (WOT Reduction) with others, especially since they are using the same [outgoing] file on the same server? It seems that it depends on how many spaces/tabs are on the line in the ipfile. The next release will change this so that it will not have any leading spaces. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Proper Usage of SPAMDOMAINS.TXT
Hello, All, If I have a text file which is going to be used with the SPAMDOMAINS test does it cause any technical issues or performance issues to have blank lines in the file like below, e.g. ... - # This is my spam domains file... .nb.ca .qc.ca .com.au .net.au .co.uk .sch.uk - Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Proper Usage of SPAMDOMAINS.TXT
If I have a text file which is going to be used with the SPAMDOMAINS test does it cause any technical issues or performance issues to have blank lines in the file like below, e.g. ... Blanks lines are fine in the spamdomains.txt file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges
We have a number of mail customers that must send there outbound mail through the ISPs SMTP server. Now we rely on them to keep the SMTP server up and running, relaying in a timely manner, not adding footers to the email and providing customer service for outbound SMTP issues. Have you ever tried to call Earthlink, Sprint, SBC or PacBell about an SMTP issue?? The point fingers more than the telephone side does! I agree completely. There's a glaring misconception that people who run ISPs know how to run mailservers (of course related to the idea that Unix admins always know how to run mailservers...and of course *only* Unix admins have the knowledge to manage an ISP, despite the fact that ISPs have to deal with a Windows user community as well as tons of proprietary hardware). Our experience consulting for many providers shows this to be absolutely fallacious. Geez--and this is just one case--one of our favorite local T-1+ providers can't keep their Horde/IMP server up 24/7, which is a very bad sign. So while the people that endorse blacklisting all mail from suspect providers that comes directly from subscriber servers (when the subscriber servers are allowed by SLA) have their hearts in the right place, they need to own up to the fact that they are forcing innumerable people who need reliable mail service--legit and illegit alike!-to change ISPs, not simply asking them to use a smart host. Waiting around for ISPs to wake up and figure out how to deliver gigantic levels of outgoing mail, and then to figure out how to stop getting the smart host itself blacklisted, won't cut it. There are plenty of businesses underequipped financially and technically to make overnight switches...more likely, they'd just switch to another blacklisted service. To my mind, it's the disingenuous and elitist parts of that policy that have the bad smell, not the policy itself. There has to be a more honest way to achieve the same result. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude junkmail and external tests (info)
so if I have in global.cfg: PHRASESCAN external nonzero D:\Imail\mail_ameripride_org\phrscan.exe %REVDNS% 10 0 it will give me: phrscan (Private IP) c:\IMail\spool\D1234567.SMD phrscan (timeout) c:\IMail\spool\D1234567.SMD depending on internal emails vs external emails or does %REVDNS% actually give something I'm not seeing and it is replaced in the header? When I look at the headers %REVDNS% returns the private or timeout - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:24 PM Subject: Re: [Declude.JunkMail] declude junkmail and external tests (info) if I'm passing a variable as a parameter would it be equal to program-name %variable% c:\IMail\spool\D1234567.SMD or program-name c:\IMail\spool\D1234567.SMD %variable% I need the recieving order of the parameter list The variables will appear before the spool file name. The spool file name will be the last parameter. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude junkmail and external tests (info)
so if I have in global.cfg: PHRASESCAN external nonzero D:\Imail\mail_ameripride_org\phrscan.exe %REVDNS% 10 0 it will give me: phrscan (Private IP) c:\IMail\spool\D1234567.SMD phrscan (timeout) c:\IMail\spool\D1234567.SMD depending on internal emails vs external emails Correct. or does %REVDNS% actually give something I'm not seeing and it is replaced in the header? When I look at the headers %REVDNS% returns the private or timeout That would occur if your DNS server is only returning certain answers, and timing out on others. That's going to cause a lot of problems -- you should look into why that is happening. Normally, if everything (on your end and the remote end) is set up properly, the %REVDNS% variable will display the reverse DNS entry of the IP that connected to your server. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude junkmail and external tests (info)
oPPs! I think the %REVDNS% was getting timeout because both the box and imails dns settings were still set to the ip of the box (durning install and testing phase) for the primary. Modified them to point to the dns server. It was the only thing having dns issues to my knowledge (users weren't complaining). Does it always return the text '(Private IP)' for internal addresses? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 3:24 PM Subject: Re: [Declude.JunkMail] declude junkmail and external tests (info) so if I have in global.cfg: PHRASESCAN external nonzero D:\Imail\mail_ameripride_org\phrscan.exe %REVDNS% 10 0 it will give me: phrscan (Private IP) c:\IMail\spool\D1234567.SMD phrscan (timeout) c:\IMail\spool\D1234567.SMD depending on internal emails vs external emails Correct. or does %REVDNS% actually give something I'm not seeing and it is replaced in the header? When I look at the headers %REVDNS% returns the private or timeout That would occur if your DNS server is only returning certain answers, and timing out on others. That's going to cause a lot of problems -- you should look into why that is happening. Normally, if everything (on your end and the remote end) is set up properly, the %REVDNS% variable will display the reverse DNS entry of the IP that connected to your server. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Listed on SBL + Bonded Sender???
What to do? This looks very suspicious and it causes me grave concern about the quality of Bonded Sender. Check out the following headers: X-MailPure: X-MailPure: BONDEDSENDER: Listed in query.bondedsender.org X-MailPure: FIVETEN-SPAM: Listed in blackholes.five-ten-sg.com X-MailPure: SBL: Listed in sbl.spamhaus.org X-MailPure: MAILPOLICE-BULK: Listed in bulk.rhs.mailpolice.com X-MailPure: IPNOTINMX: IP is not listed in MX or A records. X-MailPure: NOLEGITCONTENT: No legitimate content detected. X-MailPure: SNIFFER-GRAY: Listed in the Gray category. X-MailPure: KAMI-REMOTEIP: Message failed KAMI-REMOTEIP test (line 124, weight 0). X-MailPure: RECIPIENTS: removed X-MailPure: X-MailPure: Spam Score: 20 X-MailPure: Scan Time: 15:26:33 on 12/11/2003 X-MailPure: Spool File: Dd2d200ad022e006c.SMD X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: out003.toptx.com [38.113.200.23] X-MailPure: They were recently listed in SBL with the following record: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12236 So who's wrong here? Are these guys harvesting addresses? Why would they have over 50 IP's to mail from? At the same time, here's their SenderBase lookup: http://www.senderbase.org/search?searchString=38.113.200.23whichOthers=%2F24 I have a customer that reported this as a false postive and wants to have this let through. Do I tell him that this is a mistake, similar to allowing someone to execute a virus? Do I report this to Bonded Sender? Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts
Has anyone considered the trouble this causes to remote mail hosts? First this has caused many calls from my fairly small customer base whenever someone starts all of a sudden blocking port 25. Secondly, it limits my capabilities as I can no longer handle their outgoing E-mail. Third, this creates issues where things like slow ISP mail servers, blocked E-mail and other issues related to the ISP impact my business regardless of my ability to control it. If an ISP is going to do this as a practice, they shouldn't do it from dynamic addresses, and they should have a simple method of asking that a static IP be allowed to use port 25. If Road Runner ever did this to me, I would be gone the next day even if I had to deal with slower speeds with DSL. This is a very bad idea, and it's a kluge of a fix for what should be done through monitoring and action only on those that cause problems. ISP's should be proactive in monitoring for zombied machines and shutting off certain ports to them when found. I know that some large ISP's do this type of thing already, but there needs to be some products that the smaller ISP's also integrate so that the blunt-force method doesn't stop companies like me from better serving business customers. If the trend keeps up, I'll probably look at ways to accept SMTP connections over port 80 as a work around, but that expense comes out of my pocket for no good reason IMO. Matt Burzin Sumariwalla wrote: I was thinking of something much simpler... Verifying that the IP appears in a MX record Verifying that Reverse DNS is set Basically the RFC ignorant stuff... Of course your network would have to deal with traffic before shunning it. :( I like your idea much better. Burzin At 01:10 PM 12/12/2003, you wrote: If ISPs would block outbound port 25 that would go a long way towards keeping spam. Right now most of our spam is coming from cable and DSL IPs. We block outbound port 25 except from our mail servers and a couple of customers who have a legitimate reason to use another mail server. If so we open a hole to that mail server only. It's done on a case by case basis. Is it a pain in the ass? Most certainly but if any spam leaves our network it will be easy as hell to track. It really burns my ass to be spammed from these networks because the provider is either too lazy or incompetent to block these ports. David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Burzin Sumariwalla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:22 PM Subject: OT: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I agree with you. The statement was more general than it should have been. Personally I think the ISP route is one of the best places to begin active anti-spam measures at (Sorry ISP admins). If legislatively, ISPs can be forced to have customers adhere to strict RFC compliance and if legislatively ISPs can be forced to take consistent and strict measures it might force spammers into smaller and smaller corners. I don't represent and ISP, so maybe I'm being to optimistic. Burzin At 10:59 AM 12/12/2003, you wrote: The only people that will hit the spammers' pocketbooks are the ISPs getting together and forcing them out of their jobs... or to get people to stop buying their stuff! -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail was scanned for viruses by Declude Virus
Re: [Declude.JunkMail] declude junkmail and external tests (info)
Does it always return the text '(Private IP)' for internal addresses? Yes, it does. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Listed on SBL + Bonded Sender???
Just a little follow-up. The problem is that Topica, the bulk-mail sender, operates thousands of smaller lists and apparently has a problem with their members sending out spam. I've seen several of these companies, including Microsoft's own service, have these issues. I don't think it is wise to have them listed in either Bonded Sender nor SBL. Even with that said, those tests cancel each other out on my system, though I never planned on such a thing happening for obvious reasons. If places like Bonded Sender start allowing bulk-mail senders that serve very small customers that bring their own lists, then I will stop using them as a negative weight test. At the same time, SBL needs to take a look at their charter and take Topica out of their list because Topica itself isn't a spammer, they're just a company offering service to a market that is impossible to police. JMHO. Matt Matthew Bramble wrote: What to do? This looks very suspicious and it causes me grave concern about the quality of Bonded Sender. Check out the following headers: X-MailPure: X-MailPure: BONDEDSENDER: Listed in query.bondedsender.org X-MailPure: FIVETEN-SPAM: Listed in blackholes.five-ten-sg.com X-MailPure: SBL: Listed in sbl.spamhaus.org X-MailPure: MAILPOLICE-BULK: Listed in bulk.rhs.mailpolice.com X-MailPure: IPNOTINMX: IP is not listed in MX or A records. X-MailPure: NOLEGITCONTENT: No legitimate content detected. X-MailPure: SNIFFER-GRAY: Listed in the Gray category. X-MailPure: KAMI-REMOTEIP: Message failed KAMI-REMOTEIP test (line 124, weight 0). X-MailPure: RECIPIENTS: removed X-MailPure: X-MailPure: Spam Score: 20 X-MailPure: Scan Time: 15:26:33 on 12/11/2003 X-MailPure: Spool File: Dd2d200ad022e006c.SMD X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: out003.toptx.com [38.113.200.23] X-MailPure: They were recently listed in SBL with the following record: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12236 So who's wrong here? Are these guys harvesting addresses? Why would they have over 50 IP's to mail from? At the same time, here's their SenderBase lookup: http://www.senderbase.org/search?searchString=38.113.200.23whichOthers=%2F24 I have a customer that reported this as a false postive and wants to have this let through. Do I tell him that this is a mistake, similar to allowing someone to execute a virus? Do I report this to Bonded Sender? Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts
Dynamic IP's is exactly where it should be done, that's where most of the spam comes from. As far as serving your customers goes it's easy enough to open a hole for a customer with a legitimate reason to use a remote mail server. Any action is going to be a pain for someone, that's the reason spam is so rampant. In the interest of free and open communication we've let things get too lax. Sometimes for good reason. It would be great to use reverse DNS or rather the lack of as a reason to reject mail but this results in rejecting mail from not only the new or clueless admin but also the many whose providers don't give them control of their reverse DNS. Blocking port 25 will accomplish nearly as much with a lot less pain I believe. Most customers simply don't have the need to use a remote SMTP server and one line in an access list will take care of those who do. It's more trouble for the provider for sure yet if enough people did it the resulting savings in spam control would make up for it many times. Road Runner is one that should do it by the way. We get a lot of spam from their dynamic IPs. They should have no trouble doing a DNS entry and opening port 25 for a paying business customer. David Daniels System administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Matthew Bramble [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 5:25 PM Subject: Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Has anyone considered the trouble this causes to remote mail hosts? First this has caused many calls from my fairly small customer base whenever someone starts all of a sudden blocking port 25. Secondly, it limits my capabilities as I can no longer handle their outgoing E-mail. Third, this creates issues where things like slow ISP mail servers, blocked E-mail and other issues related to the ISP impact my business regardless of my ability to control it. If an ISP is going to do this as a practice, they shouldn't do it from dynamic addresses, and they should have a simple method of asking that a static IP be allowed to use port 25. If Road Runner ever did this to me, I would be gone the next day even if I had to deal with slower speeds with DSL. This is a very bad idea, and it's a kluge of a fix for what should be done through monitoring and action only on those that cause problems. ISP's should be proactive in monitoring for zombied machines and shutting off certain ports to them when found. I know that some large ISP's do this type of thing already, but there needs to be some products that the smaller ISP's also integrate so that the blunt-force method doesn't stop companies like me from better serving business customers. If the trend keeps up, I'll probably look at ways to accept SMTP connections over port 80 as a work around, but that expense comes out of my pocket for no good reason IMO. Matt Burzin Sumariwalla wrote: I was thinking of something much simpler... Verifying that the IP appears in a MX record Verifying that Reverse DNS is set Basically the RFC ignorant stuff... Of course your network would have to deal with traffic before shunning it. :( I like your idea much better. Burzin At 01:10 PM 12/12/2003, you wrote: If ISPs would block outbound port 25 that would go a long way towards keeping spam. Right now most of our spam is coming from cable and DSL IPs. We block outbound port 25 except from our mail servers and a couple of customers who have a legitimate reason to use another mail server. If so we open a hole to that mail server only. It's done on a case by case basis. Is it a pain in the ass? Most certainly but if any spam leaves our network it will be easy as hell to track. It really burns my ass to be spammed from these networks because the provider is either too lazy or incompetent to block these ports. David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Burzin Sumariwalla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:22 PM Subject: OT: [Declude.JunkMail] Virginia Indicts Two Men On Spam Charges I agree with you. The statement was more general than it should have been. Personally I think the ISP route is one of the best places to begin active anti-spam measures at (Sorry ISP admins). If legislatively, ISPs can be forced to have customers adhere to strict RFC compliance and if legislatively ISPs can be forced to take consistent and strict measures it might force spammers into smaller and smaller corners. I don't represent and ISP, so maybe I'm being to optimistic. Burzin At 10:59 AM 12/12/2003, you wrote: The only people that will hit the spammers' pocketbooks are the ISPs getting together and forcing them out of their jobs... or to get people to
Re: [Declude.JunkMail] [OT] Anybody Charging for Filtering Services?
$5.00 per month for anti-spam per domain name $5.00 per month for anti-virus per domain name up to 50 email accounts Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 11, 2003 4:17 PM Subject: RE: [Declude.JunkMail] [OT] Anybody Charging for Filtering Services? $0.00 for spam control $3.00/month for Virus Protection. At this price we have had a lot of takers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ITG Lists Sent: Thursday, December 11, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] [OT] Anybody Charging for Filtering Services? Hello, Kind of Off-Topic, but was wondering if anybody is charging their customers a fee for providing Declude Spam/Virus filtering? We have been providing as a free service for about 18 months and would like to charge if we can to help offset some of the costs of managing. Problem is how to approach customers since they have been getting for free and how much to charge. Any experience/ideas would be appreciated. You can email me off list at [EMAIL PROTECTED] if you'd prefer. Thanks in advance, George --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [This E-mail was scanned for viruses by AmeriMail] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 12/11/2003 at 16:22:47-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 12/11/2003 at 16:22:49-0500et. ] [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 12/12/2003 at 20:12:42-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 12/12/2003 at 20:12:45-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts
While I generally agree with port 25 blocking as an interim mechanism to stem the tide of spam, especially from dynamic IPs, more and more is coming from trojan viruses that get installed on poorly protected PCs. All we need right now is to add an economic incentive to the worm/virus threat, which has the potential to be a much more insidious problem. Bottom line: The open architecture of the internet is coming back to haunt us. Not enough safeguards were put in place to protect from this unforeseen problem. Traceability is one of the most important aspects of policy enforcement, but as in port blocking, that would also encourage spam worms and viruses... and it still treats the symptoms and not the cause. Everyone keep the ideas flowing... maybe we can come up with ideas as to how to keep spam from being sent to begin with. Darin. - Original Message - From: David Daniels [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 7:12 PM Subject: Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Dynamic IP's is exactly where it should be done, that's where most of the spam comes from. As far as serving your customers goes it's easy enough to open a hole for a customer with a legitimate reason to use a remote mail server. Any action is going to be a pain for someone, that's the reason spam is so rampant. In the interest of free and open communication we've let things get too lax. Sometimes for good reason. It would be great to use reverse DNS or rather the lack of as a reason to reject mail but this results in rejecting mail from not only the new or clueless admin but also the many whose providers don't give them control of their reverse DNS. Blocking port 25 will accomplish nearly as much with a lot less pain I believe. Most customers simply don't have the need to use a remote SMTP server and one line in an access list will take care of those who do. It's more trouble for the provider for sure yet if enough people did it the resulting savings in spam control would make up for it many times. Road Runner is one that should do it by the way. We get a lot of spam from their dynamic IPs. They should have no trouble doing a DNS entry and opening port 25 for a paying business customer. David Daniels System administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Matthew Bramble [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 5:25 PM Subject: Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Has anyone considered the trouble this causes to remote mail hosts? First this has caused many calls from my fairly small customer base whenever someone starts all of a sudden blocking port 25. Secondly, it limits my capabilities as I can no longer handle their outgoing E-mail. Third, this creates issues where things like slow ISP mail servers, blocked E-mail and other issues related to the ISP impact my business regardless of my ability to control it. If an ISP is going to do this as a practice, they shouldn't do it from dynamic addresses, and they should have a simple method of asking that a static IP be allowed to use port 25. If Road Runner ever did this to me, I would be gone the next day even if I had to deal with slower speeds with DSL. This is a very bad idea, and it's a kluge of a fix for what should be done through monitoring and action only on those that cause problems. ISP's should be proactive in monitoring for zombied machines and shutting off certain ports to them when found. I know that some large ISP's do this type of thing already, but there needs to be some products that the smaller ISP's also integrate so that the blunt-force method doesn't stop companies like me from better serving business customers. If the trend keeps up, I'll probably look at ways to accept SMTP connections over port 80 as a work around, but that expense comes out of my pocket for no good reason IMO. Matt Burzin Sumariwalla wrote: I was thinking of something much simpler... Verifying that the IP appears in a MX record Verifying that Reverse DNS is set Basically the RFC ignorant stuff... Of course your network would have to deal with traffic before shunning it. :( I like your idea much better. Burzin At 01:10 PM 12/12/2003, you wrote: If ISPs would block outbound port 25 that would go a long way towards keeping spam. Right now most of our spam is coming from cable and DSL IPs. We block outbound port 25 except from our mail servers and a couple of customers who have a legitimate reason to use another mail server. If so we open a hole to that mail server only. It's done on a case by case basis. Is it a pain in the ass? Most certainly but if any spam leaves our network it will be easy as hell to track. It really burns my ass to be spammed from these networks because the provider is either too lazy or incompetent to
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts
David and Matt- Congratulations, David, on finding and implementing the best way to deal this issue. I own a hosting company in the DC area, and StarPower here is doing the same thing that you are. Now if only we could get Verizon, Comcast, RR and the others to follow suit, things could be a lot better. Verizon took the opposite approach. They refuse to provide SMTP transport unless they host the domain, and they leave their entire system open on port 25. This was done in the name of spam reduction about two years ago. All it did was force me into the SMTP AUTH business to cut down traffic on their mailservers. And, oh yeah, the marketing implications of the move were not lost on me. We did not lose a single customer to this scam, but it took a lot of effort since we have a large number of customers who use Verizon DSL for access. I thought the RFCs required access providers to provide outbound SMTP transport for all their customers. The access providers, after all, are the only ones who know whether the senders are legit. So either I'm wrong, or Verizon is. Matt, I went through a lot of the same arguments with my StarPower customers. Once they understand that security and spam control requires that they use StarPower's SMTP service, they are very cooperative and happy to make the adjustments. We are fanatical about customer service, and I will have a tech talk a customer through the email setup, even if it takes an hour. We've been in business since 1995, and we never provided SMTP transport until Verizon's move. -Dave Doherty Skywaves, Inc. - Original Message - From: David Daniels [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 7:12 PM Subject: Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Dynamic IP's is exactly where it should be done, that's where most of the spam comes from. As far as serving your customers goes it's easy enough to open a hole for a customer with a legitimate reason to use a remote mail server. Any action is going to be a pain for someone, that's the reason spam is so rampant. In the interest of free and open communication we've let things get too lax. Sometimes for good reason. It would be great to use reverse DNS or rather the lack of as a reason to reject mail but this results in rejecting mail from not only the new or clueless admin but also the many whose providers don't give them control of their reverse DNS. Blocking port 25 will accomplish nearly as much with a lot less pain I believe. Most customers simply don't have the need to use a remote SMTP server and one line in an access list will take care of those who do. It's more trouble for the provider for sure yet if enough people did it the resulting savings in spam control would make up for it many times. Road Runner is one that should do it by the way. We get a lot of spam from their dynamic IPs. They should have no trouble doing a DNS entry and opening port 25 for a paying business customer. David Daniels System administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Matthew Bramble [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 5:25 PM Subject: Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Has anyone considered the trouble this causes to remote mail hosts? First this has caused many calls from my fairly small customer base whenever someone starts all of a sudden blocking port 25. Secondly, it limits my capabilities as I can no longer handle their outgoing E-mail. Third, this creates issues where things like slow ISP mail servers, blocked E-mail and other issues related to the ISP impact my business regardless of my ability to control it. If an ISP is going to do this as a practice, they shouldn't do it from dynamic addresses, and they should have a simple method of asking that a static IP be allowed to use port 25. If Road Runner ever did this to me, I would be gone the next day even if I had to deal with slower speeds with DSL. This is a very bad idea, and it's a kluge of a fix for what should be done through monitoring and action only on those that cause problems. ISP's should be proactive in monitoring for zombied machines and shutting off certain ports to them when found. I know that some large ISP's do this type of thing already, but there needs to be some products that the smaller ISP's also integrate so that the blunt-force method doesn't stop companies like me from better serving business customers. If the trend keeps up, I'll probably look at ways to accept SMTP connections over port 80 as a work around, but that expense comes out of my pocket for no good reason IMO. Matt Burzin Sumariwalla wrote: I was thinking of something much simpler... Verifying that the IP appears in a MX record Verifying that Reverse DNS is set Basically the RFC ignorant stuff...
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts
Dave Doherty wrote: Matt, I went through a lot of the same arguments with my StarPower customers. Once they understand that security and spam control requires that they use StarPower's SMTP service, they are very cooperative and happy to make the adjustments. We are fanatical about customer service, and I will have a tech talk a customer through the email setup, even if it takes an hour. I think you are assuming too much about your customers being happy under those arrangements. Maybe your outbound SMTP server is problem free, but the ISP's that are implementing such things are far from problem free in my experience, and I hate getting calls about why someone's E-mail isn't reaching it's destination when we aren't handling their outbound traffic. We also provide virus scanning on outbound traffic, which such a configuration defeats. I see this approach in the same light as closing down the highways because people speed. It punishes customers and providers that play by the rules, whereas only a small number are sending spam or have computers that are compromised to do so. Because I need direct access to my SMTP server for monitoring, I absolutely have to have a provider that allows SMTP traffic through. If the majority of ISP's played by the rules that you do, SMTP would be broken for all practical purposes as far as I'm concerned. If you ask around, most here don't consider blocking on DUL lists to be a wise thing to do, though using that in a weighting scheme is a decent idea. It's pretty clear that even Scott is being blocked by Road Runner's servers because of a poor implementation of a DUL list that includes his IP space even though it is static and business-class. Blocking outbound SMTP is even worse than blocking by DUL. I'm sure that many around here have had similar issues with large ISP's that improperly have tagged their IP space as being dynamic. I know that this practice negatively affects my business, and it's quite difficult to explain to a non-technical customer why this is, and never once has one of them been happy that their ISP has chosen to do so. Maybe you aren't aware of this affecting your business, but I, along with several of my LAN integrator friends, would absolutely not recommend an ISP that blocks outbound SMTP traffic because of the problems that it causes me, and the perception that such an implementation is a lazy way of fighting spam. And as far as my experience goes, none of the ISP's doing this that I have encountered went about this in a fully responsible manner. They all chose to make a change and then have me take the calls and do the diagnosis and call them for verification instead of alerting their customers as to the issues. This also starts encroaching into the areas of censorship and policing ones customers. Once you start getting involved with disallowing SMTP, you remove legitimate objections to blocking file sharing networks, and could even make yourself liable for such things. The industry has taken a very purposeful approach to this by usurping as much responsibility as possible. They don't want to become the Internet's police force, and costly defenses of John Doe's by places like Yahoo and Verizon were not intended to protect criminals, but instead to protect their businesses from liability and burden. The RIAA has even gone after universities for file sharing, and this implicates the universities as being liable for the actions of their students. If you know anything about public colleges, then you should know that they generally have a huge aversion to any form of blocking because of the implications. After one student at my old school got arrested for child porn, a friend of mine who was the sys admin, removed all such groups from their news server, figuring that it wouldn't make for good publicity if they found the guy got it off of their own servers...well, when the guy's boss got wind of this, he forced him to add all of the groups back in. The view here is that it was a can of worms that they wanted nothing to do with as a proactive measure, and their job was not to enforce either moral standards nor the law itself. Spam is of course a serious problem, and one of the problems is that it causes ISP's to limit access to my servers by my own clients. I assure you that I am not the only one that feels this way, and it does affect your business, though maybe not measureably...it certainly affects mine and I'm not the one blocking this stuff. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
