RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
any news on this matter? The issues with SWITCHRECIP in 1.77i12 are still being investigated. Dito - any news with respect to the log entries in medium mode? I'm not aware of any issues here? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelisted?
Ok I admit I'm pretty weak in the area of tweaking declude but why was this whitelisted? I have three whitelist lines in my global.cfg ... they are WHITELIST HABEAS and 2 WHITELIST[EMAIL PROTECTED] lines ... Date: Mon, 12 Jan 2004 04:44:57 +0400 X-Mailer: PIPEX NetMail 2.2.0-pre13 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--7204916354633796 X-Priority: 5 X-IMAIL-SPAM-VALFROM: (1580138816) X-Declude-Sender: [EMAIL PROTECTED] [217.83.120.175] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-Note: This E-mail was sent from pD95378AF.dip.t-dialin.net ([217.83.120.175]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 319325114 thanks, Larry Craddock --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisted?
Ok I admit I'm pretty weak in the area of tweaking declude but why was this whitelisted? I have three whitelist lines in my global.cfg ... they are WHITELIST HABEAS and 2 WHITELIST[EMAIL PROTECTED] lines ... What does the Declude JunkMail log file say? Is one of those two WHITELIST lines WHITELIST FROM mail.com (which would whitelist this E-mail, since it came frmo [EMAIL PROTECTED])? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
Sorry for being vague. You have been discussing slightly changing the new log behavior, by adding some information to improve parsing by log analyzers, possible making the abbreivated log an option feature for Mid mode, etc. No sweat - just wanted to make sure I didn't have to download a new Interim. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 12, 2004 08:15 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP any news on this matter? The issues with SWITCHRECIP in 1.77i12 are still being investigated. Dito - any news with respect to the log entries in medium mode? I'm not aware of any issues here? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisted?
Well I'm not sure how I missed this ... but here's the *rest* of the header info: Received: from pd95378af.dip.t-dialin.net [217.83.120.175] by netride.net (SMTPD32-8.05) id A80D5E2F0140; Mon, 12 Jan 2004 06:50:21 -0600 Received: from 0.139.81.238 by 217.83.120.175; Sun, 11 Jan 2004 21:40:57 -0300 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. Now what do I do? Larry Craddock - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 7:27 AM Subject: Re: [Declude.JunkMail] Whitelisted? Ok I admit I'm pretty weak in the area of tweaking declude but why was this whitelisted? I have three whitelist lines in my global.cfg ... they are WHITELIST HABEAS and 2 WHITELIST[EMAIL PROTECTED] lines ... What does the Declude JunkMail log file say? Is one of those two WHITELIST lines WHITELIST FROM mail.com (which would whitelist this E-mail, since it came frmo [EMAIL PROTECTED])? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
You have been discussing slightly changing the new log behavior, by adding some information to improve parsing by log analyzers, possible making the abbreivated log an option feature for Mid mode, etc. That has been done (for 1.77i12). The Msg Failed lines now only appear in LOGLEVEL HIGH; at LOGLEVEL LOW there will be one line summary of all the tests that failed and the actions used for each. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisted?
Well I'm not sure how I missed this ... but here's the *rest* of the header info: ... X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. Now what do I do? Have you reported it yet? The Habeas headers are a legal means of whitelisting E-mail. In this case, a spam illegally used the Habeas headers -- something that the people that are behind Habeas have been waiting years for. Now is the true test of Habeas -- if they go after the spammer and successfully sue them, it will (hopefully) discourage other spammers from violating the legal rights of the Habeas headers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
Sorry - according to my records I was running 1.77i12 when I reported this behavior. And I was running LogLevel MID. The concern was, that the new, condensed format would break log analyzers and, some authors suggested that your one line summmary should start with a special string constant so that they could easily detect it. I'm confused as to what changes you made after 1.77i12 to Loglevel MID as your answer refers to HIGH and LOW and leaves out MID? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 12, 2004 09:02 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP You have been discussing slightly changing the new log behavior, by adding some information to improve parsing by log analyzers, possible making the abbreivated log an option feature for Mid mode, etc. That has been done (for 1.77i12). The Msg Failed lines now only appear in LOGLEVEL HIGH; at LOGLEVEL LOW there will be one line summary of all the tests that failed and the actions used for each. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] WHITELIST HABEAS
Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. Larry Craddock --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisted?
Cool ... I'll report it right now. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 8:04 AM Subject: Re: [Declude.JunkMail] Whitelisted? Well I'm not sure how I missed this ... but here's the *rest* of the header info: ... X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. Now what do I do? Have you reported it yet? The Habeas headers are a legal means of whitelisting E-mail. In this case, a spam illegally used the Habeas headers -- something that the people that are behind Habeas have been waiting years for. Now is the true test of Habeas -- if they go after the spammer and successfully sue them, it will (hopefully) discourage other spammers from violating the legal rights of the Habeas headers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
Sorry - according to my records I was running 1.77i12 when I reported this behavior. And I was running LogLevel MID. The concern was, that the new, condensed format would break log analyzers and, some authors suggested that your one line summmary should start with a special string constant so that they could easily detect it. That has been done. I'm confused as to what changes you made after 1.77i12 to Loglevel MID as your answer refers to HIGH and LOW and leaves out MID? MID was never involved. The *ONLY* changes that were made were [1] To move the Msg failed logging from LOGLEVEL LOW to LOGLEVEL HIGH, and [2] To add a one-line summary to LOGLEVEL LOW. No other changes were made. LOGLEVEL MID is not involved (except that it will also get the one-line summary, as it incorporates everything from LOGLEVEL LOW). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. That's kind of like asking if you should move your store to another town, since the store next to yours was robbed yesterday, and a lot of people in your town drive over the speed limit. Moving out of town would be a very bad business move without further information. One of the key pieces of information would be how the police handle the situation. If they catch the criminal the next day and punish him in a way that is fair but discourages other criminals from robbing stores, would you really want to leave? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
At 09:23 AM 1/12/2004, R. Scott Perry wrote: The *ONLY* changes that were made were [1] To move the Msg failed logging from LOGLEVEL LOW to LOGLEVEL HIGH, and [2] To add a one-line summary to LOGLEVEL LOW. No other changes were made. LOGLEVEL MID is not involved (except that it will also get the one-line summary, as it incorporates everything from LOGLEVEL LOW). I think I heard mention at one time for there to be a line added to the LOGLEVEL LOW for the total weight of the message. As anymore thought gone into this? -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
Scott: My config file reads (and always had): LOGFILE D:\imail\spool\dec.log LOGLEVELMID LOG_OK NONE That lead me to assume that I was running LogLevel MID. On January 7, I reported a problem with the log files after upgrading to version i12. See the enclosed log snippet - it clearly shows **NO** MSG FAILED lines: 01/07/2004 22:38:15 Qd09f0962016aa312 BADHEADERS:5 REVDNS:5 SPAMHEADERS:3 HEUR10:4 . Total weight = 17. 01/07/2004 22:38:15 Qd09f0962016aa312 Subject: He complimented my butt then slowly pushed his prick in me 01/07/2004 22:38:15 Qd09f0962016aa312 From: [EMAIL PROTECTED] To: [protected] IP: 63.215.141.33 ID: 01/07/2004 22:38:15 Qd09f0962016aa312 BADHEADERS=WARN REVDNS=WARN SPAMHEADERS=WARN HEUR10=IGNORE WEIGHT10=SUBJECT Upon returning to i8, the MSG FAILED lines returned. At the time you responded affirmatively that this behavior would need to be looked at as it would break log analyzers. Can you please reconcile the above facts with your new claim: MID was never involved. ... The *ONLY* changes that were made were [1] To move the Msg failed logging from LOGLEVEL LOW to LOGLEVEL HIGH, and [2] To add a one-line summary to LOGLEVEL LOW. No other changes were made. LOGLEVEL MID is not involved Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
But Scott, do you leave your front door unlocked if there is a bugler actively on the lose? Could you move this from whitelisting to weighting in order to help protect from such things for non-Pro users? That might make a lot of sense. This is just some header code, and that's all it takes. Matt R. Scott Perry wrote: Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. That's kind of like asking if you should move your store to another town, since the store next to yours was robbed yesterday, and a lot of people in your town drive over the speed limit. Moving out of town would be a very bad business move without further information. One of the key pieces of information would be how the police handle the situation. If they catch the criminal the next day and punish him in a way that is fair but discourages other criminals from robbing stores, would you really want to leave? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
It's unsafe to whitelist in general unless you have control over what is sending, or a good relationship with the sender. Habeas is totally not that. This should be a weighted test instead of something that gets whitelisted. Maybe Scott could move this to the same type functionality used in technical tests, where you can apply weights. Other have been using JunkMail Pro with filters to deduct points for a headers search. Personally, I have turned all of that off, and it's most definitely being abused right now. Matt Larry Craddock wrote: Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. Larry Craddock --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
I think I heard mention at one time for there to be a line added to the LOGLEVEL LOW for the total weight of the message. As anymore thought gone into this? Yes, the one-line summary is going to start with Tests failed [weight=WEIGHT]: . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Logging Behavior
the one-line summary is going to start with Tests failed [weight=WEIGHT]: Thanks. That's what I was hoping/waiting for. If I interpret correctly, this is NOT yet available. (That's fine, just wanted to make sure that I was not behind.) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisted?
At 06:04 AM 1/12/2004, R. Scott Perry wrote: The Habeas headers are a legal means of whitelisting E-mail. In this case, a spam illegally used the Habeas headers -- something that the people that are behind Habeas have been waiting years for. Now is the true test of Habeas -- if they go after the spammer and successfully sue them, it will (hopefully) discourage other spammers from violating the legal rights of the Habeas headers. Coincidentally, I received a similar spam yesterday. The message originated in Queensland from what I can tell from the IP address, was sent through Amsterdam and the body has links to a volume mailer in Phoenix, AZ. It had the Habeas headers so I reported them. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
I've turned it off temporarily due to the storm of HABEAS-certified spam this weekend. Hopefully, we will something from Habeas about what caused the problem and what they are doing about it. -Dave Doherty Skywaves, Inc. - Original Message - From: Larry Craddock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:12 AM Subject: [Declude.JunkMail] WHITELIST HABEAS Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. Larry Craddock --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
Good point and I do agree with one minor counter point ... we have little to no feedback about how *the police are handling the situation.* I reported the incident to Habeas and here's a snippet from their response: [Please know that at Habeas we take the use of our trademark in spam very seriously, and that while we cannot report back to you directly and individually on the disposition of each submission, know that we will investigate and follow this through to a satisfactory conclusion - either the responsible party ceasing their infringing action, their being appropriately dealt with by their service provider, or, failing any satisfactory remedial action, listing in our Habeas Infringers List.] Larry - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 8:26 AM Subject: Re: [Declude.JunkMail] WHITELIST HABEAS Moving out of town would be a very bad business move without further information. One of the key pieces of information would be how the police handle the situation. If they catch the criminal the next day and punish him in a way that is fair but discourages other criminals from robbing stores, would you really want to leave? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SpamD/SpamC for Declude
I'm trying to get this set up on a couple of test machines. It appears as if I have spamd up and running successfully. I can telnet to the ip address of the spamd server on port 783, and I see the message logged by spamd on the console. However, when I go to run spamc from a machine, it never connects. It just shows Loading... and then nothing. Any ideas. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
Could you move this from whitelisting to weighting in order to help protect from such things for non-Pro users? That might make a lot of sense. This is just some header code, and that's all it takes. You can use: HABEAS habeas x x -5 0 in the global.cfg file to accomplish this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
My config file reads (and always had): LOGLEVELMID LOG_OK NONE That lead me to assume that I was running LogLevel MID. Correct (minus the OK messages). On January 7, I reported a problem with the log files after upgrading to version i12. See the enclosed log snippet - it clearly shows **NO** MSG FAILED lines: Correct. That is what I meant by To move the Msg failed logging from LOGLEVEL LOW to LOGLEVEL HIGH. In the past, they would appear at LOGLEVEL LOW or higher (LOW, MID, HIGH, DEBUG). Now, they will only appear at LOGLEVEL HIGH or higher (HIGH or DEBUG). Upon returning to i8, the MSG FAILED lines returned. At the time you responded affirmatively that this behavior would need to be looked at as it would break log analyzers. No decision has been made yet as to how to handle the logging of the warning messages. Can you please reconcile the above facts with your new claim: MID was never involved. ... I think you're getting confused here. Yes, the log file entries that appear when using LOGLEVEL MID will indeed change. That is because any change to the log file entries that moves something from LOW to HIGH will remove it from MID (and vice-versa). Remember that there are many logging levels (ERROR, WARN, LOW, MID, HIGH, DEBUG), but each level includes every log file entry from the one before it. So DEBUG will get every single log file entry, HIGH will get all except what is in DEBUG, MID will get everything except HIGH and DEBUG entries, and so forth. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
on 1/12/04 9:59 AM, Larry Craddock wrote: Good point and I do agree with one minor counter point ... we have little to no feedback about how *the police are handling the situation. Plus how many spam messages will be whitelisted while the police investigate the incident and the courts go through all their motions (if it even gets that far)? We turned Habeas whitelisting off a long time ago. Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
Scott, Whatever happened to the feature where Declude spits out a million dollars? Eagerly waiting, but getting frustrated. Matt :) R. Scott Perry wrote: Could you move this from whitelisting to weighting in order to help protect from such things for non-Pro users? That might make a lot of sense. This is just some header code, and that's all it takes. You can use: HABEAS habeas x x -5 0 in the global.cfg file to accomplish this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
At 10:02 AM 1/12/2004, Russ Uhte \(Lists\) wrote: I'm trying to get this set up on a couple of test machines. It appears as if I have spamd up and running successfully. I can telnet to the ip address of the spamd server on port 783, and I see the message logged by spamd on the console. However, when I go to run spamc from a machine, it never connects. It just shows Loading... and then nothing. Any ideas. Okay... forget this question... RTFM... Now the important question... for those of you using this, what percentage of your hold weight are you giving this test? Do most of you install SpamD on your mail server, or do you use the TCP/IP feature of SpamC? Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Log Changes
Hi Scott: Thanks for your patience in explaining that. I know understand that your absolute statement No other changes were made. LOGLEVEL MID is not involved should have been read by me as: Even though no EXPLICIT changes to MID level logging were made, LOGLEVEL MID was changed implicitly by inheriting all changes made to LOGLEVEL LOW Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 12, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP My config file reads (and always had): LOGLEVELMID LOG_OK NONE That lead me to assume that I was running LogLevel MID. Correct (minus the OK messages). On January 7, I reported a problem with the log files after upgrading to version i12. See the enclosed log snippet - it clearly shows **NO** MSG FAILED lines: Correct. That is what I meant by To move the Msg failed logging from LOGLEVEL LOW to LOGLEVEL HIGH. In the past, they would appear at LOGLEVEL LOW or higher (LOW, MID, HIGH, DEBUG). Now, they will only appear at LOGLEVEL HIGH or higher (HIGH or DEBUG). Upon returning to i8, the MSG FAILED lines returned. At the time you responded affirmatively that this behavior would need to be looked at as it would break log analyzers. No decision has been made yet as to how to handle the logging of the warning messages. Can you please reconcile the above facts with your new claim: MID was never involved. ... Hi I think you're getting confused here. Yes, the log file entries that appear when using LOGLEVEL MID will indeed change. That is because any change to the log file entries that moves something from LOW to HIGH will remove it from MID (and vice-versa). Remember that there are many logging levels (ERROR, WARN, LOW, MID, HIGH, DEBUG), but each level includes every log file entry from the one before it. So DEBUG will get every single log file entry, HIGH will get all except what is in DEBUG, MID will get everything except HIGH and DEBUG entries, and so forth. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
Hi Russ, I have it set for 8. I hold on 10 delete on 30. It runs on my mailserver. In local.cf I have required_hits 3.00 -Nick Hayer Date sent: Mon, 12 Jan 2004 10:55:47 -0500 To: [EMAIL PROTECTED] From: Russ Uhte \(Lists\) [EMAIL PROTECTED] Subject:Re: [Declude.JunkMail] SpamD/SpamC for Declude Send reply to: [EMAIL PROTECTED] At 10:02 AM 1/12/2004, Russ Uhte \(Lists\) wrote: I'm trying to get this set up on a couple of test machines. It appears as if I have spamd up and running successfully. I can telnet to the ip address of the spamd server on port 783, and I see the message logged by spamd on the console. However, when I go to run spamc from a machine, it never connects. It just shows Loading... and then nothing. Any ideas. Okay... forget this question... RTFM... Now the important question... for those of you using this, what percentage of your hold weight are you giving this test? Do most of you install SpamD on your mail server, or do you use the TCP/IP feature of SpamC? Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
At 11:10 AM 1/12/2004, Nick Hayer wrote: Hi Russ, I have it set for 8. I hold on 10 delete on 30. It runs on my mailserver. Awesome!! When you installed all the CPAN stuff, did you also install the HTML::parser? It told me when I went to make the spamassassin package, that it was missing. I just installed it, and all seems okay... -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bigpond
John, Looks like a spam house to me. http://www.senderbase.org/search?searchString=bigpond.com Block by IP. Google shows that they've used different domains from these blocks, and the REVDNS entry could be gone tomorrow. Use Scott's CIDR tool if you are uncertain about the ranges. Dig through surrounding blocks with reverse DNS to see if there are even larger blocks present. Lastly, report your findings to the board :) Matt John Tolmachoff (Lists) wrote: Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WHITELIST HABEAS
Declude sure is a Swiss Army Knife... I want to see Habeas succeed, and I think that misuse of their warrant by a spammer through zombies is going to be a real test for them. Their business model is built around suing a SpamHaus or a misbehaved mailing house (like Topica, to pick something at random). Here's what I do: I use their ip4r test to catch mail from any mail host that Habeas has indicated is a problem: HIL ip4r hil.habeas.com 127.0.0.2 40 0 And to proceed with finding their warrant in the header, reward it, and log it, I have: MYHABEAS filter C:\IMail\Declude\MyHabeas.txt x 0 0 which contains: REVDNS END ENDSWITH .habeas.com HEADERS -10 CONTAINS X-Habeas-SWE-3: like Habeas SWE (tm) The reason for the first line in the filter file is that I'm not interested in logging e-mail from Habeas.com that contains their own warrant. Now I can search my log for MYHABEAS to find the good guys and bad guys. And then report the original email from the bad guys to Habeas. What I'm finding is that the bad guys are scoring quite high and that the Habeas counterweight is having relatively little effect on their score. And for the legitimate bulk mailers that are using the warrant, none are scoring high enough to be held in my configuration. So YOU, gentle reader, might find that simply not using any Habeas counterweighting will work for you just fine. Andrew 8) -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 7:11 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] WHITELIST HABEAS Could you move this from whitelisting to weighting in order to help protect from such things for non-Pro users? That might make a lot of sense. This is just some header code, and that's all it takes. You can use: HABEAS habeas x x -5 0 in the global.cfg file to accomplish this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS and Google
I am considering adding google.com to SPAMDOMAINS, as I see a number of spam with a from address of @google.com. Can I safely assume that any legit message from Google will be from a google.com server? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bigpond
Let me correct something. BigPond.com isn't a spam house, they are a DSL provider in Australia. They however have a large number of mail servers that consistently relay spam. It's almost like they are hosting spammers, and have them relay through their own servers instead of direct delivery. There's a ton of it. I'm not sure what to do about this situation. Maybe someone else has some ideas. Matt Matt wrote: John, Looks like a spam house to me. http://www.senderbase.org/search?searchString=bigpond.com Block by IP. Google shows that they've used different domains from these blocks, and the REVDNS entry could be gone tomorrow. Use Scott's CIDR tool if you are uncertain about the ranges. Dig through surrounding blocks with reverse DNS to see if there are even larger blocks present. Lastly, report your findings to the board :) Matt John Tolmachoff (Lists) wrote: Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bigpond
Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? I believe that they are a large ISP in Australia -- we have two samples of legitimate E-mails with @bigpond.com return addresses. I think they should be treated like large U.S. cable/DSL providers. You may get legitimate mail from their mailservers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] SpamD/SpamC for Declude
Okay... forget this question... RTFM... Wow, and here I thought I was still working on the manual. :) Now the important question... for those of you using this, what percentage of your hold weight are you giving this test? Thus far, 80/120 and rising. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bigpond
I was just going to say, almost all of those IP addresses are from the same ISP in Australia. If we want to play hardball, block all the IPs, and then the ISP will have to take action. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 12, 2004 9:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bigpond Let me correct something. BigPond.com isn't a spam house, they are a DSL provider in Australia. They however have a large number of mail servers that consistently relay spam. It's almost like they are hosting spammers, and have them relay through their own servers instead of direct delivery. There's a ton of it. I'm not sure what to do about this situation. Maybe someone else has some ideas. Matt Matt wrote: John, Looks like a spam house to me. http://www.senderbase.org/search?searchString=bigpond.com Block by IP. Google shows that they've used different domains from these blocks, and the REVDNS entry could be gone tomorrow. Use Scott's CIDR tool if you are uncertain about the ranges. Dig through surrounding blocks with reverse DNS to see if there are even larger blocks present. Lastly, report your findings to the board :) Matt John Tolmachoff (Lists) wrote: Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
Awesome!! When you installed all the CPAN stuff, did you also install the HTML::parser? It told me when I went to make the spamassassin package, that it was missing. Yes - That was missing with me as well. I just installed it, and all seems okay... kool. So its workn? What do you think of its results? -Nick Hayer -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] SpamD/SpamC for Declude
At 12:39 PM 1/12/2004, Sanford Whiteman wrote: Okay... forget this question... RTFM... Wow, and here I thought I was still working on the manual. :) Yeah... not really the manual, but the spamd -? works too!! :) I just installed it on my server which is a pretty busy server. I think someone (you?) were looking for some performance stats, so here ya go. This server normally processes about 200,000 emails a day, running sniffer, most of the MailPure filters, and antivirus. Normally the processor utilization during peak times is right around 40-50% on a 1 minute average. Once I started the SpamD daemon and configured Declude to use SpamC, and disabled my filters, my processor utilization went straight to 100% and stayed there. I'm going to (hopefully) find a box to through FreeBSD on and install the SpamD engine on it. I'll let you know what I see. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bigpond
All the ones I saw did not have a @bigpond.com from address, only the REVDNS was big pond. For now, I have set REVDNS 15 ENDSWITH .bigpond.com. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 12, 2004 9:34 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bigpond Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? I believe that they are a large ISP in Australia -- we have two samples of legitimate E-mails with @bigpond.com return addresses. I think they should be treated like large U.S. cable/DSL providers. You may get legitimate mail from their mailservers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] SpamD/SpamC for Declude
This server normally processes about 200,000 emails a day, running sniffer, most of the MailPure filters, and antivirus. Normally the processor utilization during peak times is right around 40-50% on a 1 minute average. That's pretty high to start out. Try lowering the priority of Perl.exe to Low and see if the server stabilizes. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WHITELIST HABEAS
We're getting a LOT of spam with HABEAS headers, presumably because the spammers are using hijacked systems. We have had to turn off that feature. As long as systems can be hijacked, Habeas and SPF won't be worth very much. Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS trouble with Declude? / Best DNS Server for Windows?
Best bang for the buck: http://www.jhsoft.com/ And way too easy to setup.. ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of P C Sent: Monday, January 12, 2004 12:45 PM - FamHost To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] DNS trouble with Declude? / Best DNS Server for Windows? Could someone recommend the best (most stable) DNS Server for Windows 2000+? Or, can the Windows 2003 built in DNS Server handle traffic for a small ISP (3000 customers) plus Imail/Declude DNS-based spam database lookups and the occasional DDOS attack? Our current Linux DNS server (slackware) will often lock up on weekends, even after installing on completely new hardware. Perhaps we're doing something wrong; we only have one guy who is half way knowledgeable about Linux. So, if possible, it may be better for us to switch to a Windows 2000+ DNS if possible. Thank you, -PC --- ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS trouble with Declude? / Best DNS Server for Windows?
I use the windows based DNS server .. I have it set on its own machine. Then I have a machine for Imail/Declude, another machine for WWW, One for my accounting software, and a machine for NEWS total of 5 machines.. i run my secondary dns on the back of my accounting server. But I guess you would say we are smaller than what you have a small.. only 1500 customers. Bennie PepperLink - Original Message - From: P C [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 1:44 PM Subject: [Declude.JunkMail] DNS trouble with Declude? / Best DNS Server for Windows? Could someone recommend the best (most stable) DNS Server for Windows 2000+? Or, can the Windows 2003 built in DNS Server handle traffic for a small ISP (3000 customers) plus Imail/Declude DNS-based spam database lookups and the occasional DDOS attack? Our current Linux DNS server (slackware) will often lock up on weekends, even after installing on completely new hardware. Perhaps we're doing something wrong; we only have one guy who is half way knowledgeable about Linux. So, if possible, it may be better for us to switch to a Windows 2000+ DNS if possible. Thank you, -PC --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DNS trouble with Declude? / Best DNS Server for Windows?
Could someone recommend the best (most stable) DNS Server for Windows 2000+? Or, can the Windows 2003 built in DNS Server handle traffic for a small ISP (3000 customers) plus Imail/Declude DNS-based spam database lookups and the occasional DDOS attack? Our current Linux DNS server (slackware) will often lock up on weekends, even after installing on completely new hardware. Perhaps we're doing something wrong; we only have one guy who is half way knowledgeable about Linux. So, if possible, it may be better for us to switch to a Windows 2000+ DNS if possible. Thank you, -PC --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS trouble with Declude? / Best DNS Serv er for Windows?
Ditto for me on SimpleDNS Plus from JHSoft.com; I've used it on Windows XP and Windows Server 2000 without any issues, with cache sizes such that the memory used exceeded 200 MB. Quick enough, but a little slow to start and read in a large previous cache (this is optional). And the GUI is glacial if you want to browse a large, busy cache. The GUI is always fast if you're administering your own zones. The only downside I've ever found with it is that there is no way to force SDNSPlus to re-do a DNS query to refresh or delete a cached entry. A command line utility would be great for this, and I've suggested it to the developer. FWIW, my workaround is to create a new zone for which I am claiming to be authoritative, and create whatever entries I like. When the bad cached entries expire, I then delete my zone. I've also done the same thing to get to mail servers where the destination zone is mangled somehow, and IMail doesn't like them... like when they have two MX's but the primary is never available, or the primary address is mangled. On the other hand, if you want to keep going with the *nix based DNS, I would get away from the BIND based DNS servers and advise you to take a good look at: http://cr.yp.to/djbdns.html for a DNS server that is faster, lighter, and more robust than *those others*. Andrew 8) -Original Message- From: P C [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] DNS trouble with Declude? / Best DNS Server for Windows? Could someone recommend the best (most stable) DNS Server for Windows 2000+? Or, can the Windows 2003 built in DNS Server handle traffic for a small ISP (3000 customers) plus Imail/Declude DNS-based spam database lookups and the occasional DDOS attack? Our current Linux DNS server (slackware) will often lock up on weekends, even after installing on completely new hardware. Perhaps we're doing something wrong; we only have one guy who is half way knowledgeable about Linux. So, if possible, it may be better for us to switch to a Windows 2000+ DNS if possible. Thank you, -PC --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WHITELIST HABEAS
We have also turned off the HABEAS whitelist due to large amounts of spam. We are also added pharma court.biz to our body filter. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Keith Anderson Sent: Monday, January 12, 2004 10:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] WHITELIST HABEAS We're getting a LOT of spam with HABEAS headers, presumably because the spammers are using hijacked systems. We have had to turn off that feature. As long as systems can be hijacked, Habeas and SPF won't be worth very much. Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] SpamD/SpamC for Declude
At 01:23 PM 1/12/2004, Sanford Whiteman wrote: This server normally processes about 200,000 emails a day, running sniffer, most of the MailPure filters, and antivirus. Normally the processor utilization during peak times is right around 40-50% on a 1 minute average. That's pretty high to start out. Try lowering the priority of Perl.exe to Low and see if the server stabilizes. I guess that was a noble try... but it didn't work. I'm going to try to separate the spamd/spamc processes and see how that goes. I know this server is grossly underpowered for what I'm trying to do, but I inherited it this way, and I don't think I'm gonna get to buy a new one here anytime soon. The person before didn't understand how to spec out a mailserver. On a related note, does anyone know if there is any performance gain in having Junkmail or Virus running first? We currently scan for JunkMail first just to get an accurate count of the spam we receive. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] SpamD/SpamC for Declude
I guess that was a noble try... but it didn't work. Well, it probably worked, just not enough. :) I'm going to try to separate the spamd/spamc processes and see how that goes. That will alleviate the utilization issue, for sure. Depending on the age of your server, you should think about adding an additional processor. I find that that's one fun part about running mail on old boxes with new disks: as it gives you ability to scale up processing on the cheap as needed, while still giving peak performance for disk-starved tasks. A lot of people inadvertently err on the side of processor power by buying new boxes and ignoring DASD optimization. I know this server is grossly underpowered for what I'm trying to do, but I inherited it this way, and I don't think I'm gonna get to buy a new one here anytime soon. The person before didn't understand how to spec out a mailserver. Gotcha. One thing you should know about that I'm building into SPAMC32 right now is a SKIPIFWEIGHT option that will return 0 immediately if a (Declude) weight has already been exceeded, thus saving processing for way out-of-range spam. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS trouble with Declude? / Best DNS Server for Windows?
I have used the Win2000 DNS server happily for quite some time. We host about 500 websites and 4000 mailboxes. We average about 25 DNS requests per second and peak around 200. We do not provide access, only server-based services. I write all the zone files by hand. I find it quicker and easier than using the built-in DNS manager. -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
any news on this matter? The issue with 1.77i12 and the bypasswhitelist option has been fixed in v1.77i15 at http://www.declude.com/interim . So if a user sends an E-mail with one recipient that is an alias that expands to 5 addresses, the bypasswhitelist option will only count it as one recipient. 1.77i15 also changes the new LOGLEVEL LOW one-line summary log file entry to include the weight, and start with Tests failed [weight=WEIGHT]: . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
Russ, I'm not sure what actions will result in bypassing Declude Virus, but HOLD and DELETE surely do. Since over 80% of E-mail is spam on the typical system, that should save you a great deal over processing everything with Virus, though JunkMail is where most of the processing goes when you are running custom filters. I'm not sure if you have upgraded to 1.77i7+ yet, but the SKIPIFWEIGHT, MAXWEIGHT and END functionality was a huge savings for my server. Even re-ordering your custom filters to put the bigger hogs with the least impact and rarest hits at the bottom was a big help with SKIPIFWEIGHT. Probably more than 80% of my spam never hits a custom filter, and 97% of my spam never hits every filter file. I just upgraded to IMail 8 and am using WHITELIST AUTH and PREWHITELIST ON, and that also saves on processing. I'm nowhere near your utilization, but I hate to ever see my processors pegged due to the fact that the machine currently performs many tasks besides E-mail. Matt Russ Uhte (Lists) wrote: At 01:23 PM 1/12/2004, Sanford Whiteman wrote: This server normally processes about 200,000 emails a day, running sniffer, most of the MailPure filters, and antivirus. Normally the processor utilization during peak times is right around 40-50% on a 1 minute average. That's pretty high to start out. Try lowering the priority of Perl.exe to Low and see if the server stabilizes. I guess that was a noble try... but it didn't work. I'm going to try to separate the spamd/spamc processes and see how that goes. I know this server is grossly underpowered for what I'm trying to do, but I inherited it this way, and I don't think I'm gonna get to buy a new one here anytime soon. The person before didn't understand how to spec out a mailserver. On a related note, does anyone know if there is any performance gain in having Junkmail or Virus running first? We currently scan for JunkMail first just to get an accurate count of the spam we receive. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bigpond
Hi, I suspect they most certainly will - legal action that is. Bigpond is 51% Australian Government owned and the rest is listed on the sharemarket. They are Australia's largest internet provider capturing over 70% of the market. They have a monopoly via Telstra - Australia's largest telephone company. They have a similar attitude to Microsoft - sue first and negotiate later. _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Tuesday, 13 January 2004 04:47 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond I was just going to say, almost all of those IP addresses are from the same ISP in Australia. If we want to play hardball, block all the IPs, and then the ISP will have to take action. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 12, 2004 9:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bigpond Let me correct something. BigPond.com isn't a spam house, they are a DSL provider in Australia. They however have a large number of mail servers that consistently relay spam. It's almost like they are hosting spammers, and have them relay through their own servers instead of direct delivery. There's a ton of it. I'm not sure what to do about this situation. Maybe someone else has some ideas. Matt Matt wrote: John, Looks like a spam house to me. http://www.senderbase.org/search?searchString=bigpond.com Block by IP. Google shows that they've used different domains from these blocks, and the REVDNS entry could be gone tomorrow. Use Scott's CIDR tool if you are uncertain about the ranges. Dig through surrounding blocks with reverse DNS to see if there are even larger blocks present. Lastly, report your findings to the board :) Matt John Tolmachoff (Lists) wrote: Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WHITELIST HABEAS
I have not seen any spam with HABEAS headers UNTIL I viewed some messages caught by Declude Virus because of the Outlook 'CR' Vulnerability. I am forwarding these to the site. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, January 12, 2004 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] WHITELIST HABEAS We have also turned off the HABEAS whitelist due to large amounts of spam. We are also added pharma court.biz to our body filter. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Keith Anderson Sent: Monday, January 12, 2004 10:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] WHITELIST HABEAS We're getting a LOT of spam with HABEAS headers, presumably because the spammers are using hijacked systems. We have had to turn off that feature. As long as systems can be hijacked, Habeas and SPF won't be worth very much. Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MyMailers.net
Any comments, good or bad? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bigpond
Then they better clean up their act and take are hardball stance on all spam flowing through their servers. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Glen Harvy Sent: Monday, January 12, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond Importance: High Hi, I suspect they most certainly will - legal action that is. Bigpond is 51% Australian Government owned and the rest is listed on the sharemarket. They are Australia's largest internet provider capturing over 70% of the market. They have a monopoly via Telstra - Australia's largest telephone company. They have a similar attitude to Microsoft - sue first and negotiate later. _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Tuesday, 13 January 2004 04:47 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond I was just going to say, almost all of those IP addresses are from the same ISP in Australia. If we want to play hardball, block all the IPs, and then the ISP will have to take action. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 12, 2004 9:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bigpond Let me correct something. BigPond.com isn't a spam house, they are a DSL provider in Australia. They however have a large number of mail servers that consistently relay spam. It's almost like they are hosting spammers, and have them relay through their own servers instead of direct delivery. There's a ton of it. I'm not sure what to do about this situation. Maybe someone else has some ideas. Matt Matt wrote: John, Looks like a spam house to me. http://www.senderbase.org/search?searchString=bigpond.com Block by IP. Google shows that they've used different domains from these blocks, and the REVDNS entry could be gone tomorrow. Use Scott's CIDR tool if you are uncertain about the ranges. Dig through surrounding blocks with reverse DNS to see if there are even larger blocks present. Lastly, report your findings to the board :) Matt John Tolmachoff (Lists) wrote: Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Log Issues
Hi Scott: Just in case this is an indication of a problem somewhere, here a two abnormalities (possibly related to white listing) A) Weight changed between first line (3) and last line (0) of log? 01/12/2004 17:39:05 Q21ff107901f265c0 DSBLMULTI:3 . Total weight = 3. 01/12/2004 17:39:05 Q21ff107901f265c0 NOT bypassing whitelisting of E-mail with weight =20 (3) and at least 1 recipients (1). 01/12/2004 17:39:05 Q21ff107901f265c0 NOT bypassing whitelisting of E-mail with weight =15 (3) and at least 4 recipients (1). 01/12/2004 17:39:05 Q21ff107901f265c0 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED] 01/12/2004 17:39:05 Q21ff107901f265c0 Subject: from sandy 01/12/2004 17:39:05 Q21ff107901f265c0 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 65.32.5.134 ID: i0CMcru7003910 01/12/2004 17:39:05 Q21ff107901f265c0 Tests failed [weight=0]: B) Email without the TEST1:n TEST2:n TESTm:n . Total Weight = nn line at the beginning but with weight=0 at bottom: 01/12/2004 17:40:45 Q226a2e6500bc05c4 Tests failed [weight=5]: REVDNS=ALERT WEIGHTHDR=WARN WEIGHTFOOTER=FOOTER 01/12/2004 17:40:55 Q226b2eb1017c0bfd NOT bypassing whitelisting of E-mail with weight =20 (0) and at least 1 recipients (1). 01/12/2004 17:40:55 Q226b2eb1017c0bfd NOT bypassing whitelisting of E-mail with weight =15 (0) and at least 4 recipients (1). 01/12/2004 17:40:55 Q226b2eb1017c0bfd Subject: Paintball Guns and Supplies 01/12/2004 17:40:55 Q226b2eb1017c0bfd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 63.170.102.99 ID: 01/12/2004 17:40:55 Q226b2eb1017c0bfd Tests failed [weight=0]: Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 12, 2004 05:28 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP any news on this matter? The issue with 1.77i12 and the bypasswhitelist option has been fixed in v1.77i15 at http://www.declude.com/interim . So if a user sends an E-mail with one recipient that is an alias that expands to 5 addresses, the bypasswhitelist option will only count it as one recipient. 1.77i15 also changes the new LOGLEVEL LOW one-line summary log file entry to include the weight, and start with Tests failed [weight=WEIGHT]: . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELIST HABEAS
I also found some today, held by Virus. Dunno if there have been others that did get through. Glenn Z. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 5:42 PM Subject: RE: [Declude.JunkMail] WHITELIST HABEAS I have not seen any spam with HABEAS headers UNTIL I viewed some messages caught by Declude Virus because of the Outlook 'CR' Vulnerability. I am forwarding these to the site. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, January 12, 2004 12:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] WHITELIST HABEAS We have also turned off the HABEAS whitelist due to large amounts of spam. We are also added pharma court.biz to our body filter. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Keith Anderson Sent: Monday, January 12, 2004 10:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] WHITELIST HABEAS We're getting a LOT of spam with HABEAS headers, presumably because the spammers are using hijacked systems. We have had to turn off that feature. As long as systems can be hijacked, Habeas and SPF won't be worth very much. Do most people use WHITELIST HABEAS? I'm thinking of turning this off since the large majority of spammers have already demonstrated their willingness to ignore the legality of their activities. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Log Issues
A) Weight changed between first line (3) and last line (0) of log? That one is correct: 01/12/2004 17:39:05 Q21ff107901f265c0 DSBLMULTI:3 . Total weight = 3. 01/12/2004 17:39:05 Q21ff107901f265c0 NOT bypassing whitelisting of E-mail with weight =20 (3) and at least 1 recipients (1). 01/12/2004 17:39:05 Q21ff107901f265c0 NOT bypassing whitelisting of E-mail with weight =15 (3) and at least 4 recipients (1). The weight is 3 here, but: 01/12/2004 17:39:05 Q21ff107901f265c0 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED] The E-mail is whitelisted, so it goes down to 0. B) Email without the TEST1:n TEST2:n TESTm:n . Total Weight = nn line at the beginning but with weight=0 at bottom: 01/12/2004 17:40:45 Q226a2e6500bc05c4 Tests failed [weight=5]: REVDNS=ALERT WEIGHTHDR=WARN WEIGHTFOOTER=FOOTER 01/12/2004 17:40:55 Q226b2eb1017c0bfd Subject: Paintball Guns and Supplies 01/12/2004 17:40:55 Q226b2eb1017c0bfd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 63.170.102.99 ID: 01/12/2004 17:40:55 Q226b2eb1017c0bfd Tests failed [weight=0]: Are you still using LOGLEVEL MID? The TESTNAME:weight line should appear at LOGLEVEL MID or higher for every E-mail processed by Declude JunkMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Log Issues
Yes, I'm still using LogLevel=MID. Never changed it - unless someone tells me that LOW or HIGH are more appopriate. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 12, 2004 08:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 1.77i15 Log Issues A) Weight changed between first line (3) and last line (0) of log? That one is correct: 01/12/2004 17:39:05 Q21ff107901f265c0 DSBLMULTI:3 . Total weight = 3. 01/12/2004 17:39:05 Q21ff107901f265c0 NOT bypassing whitelisting of E-mail with weight =20 (3) and at least 1 recipients (1). 01/12/2004 17:39:05 Q21ff107901f265c0 NOT bypassing whitelisting of E-mail with weight =15 (3) and at least 4 recipients (1). The weight is 3 here, but: 01/12/2004 17:39:05 Q21ff107901f265c0 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED] The E-mail is whitelisted, so it goes down to 0. B) Email without the TEST1:n TEST2:n TESTm:n . Total Weight = nn line at the beginning but with weight=0 at bottom: 01/12/2004 17:40:45 Q226a2e6500bc05c4 Tests failed [weight=5]: REVDNS=ALERT WEIGHTHDR=WARN WEIGHTFOOTER=FOOTER 01/12/2004 17:40:55 Q226b2eb1017c0bfd Subject: Paintball Guns and Supplies 01/12/2004 17:40:55 Q226b2eb1017c0bfd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 63.170.102.99 ID: 01/12/2004 17:40:55 Q226b2eb1017c0bfd Tests failed [weight=0]: Are you still using LOGLEVEL MID? The TESTNAME:weight line should appear at LOGLEVEL MID or higher for every E-mail processed by Declude JunkMail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP
After upgrading from 1.77i12 to 1.77i17 I get this. 01/12/2004 18:39:34 Q303603930282ebed ERROR: nTests corrupted (1) 01/12/2004 18:39:35 Q303603930282ebed (Error 5 at 4234ac v1.77i15) 01/12/2004 18:39:35 Q303603930282ebed (log part 2 saved as C:\declude.gp2) 01/12/2004 18:39:35 Q303603930282ebed (log part 1 saved as C:\declude.gp1) 01/12/2004 18:40:00 Q304f0288029c4e8f ERROR: nTests corrupted (1) 01/12/2004 18:40:00 Q303803930282f265 ERROR: nTests corrupted (1 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 12, 2004 5:28 PM Subject: RE: [Declude.JunkMail] 1.77i12 Bug: Aliases Counted in BYPASSMULTIRECP any news on this matter? The issue with 1.77i12 and the bypasswhitelist option has been fixed in v1.77i15 at http://www.declude.com/interim . So if a user sends an E-mail with one recipient that is an alias that expands to 5 addresses, the bypasswhitelist option will only count it as one recipient. 1.77i15 also changes the new LOGLEVEL LOW one-line summary log file entry to include the weight, and start with Tests failed [weight=WEIGHT]: . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More 1.77i15 Log Issues
Hi Scott: Should the Tests Failed summary line be complete, e.g., should it replace every single Failed line that appears in the HIGH log mode? This way, log analyzers can simply parse the Tests Failed summary and learn about every test AND every action? If so, I believe there may be one issue. My Tests Failed line don't seem to itemize ANY negative test results, not even word filters. Could it be, that your Tests Failed is using the HIDETESTS definitions to suppress information? I believe that the LOG FILE should NOT process the HIDETESTS and should be complete. HIDETESTS should only be applied against information that is shown publicly (e.g., in headers, in bounce/warn messages, and the like). Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamassasin configs
Title: Message The spamassasin integration stuff is so cool. I wonder if anyone has had any problems with it. Anyone have anything that bit them in any options they tried? I'm running spamd on a linux box and it is using very little CPU. If anyone here is nervous about the install on a linux box feel free to email me. It's sooo simple to setup and to restrict only to certain IPs. Any good places to get filters or tips on the config file? This is my local.cf ... anyone think I made wrong choices or any problems? I'm doing 10 on the required hits because I hope not to have FPs by being so conservative even though some spam will get past. # SpamAssassin config file for version 2.5x# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01) # How many hits before a message is considered spam.required_hits 10.0 # Whether to change the subject of suspected spamrewrite_subject 0 # Text to prepend to subject if rewrite_subject is usedsubject_tag *SPAM* # Encapsulate spam in an attachmentreport_safe 1 # Use terse version of the spam reportuse_terse_report 0 # Enable the Bayes systemuse_bayes 1 # Enable Bayes auto-learningauto_learn 1 # Enable or disable network checksskip_rbl_checks 0 # Mail using languages used in these country codes will not be marked# as being possibly spam in a foreign language.ok_languages all # Mail using locales used in these country codes will not be marked# as being possibly spam in a foreign language.ok_locales all --Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc. Information Technology[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
RE: [Declude.JunkMail] Bigpond
ha ha ha send them an email at [EMAIL PROTECTED] and we'll all have a giggle :-) good luck and happy hunting. better still - just blacklist them and you'll wipe out 75% of all emails coming from down under :-) _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Tuesday, 13 January 2004 12:06 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond Then they better clean up their act and take are hardball stance on all spam flowing through their servers. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Glen Harvy Sent: Monday, January 12, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond Importance: High Hi, I suspect they most certainly will - legal action that is. Bigpond is 51% Australian Government owned and the rest is listed on the sharemarket. They are Australia's largest internet provider capturing over 70% of the market. They have a monopoly via Telstra - Australia's largest telephone company. They have a similar attitude to Microsoft - sue first and negotiate later. _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Tuesday, 13 January 2004 04:47 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond I was just going to say, almost all of those IP addresses are from the same ISP in Australia. If we want to play hardball, block all the IPs, and then the ISP will have to take action. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 12, 2004 9:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bigpond Let me correct something. BigPond.com isn't a spam house, they are a DSL provider in Australia. They however have a large number of mail servers that consistently relay spam. It's almost like they are hosting spammers, and have them relay through their own servers instead of direct delivery. There's a ton of it. I'm not sure what to do about this situation. Maybe someone else has some ideas. Matt Matt wrote: John, Looks like a spam house to me. http://www.senderbase.org/search?searchString=bigpond.com Block by IP. Google shows that they've used different domains from these blocks, and the REVDNS entry could be gone tomorrow. Use Scott's CIDR tool if you are uncertain about the ranges. Dig through surrounding blocks with reverse DNS to see if there are even larger blocks present. Lastly, report your findings to the board :) Matt John Tolmachoff (Lists) wrote: Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing