[Declude.JunkMail] New warning message

2004-02-06 Thread Bill Landry
Haven't seen this warning in the JM logs before:

Warning: Could not add warning [in] to M:\IMail\spool\Dadd51cb000ae39f6.SM$.

Is this one of those messages that IMail stole before Declude could finish
processing it?

Bill

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] New warning message

2004-02-06 Thread R. Scott Perry

Haven't seen this warning in the JM logs before:

Warning: Could not add warning [in] to M:\IMail\spool\Dadd51cb000ae39f6.SM$.

Is this one of those messages that IMail stole before Declude could finish
processing it?
That is a really strange one -- I don't believe that I have seen it before, 
either.

When Declude adds headers, alters the subject, etc., it will rename the 
D*.SMD file to D*.SM$, then create a new D*.SMD (with the alterations), 
alter the E-mail, and then delete the D*.SM$ file.

What is happening here is that Windows is letting Declude change the name 
from D*.SMD to D*.SM$.  But when it then goes to open it, Windows won't let it.

This shouldn't be an IMail issue, since it shouldn't even know that the 
D*.SM$ file exists.  Unfortunately, the exact cause is not know (whether 
the file was deleted, locked, etc.).  One possibility is that a backup 
program was running -- if it is set to lock files (which is normally not 
recommended), it could have caused this.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Joe Wolf
I'm glad that I'm not the only one with these problems!  Not that I like
having the problem, but I thought there must be some kind of undetectable
Trojan on my system letting the spammers know when I add a domain or user.
Misery like company I guess.

I did happen to talk to DigiHost yesterday and was told that they don't have
any real spam filter, but they do have something in place that prevents
dictionary attacks.  I'm NOT an expert in this field but he was saying that
they only allow 10 attempts so the dictionary attacks don't work.  Is there
a way to make JunkMail do such a thing?  (I really don't even know what I'm
asking about here, but hopefully someone else will).

-Joe

- Original Message - 
From: Richard Farris [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 05, 2004 12:27 PM
Subject: Re: [Declude.JunkMail] How do they do it?


 I had the exact same thing happen to me about 5 months ago..we moved our
 servers to a new location and changed IPs on everything...the spam filter
 broke because I needed a new key for it to work..it was only down about 24
 hrs...and I got bombarded during those hours..but I have been fighting
spam
 more aggressively ever since...and my customers noticed a big change
also..
 My upline provider offered to put their spam filter (Sublinme) in front of
 mine and all that seemed to do is put less work on my server but the spam
is
 still worse than before I made the move...and all that changed were the
 IPs..same Declude...same Sortmonster...same everything...I have been
racking
 my brain ever since to figure out why?

 Richard Farris
 Ethixs Online
 1.270.247. Office
 1.800.548.3877 Tech Support

 - Original Message - 
 From: R. Scott Perry [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, February 05, 2004 9:16 AM
 Subject: Re: [Declude.JunkMail] How do they do it?


 
  I've had two cases recently where I had hosting customers move their
 email
  services to my Imail/Declude box.  Both moved from a national hosting
  company and had no spam protection of any kind on their services.  Both
  complained within a week of the move that they're getting bombarded by
 spam.
  Both claim that they didn't receive much spam on their old host.  One
had
 a
  mail archive that I was able to look at and there really wan't much in
 the
  way of spam in there.
 
  The only thing that I can think of is that the spammers have access to
the
  zone files (which list all the domains in a TLD and their NS records),
and
  are looking for changes in the NS records, and targeting those domains.
 
  Are the spams going to valid user accounts?  Is this a dictionary
  attack?  My guess is that the hosting company was indeed filtering spam.
 
  How is it that these spammers are hitting these domains when they move
to
 my
  box?  I have JunkMail pretty well configured (I think) and they still
get
  more spam than they did before the move.  Doesn't make sense to me.
 
  Could you send me the full headers of several spams that are getting
  through?  I may be able to get a better idea of what is happening.
 
  -Scott
  ---
  Declude JunkMail: The advanced anti-spam solution for IMail mailservers
  since 2000.
  Declude Virus: Catches known viruses and is the leader in mailserver
  vulnerability detection.
  Find out what you've been missing: Ask for a free 30-day evaluation.
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Kami Razvan
I did happen to talk to DigiHost yesterday and was told that they don't
have any real spam filter, but they do have something in place that prevents
dictionary attacks.

Joe..

Check the archives on the topic of Dictionary attacks.. It has been covered
in detail many times.

One product that people have talked highly of has been Blackice for blocking
dictionary attacks.

Regards,
Kami 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] New warning message

2004-02-06 Thread Bill Landry
- Original Message - 
From: R. Scott Perry [EMAIL PROTECTED]

 Haven't seen this warning in the JM logs before:
 
 Warning: Could not add warning [in] to
M:\IMail\spool\Dadd51cb000ae39f6.SM$.
 
 Is this one of those messages that IMail stole before Declude could
finish
 processing it?

 That is a really strange one -- I don't believe that I have seen it
before,
 either.

 When Declude adds headers, alters the subject, etc., it will rename the
 D*.SMD file to D*.SM$, then create a new D*.SMD (with the alterations),
 alter the E-mail, and then delete the D*.SM$ file.

 What is happening here is that Windows is letting Declude change the name
 from D*.SMD to D*.SM$.  But when it then goes to open it, Windows won't
let it.

 This shouldn't be an IMail issue, since it shouldn't even know that the
 D*.SM$ file exists.  Unfortunately, the exact cause is not know (whether
 the file was deleted, locked, etc.).  One possibility is that a backup
 program was running -- if it is set to lock files (which is normally not
 recommended), it could have caused this.

Because of the time-frame (12:56:46), we would not have been doing any
back-ups.  Oh well, I will keep an eye out for any more of these, but I
suspect it was just an anomaly...

Bill

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Analyzing logs

2004-02-06 Thread Katie La Salle-Lowery
Title: Message



Hi there, 


I think I've seen 
reference to a means before by which one can analyze the Junkmail logs to see 
which rules or DNSBL's are being most effective. However, I can't find it 
again now. The Junkmail config I have on our Imail server is working 
well. I've been asked to config Symantec Antispam for SMTP on an Exchange 
server. No DNSBL's are currently being used. I'd like to see which 
ones are catching the most in my Declude Junkmail config as I am limited in how 
many I can use on the Symantec Antivirus product. 

Thanks, 

Katie



Re: [Declude.JunkMail] Analyzing logs

2004-02-06 Thread R. Scott Perry

I think I've seen reference to a means before by which one can analyze the 
Junkmail logs to see which rules or DNSBL's are being most 
effective.  However, I can't find it again now.  The Junkmail config I 
have on our Imail server is working well.  I've been asked to config 
Symantec Antispam for SMTP on an Exchange server.  No DNSBL's are 
currently being used.  I'd like to see which ones are catching the most in 
my Declude Junkmail config as I am limited in how many I can use on the 
Symantec Antivirus product.
If you go to http://www.declude.com/tools you should be able to find 
something there that meets your needs.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Jeff Kratka
For a firewall, would the regular version of Blackice work ok or is the
Server version needed.


Jeff Kratka
*
TymeWyse Internet
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel/fax: (541) 839-6027  -  [EMAIL PROTECTED]
*


One product that people have talked highly of has been Blackice for blocking
dictionary attacks.

Regards,
Kami

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Rick Klinge
Server version:

http://blackice.iss.net/product_server_protection.php

~Rick

 
 For a firewall, would the regular version of Blackice work ok 
 or is the Server version needed.
 
 
 

___
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread R. Scott Perry

For a firewall, would the regular version of Blackice work ok or is the
Server version needed.
My understanding is that BlackIce Server is the one that is required to 
help with dictionary attacks (since it deals with malicious inbound mail 
connections, which normally are not a problem with individual users).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Jeff Kratka
Are there others suggestion for firewall software for the server. Does
Zonealarm have a server version and if so does it work as well as Black Ice.


Jeff Kratka

*
TymeWyse Internet
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel/fax: (541) 839-6027  -  [EMAIL PROTECTED]
*

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Andy Schmidt
Rick,

I read the BlackIce User Guide and various other manuals to see if I want
to pursue this software. Which feature/setting blocks Dictionary SMTP
attacks?  I can't seem to find any setting specific to this?

Best Regards
Andy Schmidt

HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206

http://www.HM-Software.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Klinge
Sent: Friday, February 06, 2004 03:16 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] How do they do it? 


Server version:

http://blackice.iss.net/product_server_protection.php

~Rick

 
 For a firewall, would the regular version of Blackice work ok
 or is the Server version needed.
 
 
 

___
Virus Scanned and Filtered by http://www.FamHost.com E-Mail System.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Joe Wolf
I called the Black Ice tech support people today and discussed this issue.
They told me that Black Ice will not stop a dictionary attack that is in
progress, but it would shut the spammer down for a second attempt.

He also had major concerns about backup mail spoolers.  He said that you
have to whitelist your backup spoolers and that will still allow the spammer
to run their dictionary attacks.

He didn't think Black Ice was a good product for such use.  He seemed like
he knew what he was talking about.

-Joe

- Original Message - 
From: Jeff Kratka [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 06, 2004 5:17 PM
Subject: RE: [Declude.JunkMail] How do they do it?


 Are there others suggestion for firewall software for the server. Does
 Zonealarm have a server version and if so does it work as well as Black
Ice.


 Jeff Kratka

 *
 TymeWyse Internet
 P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
 tel/fax: (541) 839-6027  -  [EMAIL PROTECTED]
 *

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Marc Catuogno
It's funny but when I do a search for dictionary on their site to see how
to configure black ice to guard against dictionary attacks or how it does I
get no results.  Can any user of Black Ice point me in the right direction
here??

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka
Sent: Friday, February 06, 2004 03:01 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] How do they do it?


For a firewall, would the regular version of Blackice work ok or is the
Server version needed.


Jeff Kratka
*
TymeWyse Internet
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel/fax: (541) 839-6027  -  [EMAIL PROTECTED]
*


One product that people have talked highly of has been Blackice for blocking
dictionary attacks.

Regards,
Kami

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]


---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Markus Gufler

I have no practical solution but you would need something that parses your
SMTP logfile in realtime (like unixtool's tail or the new baretail) and
track occurences of invalid user messages. If there are more then X
connection attempts from one single IP in Y minutes causing an invalid user
log entry this IP (or at least port 25 from this IP) should be blocked
immediatly for Z minutes.

Blocking the IP in Imail is problematic because you have to restart the
service every time the IP-list is updated.

I don't know if some SW firewalls like BlackIce or ZoneAlarm allow external
updates for IP-filter tables. Maybe there is also some HW appliance that can
do this.

Filtering by IP in declude junkmail is too late because this will not block
the connection attempts. 

Are you sure this joe jobs are the real reason why the amount of spam seems
to increase after you transfer the domain to your own server? What registrar
do you use? There was an intersting argument on this list some days ago
about certain registrars that seems to be here specially for spammers. Or
are you inserting your clients email adress in the whois information after
during transfer?

Markus




 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf
 Sent: Saturday, February 07, 2004 12:39 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] How do they do it? 
 
 I called the Black Ice tech support people today and 
 discussed this issue.
 They told me that Black Ice will not stop a dictionary attack 
 that is in progress, but it would shut the spammer down for a 
 second attempt.
 
 He also had major concerns about backup mail spoolers.  He 
 said that you have to whitelist your backup spoolers and that 
 will still allow the spammer to run their dictionary attacks.
 
 He didn't think Black Ice was a good product for such use.  
 He seemed like he knew what he was talking about.
 
 -Joe
 
 - Original Message -
 From: Jeff Kratka [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Friday, February 06, 2004 5:17 PM
 Subject: RE: [Declude.JunkMail] How do they do it?
 
 
  Are there others suggestion for firewall software for the 
 server. Does
  Zonealarm have a server version and if so does it work as 
 well as Black
 Ice.
 
 
  Jeff Kratka
 
  *
  TymeWyse Internet
  P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
  tel/fax: (541) 839-6027  -  [EMAIL PROTECTED]
  *
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 
 ---
 [This E-mail was scanned for viruses by Declude Virus 
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re[2]: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Sanford Whiteman
 He  also had major concerns about backup mail spoolers. He said that
 you have to whitelist your backup spoolers and that will still allow
 the spammer to run their dictionary attacks.

Only if the backups don't run BlackIce. :)

But if _they're_ downselling it, that's interesting.

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Jeff Maze - Hostmaster
One problem we've recently had is that a mail server we were trying to send
messages to would die intermittently..  Came to discover there were filters
on their router that when a certain incident happened, it blocked
everything from that computer IP for 4 hours..  Maybe this is something
you'd like to look into..

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Friday, February 06, 2004 7:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] How do they do it? 



I have no practical solution but you would need something that parses your
SMTP logfile in realtime (like unixtool's tail or the new baretail) and
track occurences of invalid user messages. If there are more then X
connection attempts from one single IP in Y minutes causing an invalid user
log entry this IP (or at least port 25 from this IP) should be blocked
immediatly for Z minutes.

Blocking the IP in Imail is problematic because you have to restart the
service every time the IP-list is updated.

I don't know if some SW firewalls like BlackIce or ZoneAlarm allow external
updates for IP-filter tables. Maybe there is also some HW appliance that can
do this.

Filtering by IP in declude junkmail is too late because this will not block
the connection attempts. 

Are you sure this joe jobs are the real reason why the amount of spam seems
to increase after you transfer the domain to your own server? What registrar
do you use? There was an intersting argument on this list some days ago
about certain registrars that seems to be here specially for spammers. Or
are you inserting your clients email adress in the whois information after
during transfer?

Markus




 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf
 Sent: Saturday, February 07, 2004 12:39 AM
 To: [EMAIL PROTECTED]
 Subject: Re: [Declude.JunkMail] How do they do it? 
 
 I called the Black Ice tech support people today and
 discussed this issue.
 They told me that Black Ice will not stop a dictionary attack 
 that is in progress, but it would shut the spammer down for a 
 second attempt.
 
 He also had major concerns about backup mail spoolers.  He
 said that you have to whitelist your backup spoolers and that 
 will still allow the spammer to run their dictionary attacks.
 
 He didn't think Black Ice was a good product for such use.
 He seemed like he knew what he was talking about.
 
 -Joe
 
 - Original Message -
 From: Jeff Kratka [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Friday, February 06, 2004 5:17 PM
 Subject: RE: [Declude.JunkMail] How do they do it?
 
 
  Are there others suggestion for firewall software for the
 server. Does
  Zonealarm have a server version and if so does it work as
 well as Black
 Ice.
 
 
  Jeff Kratka
 
  *
  TymeWyse Internet
  P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
  tel/fax: (541) 839-6027  -  [EMAIL PROTECTED]
  *
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To 
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
  unsubscribe Declude.JunkMail.  The archives can be found at 
  http://www.mail-archive.com.
 
 
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To 
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
 unsubscribe Declude.JunkMail.  The archives can be found at 
 http://www.mail-archive.com.
 

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


Re: Re[2]: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Joe Wolf
Sandy,

I asked about that exact issue.  He said that it would be pointless to run
Black Ice on the backup spoolers because they will accept all addresses of a
dictionary attack.  No errors are reported.  The errors come in when the
backup spooler forwards the messages to the primary server and those
transactions must be whitelisted.

He seemed to be pretty knowledgeable and knew of Imail.

I'm not the expert on this subject and it's possible I didn't properly
report what he meant.  I do know that his bottom line was that Black Ice
wouldn't do what I wanted, but he did try and sell me on the firewall and
intrusion detection features.  We run pretty good firewalls and lock down
the servers pretty well so I see no reason for a software firewall.

-Joe

- Original Message - 
From: Sanford Whiteman [EMAIL PROTECTED]
To: Joe Wolf [EMAIL PROTECTED]
Sent: Friday, February 06, 2004 6:07 PM
Subject: Re[2]: [Declude.JunkMail] How do they do it?


  He  also had major concerns about backup mail spoolers. He said that
  you have to whitelist your backup spoolers and that will still allow
  the spammer to run their dictionary attacks.

 Only if the backups don't run BlackIce. :)

 But if _they're_ downselling it, that's interesting.

 --Sandy


 
 Sanford Whiteman, Chief Technologist
 Broadleaf Systems, a division of
 Cypress Integrated Systems, Inc.
 e-mail: [EMAIL PROTECTED]

 SpamAssassin plugs into Declude!
 http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Logtool

2004-02-06 Thread Frederick Samarelli
Warning for anyone thinking of purchasing Logtool. (See Below).

Scott you may want to remove them from your Tools list.

Fred
- Original Message - 
From: Jason Wolfe [EMAIL PROTECTED]
To: Frederick Samarelli [EMAIL PROTECTED]
Sent: Saturday, January 17, 2004 11:15 PM
Subject: Re: Version 2.2 Now Available for Download


 At this time, it seems unlikely that there will be any additional versions
of LogTool, as I no longer work for Netcomm in a full time position.

 Jason Wolfe


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] BlackIce

2004-02-06 Thread Mike Wiegers
This was discussed earlier. I don't know if these setting work but here is
the discussion.

http://www.mail-archive.com/[EMAIL PROTECTED]/msg06713.html

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Whitelisting more than 200 TODOMAINs

2004-02-06 Thread Darin Cox



Anyone know of away to use an external file 
to perform a WHITELIST TODOMAIN on more than 200 domains? The manual 
mentions using the WHITELISTFILE option in $default$.junkmail, but I assume this 
onlyreplaces the need for WHITELIST FROMDOMAIN...which doesn't really 
matter since we use a negative weighting instead of whitelisting for 
that.

Ideas?

Darin.