Re: [Declude.JunkMail] Virus Footer
Strange question here. We have a footer line in our virus config file. it is not printing at the bottom of the emails. One possibility is that they are there, but you just can't see them. Many mail clients will only display footers when viewing the plain text version of an E-mail. Another possibility is that you are low on hard drive space, which would prevent Declude from altering the E-mail at all (if this is the case, you should see no Declude headers, either). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange Header Incident
I have received a couple of emails that were like this over the past couple of months. I didn't give them much consideration. Dan Horne, CCNA Web Services Administrator TAIS Web Wilcox World Travel Tours [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476) -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, February 17, 2004 3:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Strange Header Incident I received an e-mail (spam) that had the header information within the e-mail text! When I looked for the header info it was blank. Has anyone else ever seen anything like this? Any ideas as to what this could mean? Does it have a very short Message-ID: header that looks something like Message-ID: WE20 (the latest interim release will handle these malformed E-mails better)? It shouldn't be possible for there to be *no* headers at all (at the very least, IMail should have a Received: header, even if something causes most of the headers to appear in the body of the E-mail). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelisting and SPAM
I received a message from a customer that was receiving SPAM. For some reason, this message was whitelisted but we do not have any of theses domains or IP addresses whitelisted. Am I missing something from this message header or can someone add the whitelist line to the message header. The header from the message was as follows: Received: from tcmall.com [80.146.192.132] by mail.tconline.net (SMTPD32-7.15) id AD08F1D023A; Tue, 17 Feb 2004 06:46:00 -0600 To: [EMAIL PROTECTED] From: berry [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Date: Tue, 17 Feb 2004 05:47:56 GMT Subject: A D-r-u-g more potent than VIAG-RA?! Content-Type: text/plain; X-Declude-Sender: [EMAIL PROTECTED] [80.146.192.132] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-Note: This E-mail was sent from [No Reverse DNS] ([80.146.192.132]). X-RCPT-TO: [EMAIL PROTECTED] Here is a header for another message: Received: from tcoek12.org [208.17.78.98] by mail.tconline.net (SMTPD32-7.15) id A7411A740262; Wed, 18 Feb 2004 05:06:41 -0600 To: [EMAIL PROTECTED] From: vince [EMAIL PROTECTED] Date: Wed, 18 Feb 2004 11:05:55 GMT Message-Id: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Subject: Would you like to get laid TONIGHT?! Content-Type: text/html; X-Declude-Sender: [EMAIL PROTECTED] [208.17.78.98] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-Note: This E-mail was sent from user98.net270.lv.sprint-hsd.net ([208.17.78.98]). X-RCPT-TO: [EMAIL PROTECTED] Thanks, Isaias Hernandez Internet Tech Support 979-775-6239 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IDN Domains?
Hello, are there any known problems with Imail Declude with IDN Domains? (Like blöd.de or something like that) Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Help with a Spammer
Sorry for my ignorance on this but it's driving me nuts. It appears I have a spammer on my system. It is coming from one of my dialup customers. I have started to look into IP addresses for the mail and radius but would like to be alittle more sure. Does anyone have any good ideas to track someone down? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with a Spammer
Are you using Declude Hijack? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Help with a Spammer Sorry for my ignorance on this but it's driving me nuts. It appears I have a spammer on my system. It is coming from one of my dialup customers. I have started to look into IP addresses for the mail and radius but would like to be alittle more sure. Does anyone have any good ideas to track someone down? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisting and SPAM
I received a message from a customer that was receiving SPAM. For some reason, this message was whitelisted but we do not have any of theses domains or IP addresses whitelisted. Am I missing something from this message header or can someone add the whitelist line to the message header. Have you checked the Declude JunkMail log file? It should say why the E-mail was whitelisted. Do you have mail.com whitelisted? That would cause the E-mail to be whitelisted. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Junkmail bypass my mail server
I am using Imail/Declude VirusJunkmail as a gateway for my mail server. Works wonderfully on mail coming in. I'd like to route all outbound mail through the Imail/Declude gateway but only to virus check. I guess I'd like to exclude Junkmail testing on the IP Address of my mail server. Can anyone help me out with the necessary config? --- [This E-mail scanned for viruses by Farm Progress Companies using Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Junkmail bypass my mail server
I am using Imail/Declude VirusJunkmail as a gateway for my mail server. Works wonderfully on mail coming in. I'd like to route all outbound mail through the Imail/Declude gateway but only to virus check. I guess I'd like to exclude Junkmail testing on the IP Address of my mail server. Can anyone help me out with the necessary config? In this case, if you add a line WHITELIST IP 192.0.2.25 to the \IMail\Declude\global.cfg file (replacing 192.0.2.25 with the IP of your mail server), it will prevent outgoing E-mail from getting marked as spam. If you are running the latest beta, and add a line PREWHITELIST ON to the \IMail\Declude\global.cfg file, it will also prevent the tests from being run (to minimize resource usage). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisting and SPAM
check in global for WHITELIST HABEAS Spammers are putting Habeas headers in to their mail...we've reported 3 of them today to www.habeas.com. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 11:40 AM Subject: Re: [Declude.JunkMail] Whitelisting and SPAM I received a message from a customer that was receiving SPAM. For some reason, this message was whitelisted but we do not have any of theses domains or IP addresses whitelisted. Am I missing something from this message header or can someone add the whitelist line to the message header. Have you checked the Declude JunkMail log file? It should say why the E-mail was whitelisted. Do you have mail.com whitelisted? That would cause the E-mail to be whitelisted. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting and SPAM
I have checked the log and found out the reason the message was whitelisted. Here is the scenario... A Spammer sends e-mail to multiple customers of ours. One of these customers does not want anything to be filtered from his e-mail so we added WHITELISTTO [EMAIL PROTECTED] My question is if one of our customers is whitelisted, is everyone receiving this message going to be receiving the whitelisted message? If so, is there a way to whitelist only that one customer and not the other messages that are going to other users? Isaias Hernandez Internet Tech Support 979-775-6239 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, February 18, 2004 11:41 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Whitelisting and SPAM I received a message from a customer that was receiving SPAM. For some reason, this message was whitelisted but we do not have any of theses domains or IP addresses whitelisted. Am I missing something from this message header or can someone add the whitelist line to the message header. Have you checked the Declude JunkMail log file? It should say why the E-mail was whitelisted. Do you have mail.com whitelisted? That would cause the E-mail to be whitelisted. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with a Spammer
No I have Imail 6.06 (Yeah I know..) Declude Junk Mail and Virus. I have been thinking about Hijack but right now funds are thin. I'm mostly trying to track them down. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Wednesday, February 18, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer Are you using Declude Hijack? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Help with a Spammer Sorry for my ignorance on this but it's driving me nuts. It appears I have a spammer on my system. It is coming from one of my dialup customers. I have started to look into IP addresses for the mail and radius but would like to be alittle more sure. Does anyone have any good ideas to track someone down? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting and SPAM
My question is if one of our customers is whitelisted, is everyone receiving this message going to be receiving the whitelisted message? Yes. The way that SMTP works, it is expected that an E-mail with multiple recipients be delivered to everyone in the same way. If so, is there a way to whitelist only that one customer and not the other messages that are going to other users? Unfortunately, there is no easy way around this right now (there is a BYPASSWHITELIST option, but that gets complicated -- the archives have more information about it). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with a Spammer
I have a question about Declude Hijack. I was wondering if Hijack will help me track this person down with IP addresses and logs. It looks like they are either spoofing an address since I can't see the IP addresses in the radius or I'm completely brain dead. This is the first spammer I have had to track down on my system so I am very new at it. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 10:00 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer No I have Imail 6.06 (Yeah I know..) Declude Junk Mail and Virus. I have been thinking about Hijack but right now funds are thin. I'm mostly trying to track them down. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Wednesday, February 18, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer Are you using Declude Hijack? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Help with a Spammer Sorry for my ignorance on this but it's driving me nuts. It appears I have a spammer on my system. It is coming from one of my dialup customers. I have started to look into IP addresses for the mail and radius but would like to be alittle more sure. Does anyone have any good ideas to track someone down? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with a Spammer
Hijack tracks outgoing by IP address. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer I have a question about Declude Hijack. I was wondering if Hijack will help me track this person down with IP addresses and logs. It looks like they are either spoofing an address since I can't see the IP addresses in the radius or I'm completely brain dead. This is the first spammer I have had to track down on my system so I am very new at it. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 10:00 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer No I have Imail 6.06 (Yeah I know..) Declude Junk Mail and Virus. I have been thinking about Hijack but right now funds are thin. I'm mostly trying to track them down. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Wednesday, February 18, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer Are you using Declude Hijack? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Help with a Spammer Sorry for my ignorance on this but it's driving me nuts. It appears I have a spammer on my system. It is coming from one of my dialup customers. I have started to look into IP addresses for the mail and radius but would like to be alittle more sure. Does anyone have any good ideas to track someone down? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ANTI-AV filter important note
For those that are currently using the ANTI-AV filter, it's important that you take note of this. In one of the last two releases, I added a bunch of strings to the filter that detected some non-standard characters that were very common in these AV bounces, probably due to some broken decoder or possibly some bad data from the sender. While I believe these to be generally safe, there was a bug in Declude JM that was found and corrected that could cause FP's on those strings in the event that there was a text or HTML base64 encoded attachment. Scott fixed this in the 1.77i31 interim release yesterday. So in short, if you are using this filter, and if you are using a 1.77 interim release, you either need to comment out the Funky Characters section or upgrade to the latest interim release. I'm not sure if this bug affected older versions of Declude JM, so either watch it closely for FP's, or comment out those lines just to be safe (they are very effective lines though). A new version, ANTI-AV v1.0.4, has been uploaded to the beta filter section of my site. It only has a few additional strings, but more importantly it now includes the notation that DJM 1.77i31+ be used with the filter. Please always take note of the Compatibility notation in the comment blocks. http://www.mailpure.com/software/decludefilters/beta/ Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude JunkMail v1.78 (beta) released
We have just released Declude Virus v1.78 (beta). See http://www.declude.com/junkmail/manual.htm . Notable changes since the last beta include: o AV FIX Had an internal limit of 20 forging viruses; changed to 200. o AV FIX Prevents false positives where begin followed by . causes uudecoding to occur. o AV FIX Prevents notifications from being sent out with the Outlook CR Vulnerability, if an unusual RCPT TO: occurred with an LF in it. o AV FIX Fixes an issue where if 2nd virus scanner reported filename (not number), it would be used instead of good filename from first scanner. Other additions and fixes can be found in the release notes, at http://www.declude.com/relnotes.htm . Anyone with an up-to-date Service Agreement is entitled to free upgrades (see http://www.declude.com/agree.htm for information on the Declude Service Agreement). --- Quick Resource Reference: Tech Support: [EMAIL PROTECTED] Mailing List: Send E-mail to [EMAIL PROTECTED] with subscribe declude.junkmail your name in the body New Releases List: Send E-mail to [EMAIL PROTECTED] with subscribe declude.releases your name in the body Troubleshooting: See manual URL above; look at Troubleshooting section Emergency Uninstall: See manual URL above; look at Emergency Uninstall section Urgent Support: urgent @declude.com (for urgent/time-sensitive issues only) Declude Addons/Tools URL: http://www.declude.com/tools Manual: http://www.declude.com/junkmail/manual.htm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help with a Spammer
Jeff, If you ran a log analyzer on your IMail logs and checked for high utilization senders, that might to it, or maybe grep if you have a knack for that. I would think that chances are that this person merely has a virus infected computer that is being hijacked, though you need to provide more detail about the situation probably in order to get a better response. FYI, here's what SenderBase is showing for your class C: http://www.senderbase.org/search?searchString=205.243.160.7whichOthers=%2F24 Matt Jeff Kratka wrote: I have a question about Declude Hijack. I was wondering if Hijack will help me track this person down with IP addresses and logs. It looks like they are either spoofing an address since I can't see the IP addresses in the radius or I'm completely brain dead. This is the first spammer I have had to track down on my system so I am very new at it. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 10:00 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer No I have Imail 6.06 (Yeah I know..) Declude Junk Mail and Virus. I have been thinking about Hijack but right now funds are thin. I'm mostly trying to track them down. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, February 18, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer Are you using Declude Hijack? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Help with a Spammer Sorry for my ignorance on this but it's driving me nuts. It appears I have a spammer on my system. It is coming from one of my dialup customers. I have started to look into IP addresses for the mail and radius but would like to be alittle more sure. Does anyone have any good ideas to track someone down? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.JunkMail] TESTSFAILED and NOT questions :)
Scott, This is obviously a very big advance to Declude because it now allows us to do combination tests. I have a few brief questions though. First, does IPNOTINMX and NOLEGITCONTENT still get processed (weight adjustments, and triggers for TESTSFAILED) after custom filters? I've been setting SKIPIFWEIGHT to a value equal to those tests because the points would be deducted afterwards. This is also important if we possibly write a custom filter that includes the TESTSFAILED action for these. Secondly, I noted the NOTENDSWITH action was added as per John's previous request. If you could add NOT functionality to all of the filter types, this would greatly enhance filtering capabilities. I've come across this need many times in the past and have been limited by the absence of such functionality. For everyone else, if you haven't figured it out yet, you can now create a simple filter for something like all DUL tests by setting the test scores to zero in the global.cfg, and then creating a DUL custom filter that is scored at one value. This way you don't have a huge range of scores based on how many such tests get hit. i.e. - Global.cfg - AHBL-DULip4r dnsbl.ahbl.org 127.0.0.90 0 NJABL-DUL ip4r dnsbl.njabl.org127.0.0.30 0 NJABL-DYNA ip4r dynablock.njabl.org 127.0.0.30 0 SORBS-DUL ip4r dnsbl.sorbs.net127.0.0.10 0 0 DULfilter C:\IMail\Declude\Filters\DUL.txtx 8 0 - DUL.txt TESTSFAILED 0 CONTAINS AHBL-DUL TESTSFAILED 0 CONTAINS NJABL-DUL TESTSFAILED 0 CONTAINS NJABL-DYNA TESTSFAILED 0 CONTAINS SORBS-DUL That's a good thing to have I think. It should help protect from false positives while also not severely weakening the system. I may even combine this with my DYNAMIC filter for one scoring hit. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with a Spammer
Thank you, I just installed Declude Hijack and it is helping already. Being that it is showing the IP address of the outgoing mail and the amount I can check into this more. I think it will help me with this issue. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Wednesday, February 18, 2004 11:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Help with a Spammer Jeff, If you ran a log analyzer on your IMail logs and checked for high utilization senders, that might to it, or maybe grep if you have a knack for that. I would think that chances are that this person merely has a virus infected computer that is being hijacked, though you need to provide more detail about the situation probably in order to get a better response. FYI, here's what SenderBase is showing for your class C: http://www.senderbase.org/search?searchString=205.243.160.7whichOthers=%2F2 4 Matt Jeff Kratka wrote: I have a question about Declude Hijack. I was wondering if Hijack will help me track this person down with IP addresses and logs. It looks like they are either spoofing an address since I can't see the IP addresses in the radius or I'm completely brain dead. This is the first spammer I have had to track down on my system so I am very new at it. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 10:00 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer No I have Imail 6.06 (Yeah I know..) Declude Junk Mail and Virus. I have been thinking about Hijack but right now funds are thin. I'm mostly trying to track them down. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Wednesday, February 18, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with a Spammer Are you using Declude Hijack? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Kratka Sent: Wednesday, February 18, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Help with a Spammer Sorry for my ignorance on this but it's driving me nuts. It appears I have a spammer on my system. It is coming from one of my dialup customers. I have started to look into IP addresses for the mail and radius but would like to be alittle more sure. Does anyone have any good ideas to track someone down? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus
Re: [Declude.JunkMail] TESTSFAILED and NOT questions :)
First, does IPNOTINMX and NOLEGITCONTENT still get processed (weight adjustments, and triggers for TESTSFAILED) after custom filters? I've been setting SKIPIFWEIGHT to a value equal to those tests because the points would be deducted afterwards. This is also important if we possibly write a custom filter that includes the TESTSFAILED action for these. Actually, both IPNOTINMX and NOLEGITCONTENT should be run before the filters. Secondly, I noted the NOTENDSWITH action was added as per John's previous request. If you could add NOT functionality to all of the filter types, this would greatly enhance filtering capabilities. I've come across this need many times in the past and have been limited by the absence of such functionality. That is something that we are planning. For everyone else, if you haven't figured it out yet, you can now create a simple filter for something like all DUL tests by setting the test scores to zero in the global.cfg, and then creating a DUL custom filter that is scored at one value. This way you don't have a huge range of scores based on how many such tests get hit. i.e. - Global.cfg - AHBL-DULip4r dnsbl.ahbl.org 127.0.0.90 0 NJABL-DUL ip4r dnsbl.njabl.org127.0.0.30 0 NJABL-DYNA ip4r dynablock.njabl.org 127.0.0.30 0 SORBS-DUL ip4r dnsbl.sorbs.net127.0.0.10 0 0 DULfilter C:\IMail\Declude\Filters\DUL.txtx 8 0 - DUL.txt TESTSFAILED 0 CONTAINS AHBL-DUL TESTSFAILED 0 CONTAINS NJABL-DUL TESTSFAILED 0 CONTAINS NJABL-DYNA TESTSFAILED 0 CONTAINS SORBS-DUL That's a good thing to have I think. It should help protect from false positives while also not severely weakening the system. I may even combine this with my DYNAMIC filter for one scoring hit. That is a very good idea. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Lates Global.cfg file
Hi Scott. Can I take the Global.cfg from the Declude websiteput my code in...make any changes to log file locations .copy it to the \\..\imail\declude directory? -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 12:18 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Lates Global.cfg file How do I know if I have the current version of the Global.cfg file? There isn't an easy way. In most cases, though, the changes to the default global.cfg file are to add/remove spam tests, or add features in the latest beta/release. So the only real concern is making sure that you have the latest spam tests, and have removed spam tests that have died. Occasionally checking the latest default configuration file should be all that is needed (looking at the first set of tests defined, which you can find after the # For type ip4r, 'matchstring' is the string to look for, or * for anything line). How can I tell if I need to update/upgrade my Declude software..both JunkMail and Virus? Need is one of those funny words. To find out if you are running the latest version, you can type \IMail\Declude -diag from a command prompt to see the version you are running, and compare it to what is shown to be the latest release at http://www.declude.com/junkmail/manual.htm . To find out if you need to upgrade, you can go to http://www.declude.com/relnotes.htm to see what changes have been made. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] TESTSFAILED and NOT questions :)
R. Scott Perry wrote: Actually, both IPNOTINMX and NOLEGITCONTENT should be run before the filters. Was this changed??? Back on 12/20/2003 in a thread started by Bill on Weight processing, several of us stated that we had seen issues related to these being deducted only after the custom filters were processed, and your response was that it was by design and that you couldn't guarantee the order of which things were processed (sorry, I couldn't find it in the archives). I have since added the points from these tests to my intended SKIPIFWEIGHT values, i.e. 25 + 1 + 2 = 28. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Lates Global.cfg file
Can I take the Global.cfg from the Declude websiteput my code in...make any changes to log file locations .copy it to the \\..\imail\declude directory? Yes, that would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPF - Question
From another list I get: Quote ON ...we now have seven return codes, up from the previous four, and the Received-SPF field is now more structured. The total number of domains covered by SPF is actually much, much higher than 7000. That number comes from self-reporting. The true number is higher because many domain-parking services have set up a blanket this domain sends no mail rule. Thanks to them, the total number of domains covered by SPF is in the six-digit range. QUOTE OFF Question: For those of us who set up SPF early, are there any changes we need to make, either to the information on our servers, or the information we submitted to the SPF registry (or whatever its correct name should be)? I believe we currently have a spfpass and a spffail in our global.cfg. Thanks, Rob === www.iGive.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] TESTSFAILED and NOT questions :)
Actually, both IPNOTINMX and NOLEGITCONTENT should be run before the filters. Was this changed??? No. Back on 12/20/2003 in a thread started by Bill on Weight processing, several of us stated that we had seen issues related to these being deducted only after the custom filters were processed, and your response was that it was by design and that you couldn't guarantee the order of which things were processed (sorry, I couldn't find it in the archives). That is correct. However, the IPNOTINMX and NOLEGITCONTENT tests run before the filters. In most cases, the filters should be the last tests run (although there may be some exceptions, such as the weight tests, such as WEIGHT10). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF - Question
...we now have seven return codes, up from the previous four, and the Received-SPF field is now more structured. The SPF protocol is still being changed. The SPF code in Declude JunkMail follows one of the specs from December -- we expect to add support for the final one after the final specs are determined. For those of us who set up SPF early, are there any changes we need to make, either to the information on our servers, or the information we submitted to the SPF registry (or whatever its correct name should be)? Not at this time. Once the RFC draft is finalized, and we change Declude JunkMail to match it, then some changes may be necessary. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tom's Kill List (another erroneous entry)
Another incorrect entry is this one: @ltgsys.com ID-20040121-000433 This is a company called Lighting Systems and is one of our business partners. Please fix. Thank you. -Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tom Sent: Tuesday, February 17, 2004 4:01 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Tom's Kill List Importance: High Your blacklist includes @Optonline.com @optonline.net ID-20040211-002132 Please be advised: This was an oversight and was removed. A new list was generated, sorted and re-formatted. Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Virus Warning - Netsky.b@mm
I blocked it with declude Junkmail using this in a myfilter : BODY 15 CONTAINS TVqQAAME//8AAL BODY 15 CONTAINS UEsDBAoAAI2aUjBdbrA Thanks, Chris Patterson, CCNA Network Engineer Rapid Systems (813)232-4887 Ext. 112 [EMAIL PROTECTED] Managed Spam Filtering and Anti-Virus Protection for Your Internet Service - Available Today from Rapid Systems -Original Message- From: Doug Anderson [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 3:20 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Virus Warning - [EMAIL PROTECTED] New ONE Moving fast! Virus Warning - [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] new dow and hour tests
Hi, Can someone explain these new tests? I tried searching the archives but couldn't find any previous discussions about this. Kevin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new dow and hour tests
Can someone explain these new tests? From the release notes: New tests dow and hour, to allow hour and day-of-week detection. IE HOUR hour 9 16 0 0 for local 9AM-4:59PM. DOW dow 1 5 0 0 for Monday through Friday. So if you add the following lines to your \IMail\Declude\global.cfg file: HOURhour9 16 0 0 DOW dow 1 5 0 0 it will create two new tests, HOUR and DOW. The HOUR test will be triggered if the E-mail was received between 9AM and 4:59PM (16:59); the DOW test will be triggered if the E-mail was received between Monday and Friday. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] new dow and hour tests
What would be a good use for these tests? Or what is the motivation behind there creation? I don't understand what kind of Spam would be caught with them. Thanks, Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, February 18, 2004 3:23 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] new dow and hour tests Can someone explain these new tests? From the release notes: New tests dow and hour, to allow hour and day-of-week detection. IE HOUR hour 9 16 0 0 for local 9AM-4:59PM. DOW dow 1 5 0 0 for Monday through Friday. So if you add the following lines to your \IMail\Declude\global.cfg file: HOURhour9 16 0 0 DOW dow 1 5 0 0 it will create two new tests, HOUR and DOW. The HOUR test will be triggered if the E-mail was received between 9AM and 4:59PM (16:59); the DOW test will be triggered if the E-mail was received between Monday and Friday. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.78 (beta) released
Looks good Scott, o JM FIX IPBYPASS limit increased from 20 to 100 entries. -Liking this, I'm up to 18 o JM ADD DOMAINWHITELISTS ON option, to allow for per-domain whitelist files at \IMail\Declude\example.com\whitelist.txt. -looks easy enough, can't wait to try it! o JM ADD New tests dow and hour, to allow hour and day-of-week detection. IE HOUR hour 9 16 0 0 for local 9AM-4:59PM. DOW dow 1 5 0 0 for Monday through Friday. -reminds me of a old dialog we had here, anyone have ideas on how best to use it? o JM ADD Adds TESTSFAILED searching for filters (for tests that have already run). For example, TESTSFAILED END CONTAINS SPAMCOP. -Do I understand this correctly, just build FILTER entries that reference stand alone tests and put them at the top of every FILTER file? o JM ADD Adds CMDSPACE test to help detect spamware in SMTP commands. -Is this a stand alone test like BADHEADERS? o JM ADD Now will decode encoded subjects (for use in filters). -Very nice :) Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] new dow and hour tests
On 03:32 PM 2/18/2004 -0800, it would appear that Todd Holt wrote: What would be a good use for these tests? Or what is the motivation behind there creation? I don't understand what kind of Spam would be caught with them. The point being that legitimate business messages tend to be received during legitimate business hours, whereas SPAM tends to increase dramatically during middle of the night/weekend hours. While these tests may not be applicable on every server, for business servers they provide a simple yet effect benefit. Tyran Ormond Programmer/LAN Administrator Central Valley Water Reclamation Facility [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] new dow and hour tests
What would be a good use for these tests? Or what is the motivation behind there creation? I don't understand what kind of Spam would be caught with them. Some people find that E-mail during certain hours or days of the week is more likely to be spam. For example, a business that is open from 9AM To 5PM may find that 95% of their legitimate mail is received during those hours. With the hour test, they could make it more likely that spam send outside those hours is caught (at the risk of making it more likely that legitimate mail sent outside those hours would get caught). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.78 (beta) released
o JM ADD Adds TESTSFAILED searching for filters (for tests that have already run). For example, TESTSFAILED END CONTAINS SPAMCOP. -Do I understand this correctly, just build FILTER entries that reference stand alone tests and put them at the top of every FILTER file? That would work fine. As Matt pointed out, you can also use this to create groups of tests -- for example, a DIALUPS filter that will be triggered if any of several dialup-based spam test (DUL, SORBS-DUHL, etc.) gets triggered. That way, you can have E-mail that fails any of a group of tests have the same weight applied, no matter how many of the tests it fails. o JM ADD Adds CMDSPACE test to help detect spamware in SMTP commands. -Is this a stand alone test like BADHEADERS? Yes. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new dow and hour tests
How would you add weight to these testes. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 6:22 PM Subject: Re: [Declude.JunkMail] new dow and hour tests Can someone explain these new tests? From the release notes: New tests dow and hour, to allow hour and day-of-week detection. IE HOUR hour 9 16 0 0 for local 9AM-4:59PM. DOW dow 1 5 0 0 for Monday through Friday. So if you add the following lines to your \IMail\Declude\global.cfg file: HOURhour9 16 0 0 DOW dow 1 5 0 0 it will create two new tests, HOUR and DOW. The HOUR test will be triggered if the E-mail was received between 9AM and 4:59PM (16:59); the DOW test will be triggered if the E-mail was received between Monday and Friday. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tom's Kill List
Your blacklist includes @Optonline.com @optonline.net ID-20040211-002132 M M Please be advised: M M This was an oversight and was removed. M A new list was generated, sorted and re-formatted. M M Best Regards, M Tom M Image`fx Question, Tom, is .georgewbush.comID-20040121-001584 an oversight? Just had to ask this... ;) -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] 1.78 beta possible bug
Built a filter: SUBJECT -30 CONTAINS tunafish Doesn't trigger. BODY -30 CONTAINS tunafish Triggers fine. It could very well be me, but if so, I'm stumped as to why. Rob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.78 beta possible bug - NOT
Sorry for false alarm, but I couldn't recreate this myself. Working now. Rob === Built a filter: SUBJECT -30 CONTAINS tunafish Doesn't trigger. BODY -30 CONTAINS tunafish Triggers fine. It could very well be me, but if so, I'm stumped as to why. Rob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new dow and hour tests
How would you add weight to these testes. Instead of: HOURhour9 16 0 0 you could use: HOURhour9 16 3 0 which would add 3 points to any E-mail sent between 9AM and 4:59PM. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New CMD space test info
For some reason this isn't coming up in the archives (though I know I've seen it) Can someone shoot me the config line for the new CMDSPACE ? Thanks Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Virus Warning - Netsky.b@mm
New ONE Moving fast! Virus Warning - [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.