Scott,
Any plans to add notcontains to the filtering system?
I'd like to use the cmdspace test but can't. If I could create a filter ...
TESTSFAILED END NOTCONTAINS CMDSPACE
HEADERS -xx CONTAINS 12.4.184.
HEADERS -xx CONTAINS 12.4.185.
HEADERS -xx CONTAINS 12.4.186.
I could
Anyone seen this?
http://www.microsoft.com/presspass/press/2004/feb04/02-24RSAAntiSpamTechVisi
onPR.asp
Isn't the Caller ID thing just SPF?
Andy Ognenoff
Online Systems Administrator
Direct: (262)250-2860
[EMAIL PROTECTED]
-
Cousins Submarines, Inc.
Any plans to add notcontains to the filtering system?
I'd like to use the cmdspace test but can't. If I could create a filter ...
TESTSFAILED END NOTCONTAINS CMDSPACE
HEADERS -xx CONTAINS 12.4.184.
HEADERS -xx CONTAINS 12.4.185.
HEADERS -xx CONTAINS 12.4.186.
I could zero
The junkmail and virus log was one long line with 1.78i3 for me also. Went back to
1.78.
Here is how I corrected my virus log:
Opened log in Word
Opened blank doc in Word
In Word Log, put cursor at first bad record
ctrl-shift-end to select to end of document
ctrl-x to cut
paste to the blank doc
The list of List of All Known DNS-based Spam Databases
(http://www.declude.com/junkmail/support/ip4r.htm) is missing the
BLOCK.RHS.MAILPOLICE.COM RHSBL (http://rhs.mailpolice.com/) their
consolidation of the MAILPOLICE-BULK and MAILPOLICE-PORN lists.
Thanks for pointing this out -- the
Isn't the Caller ID thing just SPF?
No, it's a competing technology in the same space. There's been a
lot of discussion in the SPF world about the overlaps,
inconsistencies, and promise of CID vs. SPF. If you're interested in
this discussion, you should join the lively
Thanks...I was just a little confused because I hadn't heard of CID before
that and we're already using SPF. Good to know!
- Andy
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Sanford Whiteman
Sent: Wednesday, February 25, 2004
Hello all,
I have an issue I have been dealing with and was wondering how others would
approach it. I have a spammer on my system and am 99% sure who it is. Thanks
to Scott and the wonderful tools he has supplied us with (Junkmail, Virus
and Hijack) I have been able to trap the spam and log
I've gotten a bunch of very short messages this AM with attachments. They
don't seem to be coming from known spam sources, so it looks like we might
have another virus storm starting up.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
Depends on if the spammer trespassed or otherwise hacked into your
system, or if they were just a customer that thought that the practice
was OK. The first could be reported, probably to the state police (in
the US, whatever in CA) since they most likely have the resources,
though some better
Hi everyone,
Further to my earlier message, the virus in question is [EMAIL PROTECTED] This
is a new variant that was first detected yesterday by SARC. Here's the
writeup from SARC:
---
W32.Netsky.C is a mass-mailing worm that uses its own SMTP engine to send
itself to the email addresses it
I just got a wave of pif's, scr's, com's, exe's
both mcaffee and symantec had updates for a new netsky variant
- Original Message -
From: Dave Doherty [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 25, 2004 1:35 PM
Subject: [Declude.JunkMail] Haeds up!
I've gotten a
Is somebody is using the spamdomains filter to detect paypal, ebay phish e-mails?
Could you please share the appropriate entries?
Or is using the spamdomains filter to do this a bad idea?
Scott Fisher
Director of IT
Farm Progress Companies
---
[This E-mail scanned for viruses by Farm Progress
I have an issue I have been dealing with and was wondering how others
would
approach it. I have a spammer on my system and am 99% sure who it is.
Check their profile; if they have been a paying customer for several
months it is almost 100% sure that it's just a regular joe who was
I know I have missed something here but I'll ask, I'm still new at this
one. I have been shutting down ports on my mail server leaving open only the
ones needed. I leave 53 open for DNS but when I do Declude does not do any
of the DNS based tests. I turn off the port filtering and it works.
Any
Leave all outgoing ports open unless you specifically want to
block it for security. Only block the incoming. Many protocols will
use different outgoing ports.
Matt
Jeff Kratka wrote:
I know I have missed something here but I'll ask, I'm still new at this
one. I have been shutting down
ON A WINDOWS MACHINE THE OUTGOING PORTS ARE BETWEEN 1024 AND 5000 BY DEFAULT.
However, a firewall won't care about the outgoing ports when a connection
is made to a server.
For example, if you block all outgoing ports except port 80 (to allow WWW
connections from local computer to servers on
(Another country heard from)
Scott, that's an excellent description of how a firewall that does stateful
inspection works, but is wrong if it's just a packet filter. I'll readily
admit that anything called a firewall *should* do stateful inspection, but
Jeff didn't specify the tool.
As Kevin
Did you leave both UDP and TCP for port 53 open? DNS uses both.
Darin.
- Original Message -
From: Jeff Kratka [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 25, 2004 7:56 PM
Subject: [Declude.JunkMail] TCP/UDP ports
I know I have missed something here but I'll
If you are using the tcp/ip filtering on
W2K you will have to leave the UDP ports unblocked. We where never able to get
the built-in filtering to work with DNS.
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Wednesday, February 25,
20 matches
Mail list logo