The concept behind BONDEDSENDER seems to be the same as HABEAS. But if I
understand things correctly, Declude can not treat the two in the same
way.
To use HABEAS headers you simply enter WHITELIST HABEAS in the
global.cfg. And by using this an email could fail every rule you have
(but pass the
Scott, is there a way of WHITELISTING a positive BONDEDSENDER? Like you
do with HABEAS?
You should be able to do that with the latest beta and a filter, using a
line TESTSFAILED WHITELIST CONTAINS BONDEDSENDER in your filter file.
-Scott
---
I'm in the process of building a 4 server inbound MX gateway system for our
Exchange 2003 environment.
Imail/Declude will run on 4 even priority MX relayers and will act as edge
virus and spam detection.
Our organization receives about 350,000-400,000 inbound messages a day so
we're estimating
Wonder what this will be about?
http://biz.yahoo.com/bw/040309/95882_1.html
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
The only problem with this is that all 4 of these relayers will have its own
license code.
As a feature request, would it be possible to put the CODE line of the
global.cfg into its own file?
License.cfg or something?
Right now, I have to parse each global.cfg and write each servers file
uniquely
Declude Virus should automatically block this, as it appears to
contain a mailserver AV vulnerability.
That is what I thought. Can you think of any reason why it did not
catch it?
What version of Declude are you running (\IMail\Declude
-diag from a
command prompt will show
It is a starting place for sure. In my three weeks, I've found Junkmail to be simple,
yet deep in it's abilities.
One test I added late was the spamdomains test. This test checks to see if a
hotmail.com e-mail comes from a server with hotmail in it's address. Very effective at
these types of
Thank you very much
Harry Vanderzand
inTown Internet Computer Services
11 Belmont Ave. W.
Kitchener, ON
N2M 1L2
519-741-1222
Did you know we offer:
- Province wide dial-up and high speed internet access
- Web accessible email with anti-spam\antivirus protection
- Computer hardware sales and
I've got an interesting configuration issue.
My Imail server is behind a firewall and I have a branch office email server
(left over from before we accuired them) that forwards mail to my server.
A lot of this forwarded mail is spam so I'm trying to get JunkMail Pro
configured
to use the proper
My Imail server is behind a firewall and I have a branch office email server
(left over from before we accuired them) that forwards mail to my server.
A lot of this forwarded mail is spam so I'm trying to get JunkMail Pro
configured
to use the proper IP for its DNSBL (RBL?) tests.
In this case,
Anyone know how to setup or how effective a comparison of the From: and
X-Declude-Sender: values would be in stopping SPAM? That is, if they do not
match, dump it.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
I've seen a few posts to this list (from myself and a
few others) over the last year requesting anyone to post a current spam domains
list. These requests never seem to be answered or even acknowledged.
Is there some reason for this that I am missing? There was a list
posted about a year
Here is the result of the press release.
http://msnbc.msn.com/id/4496759/
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Mark Smith
Sent: Wednesday, March 10, 2004 4:54 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] OT:
nfdhgfgf
Isaias Hernandez
Internet Tech Support
979-775-6239
[EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
I would not do it. YOu would loose many list emails. The x-declude-sender is
the envelope sender which normally from a list is the list owner address.
the the from is the list member.
When e-card web sites smarten up they will do the same thing. The evelope
sender will be the ecard site and the
I am trying to get the Declude iMail modified header to an external
program. (X refs)
I've tried:
mytest external nonzero my_program.exe %HEADERS%1 0
and:
mytest external nonzero my_program.exe1 0 (and
reading the D.file)
also:
mytest external
I'd love to see a current spam domains list that deals with non-US ISP's.
I seem to have lots of spam coming apparently from non-US ISPs.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 03/10/04 10:36AM
I've seen a few posts to this list (from myself and a few others)
I'm trying to collect data for a SPAM (pass and fail report), also I intend
to whitelist with exturnalplus from our database
Chuck
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 9:28 AM
Subject: Re: [Declude.JunkMail]
Why do people send test messages to already high-volume e-mail lists?
Better yet why do people respond go test messages to already high-volume
mailing lists thereby adding one more e-mail into the mix?
- Original Message -
From: TC Online Support [EMAIL PROTECTED]
To: Declude.JunkMail
Hello, Jeffrey,
Kami's "spamdomains"list is always publically
available and it looks like its pretty good. But I think he uses
spamdomains in a different way that I do.
Typically an entry makes it on to my spamdomains
list if a known legit domain name is used to send to non-legit e-mail
Where is Kami's list? I haven't been able to find it.
If you wouldn't mind sharing, I'd like to see your your spamdomains file. I really
need more non-US entries.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 03/10/04 11:32AM
Hello, Jeffrey,
Kami's spamdomains list is
I'm trying to collect data for a SPAM (pass and fail report), also I intend
to whitelist with exturnalplus from our database
In that case, I would recommend splitting it into two programs -- one that
interfaces with Declude JunkMail as an external test (and whitelists the
E-mail), and another
Scott
I agree 2 programs.
The log file doesn't include header info such as to: and from: just the
Q.file after it was sent.
Is it possible to have a setting in GLOBAL.CFG for an external LOG
Something like:
my_logexternallog nonzero my_log %DECLUDEHEADERS%
Chuck
- Original
- Original Message -
From: Jeffrey Di Gregorio [EMAIL PROTECTED]
I've seen a few posts to this list (from myself and a few others) over
the last year requesting anyone to post a current spam domains list.
These requests never seem to be answered or even acknowledged. Is there
some
Is it possible to have a setting in GLOBAL.CFG for an external LOG
Something like:
my_logexternallog nonzero my_log %DECLUDEHEADERS%
No, but we will be looking into that.
You may also want to try LOGLEVEL HIGH to see if the information in there
is suitable.
Hello Chuck,
Wednesday, March 10, 2004, 12:35:02 PM, you wrote:
CS I'm trying to collect data for a SPAM (pass and fail report), also I intend
CS to whitelist with exturnalplus from our database
This goes to some of my questions the other day. We're looking at the
doing the same thing with an
If I'm only using imail as a gateway for Exchange and only one domain is
being forwarded to, wouldn't it make sense to disable the DNS cache and
Queue manager.
In the remote case the receiving Exchange server is put on the skip list
that would mean that all email would stop.
Right?
---
[This
Hi Chuck:
Spamdomains has been one of those topics that appear and disappear- never
with a final and definitive answer.
It would be good if something like this was done like Forged Virus - with a
server giving the weight.. But there are so many variations and changes that
perhaps this can't be
Trying to get Junkmail started, but it doesn't check the blacklists. The
log shows WARNING: BOGUS DNS SERVER !
This was actually covered on the list a couple of weeks ago (see below). I
tried the advice Scott gave, but it didn't work. Mail is going out
normally. Need some more ideas!
I
Trying to get Junkmail started, but it doesn't check the blacklists. The
log shows WARNING: BOGUS DNS SERVER !
This was actually covered on the list a couple of weeks ago (see below). I
tried the advice Scott gave, but it didn't work. Mail is going out
normally. Need some more ideas!
Kami:
I agree with your comments. I have trouble maintaining the spamdomains file
myself because I lack a good reference for the rules to create one(this goes
back to the manual issue). I think the reason so many people ask for one is
they are not totally confident in creating it themselves
Well, that worked. Cut, click Apply, paste, click Apply, didn't work.
Cut, click Apply, type in IP, click Apply, did. Go figure.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 10, 2004 2:48 PM
Subject: Re: [Declude.JunkMail]
Scott, could you please post or re-post the criteria for a
spamdomains entry. Probably my biggest issue is when their are multiple
entries for a domain.
In the spamdomains.txt file (or whatever you choose to name it), you need
lines that have either 1 or 2 entries on them. The first one
Scott:
Thank you. Once again your knowledge and responsiveness are a major reason
for the success of Declude and the reason we are committed to using your
products.
Chuck Schick
Warp 8, Inc.
303-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Pong :)
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of TC Online Support
Sent: Wednesday, March 10, 2004 9:21 AM
To: Declude.JunkMail
Subject: [Declude.JunkMail] test
You can not disable the Queue Manager. That is the delivery process, to
where ever the message is to be delivered. DNS cache can be disabled if
desired, irregardless of Imail configuration or use.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
There was a discussion a while back for someone to maintain this and
others
contribute to it but that never got anywhere either.
I know I know, I am wwway
behind.
;-)
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail
Kami's list is at his public ftp site ftp.xyz.com/imail where xyz.com is his
domain name.
I will send you my spamdomains files directly. Keep in mind I use
spamdomains quite differently than most people.
- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
So
I have received over 2,000,000 emails today for just one domain name, its
been interesting and I have been trying to stop this myself and am having
little or no luck at all figuring out what to do.
After looking at the headers of the e-mails I have found that he/she/basturd
has many many ip's
Just a personal pet peeve:
Irregardless is not a word:
http://dictionary.reference.com/search?q=irregardless%20
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent: Wednesday, March 10, 2004 2:45 PM
To: [EMAIL PROTECTED]
Subject:
Hi Darryl:
Do you have a sample of the email and the header you can send?
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darryl Koster
Sent: Wednesday, March 10, 2004 5:49 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] 2,000,000 + emails
Posting sample headers to this list usually comes back with quick, helpful
results...
Also, it sounds like you have a nobody alias on the recipient domain. You
might want to remove that and add whatever aliases you need. They're
generally a bad idea these days for reason of the very problem
I actually have 10 megs worth of them, small emails all of them with just
many many many ips for them, rarely ever from the same address. Seems to be
from (which we can pretty much ensure are spoofed) bellsouth, sprintpcs,
aol, studmail.com (laff) and a couple of others. Did you want to see lots
I will definitely be contacting you off list.
The problem I am running into now is that the imail cannot support the shear
number of emails that are being put through. We are creating log files that
are in the 300+ meg range and the server can no longer keep up with the smtp
requests.
We also
About time .
-- Original Message --
From: Kevin Bilbee [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 10 Mar 2004 09:07:01 -0800
Here is the result of the press release.
http://msnbc.msn.com/id/4496759/
Kevin Bilbee
-Original
We generally do not have nobody alias's set on the domains we have, this was
set up to capture some of the emails that were being held by the server so
we could look at the headers. Once we knew we had enough of them to work
with we removed the nobody alias. Basically those 10 Megs worth of
In this case, headers don't provide any benefit because this stuff all
comes from zombies with forged info. It's the payload links, where they
might be redirected to and/or is hosted , where their DNS is hosted, and
where their names were registered. Chances are that everything can be
Seems they're actually aware of the problem:
http://maccentral.macworld.com/news/2004/03/10/comcast/index.php?redirect=10
78943859000
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe,
Bull dookie, sounds like lip-service to me :)
Matt
Dan Patnode wrote:
Seems they're actually aware of the problem:
http://maccentral.macworld.com/news/2004/03/10/comcast/index.php?redirect=10
78943859000
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
I know I don't see eye to eye with some folks here about this, but Comcast
could prevent the problem entirely by blocking port 25 and putting some
solid limits on outbound mail with a product like Ddeeclude Hijack...
If they were really serious about fixing the problem, that is.
-Dave
-
Hmmm...so no chance of an envelope rejection when it's destined for valid
email addresses. Anyone heard of envelope rejection by subject word/phrase?
That could be useful in the future as they get more nimble. Perhaps even
Bayesian filtering on it...
Darryl, it looks like there's no choice but
Just a personal pet peeve:
Aren't all pet peeves personal? :))
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
Not to start a big argument about the issue, but just to reiterate my
stance on this...while blocking port 25 would work, it is unnecessarily
prohibitive. If my provider was to drop port 25 support, I would be
forced to move to a new provider immediately as would most around
here. I also get
On Wed, 10 Mar 2004 22:44:31 -0500
Darin Cox said something about Re: [Declude.JunkMail] 2,000,000 + emails today:
Anyone heard of envelope rejection by subject word/phrase?
That could be useful in the future as they get more nimble. Perhaps even
Bayesian filtering on it...
Darin.
Comcast already does block 25. They don't require SMTP Auth though so it
doesn't do much good.
I contract for a small dial up ISP and we have customers who are on Comcast
at home but use us for travelling. It's NOT that difficult to walk most of
them through the few steps to change the outbound
Very cool...thanks, G.
Darin.
- Original Message -
From: Gerald V. Livingston II [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 12:20 AM
Subject: Re: [Declude.JunkMail] 2,000,000 + emails today
On Wed, 10 Mar 2004 22:44:31 -0500
Darin Cox said something about
Comcast doesn't block in all markets. My father was suddenly blocked
about a year and a half ago, and it took us a couple of hours to figure
out what was going on. Their tech support confirmed that they didn't
even bother telling their customers that they were going to do this.
In many other
57 matches
Mail list logo
