RE: [Declude.JunkMail] SURBL filter script
The SURBL rbldns zone file is updated every five minutes or so, but the difference between these updates is small. I think that a filter update once or twice a day is enough. /Roger The command script that downloads the SURBL rbldns zone file, converts it to a body filter, and updates the existing filter file is available for download at http://www.botany.gu.se/download/decludescript/SURBL_filter.zi p. I have included a short readme file and added comments to the script. Wow! Great script. Downloaded, unpacked, set the script location, works fine! Any suggestions on how often we should update the file? Hourly, daily, ... Thank you Markus -- -- Roger Eriksson Botanical Institute, Göteborg University Box 461, SE 405 30 Göteborg, Sweden Visiting/delivery address: Carl Skottsbergs Gata 22 B, SE 413 19 Göteborg, Sweden Phone: +46 31 7732666 Fax: +46 31 7732677 http://www2.botany.gu.se/staff/rogeri/welcome.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New test
I would like to test. Looks like a good test. Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Dave DohertySent: Wednesday, April 14, 2004 7:14 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] New test I'd like to test it also. -Dave - Original Message - From: Bud Durland To: Declude List Sent: Wednesday, April 14, 2004 8:58 AM Subject: [Declude.JunkMail] New test I am testing a small external test program. A message fails the test if there is an discernable IP address in the HELO entry of the message. These fail the test: Received: from host-68-212-107-146.msy.bellsouth.net [68.212.107.146] by mrpcap.com Received: from ip-62-129-160-91.evhr.net [62.129.160.91] by mrpcap.com Received: from acs-24-154-41-142.zoominternet.net [24.154.41.142] by mrpcap.comOnly the bolded part of the line (HELO name) is tested. Basically, dashes become 'dots', and anything other than numbers and dots are stripped out. If what remains looks like a valid 4-octet IP address, the test fails.These entries would NOT fail -- stray number make the location of the IP ambiguous Received: from wbar3.lax1-4-8-227-083.dsl-verizon.net [4.8.227.83] by mrpcap.com Received: from c-24-125-42-12.va.client2.attbi.com [24.125.42.12] by mrpcap.com For testing, I set it up with 0 weight and a HOLD action. So far, it has not flagged anything that was not spam.If anyone is interested in trying it out, let me know. I'll probably be putting it up for download from my web site later this week.-- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com ---
[Declude.JunkMail] FW: ATT Customer Satisfaction Survey
Title: Message Good morning, I received this email this morning, supposedly from ATT. It was sent to the email address I use to test my spam settings. Anyone want to comment as to whom this is really from, or what the link really takes you to? This was a little scary to me as we deal with ATT, I can't stand their service, and would've loved to have told them how I really feel about them! My first instinct was to click on the link so I could bash them a bit, until I read it carefully, noticed a few spelling errors, and realized it had been sent to an alias account. Thanks, Sharyn -Original Message-From: ATT Business [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: ATT Customer Satisfaction SurveyImportance: High Dear Valued Customer, Welcome to the ATT Select Accounts Segment. ATT's commitment to the Mid-sized business customer has led us to create new sales segment dedicated to servicing you better. In our ongoing effort to exceed your expectations we have developed a short survey to capture your feedback. We know your time is valuable but hope that you will take a few minute to answer the following questions. You responses will be used to fine-tune our service model and further enhance your customer experience. We thank you in advance for your time. Please click the following hyperlink to complete the short survey: ATT Select Accounts Customer Satisfaction Survey If you are not the correct person to take this survey would you please forward this email to the person you feel is best suited to complete it. Your company's feedback is important to ATT and is intended to enhance your service and customer experience. We thank you in advance for your time and assistance. Sincerely, ATT Select Accounts Team You are subscribed as [EMAIL PROTECTED] To unsubscribe please click here.
Re: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey
Title: Message Zoomerang is a well-known survey engine...looks legit to me. Darin. - Original Message - From: Sharyn Schmidt To: 'Declude Junkmail List' Sent: Thursday, April 15, 2004 7:19 AM Subject: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey Good morning, I received this email this morning, supposedly from ATT. It was sent to the email address I use to test my spam settings. Anyone want to comment as to whom this is really from, or what the link really takes you to? This was a little scary to me as we deal with ATT, I can't stand their service, and would've loved to have told them how I really feel about them! My first instinct was to click on the link so I could bash them a bit, until I read it carefully, noticed a few spelling errors, and realized it had been sent to an alias account. Thanks, Sharyn -Original Message-From: ATT Business [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: ATT Customer Satisfaction SurveyImportance: High Dear Valued Customer, Welcome to the ATT Select Accounts Segment. ATT's commitment to the Mid-sized business customer has led us to create new sales segment dedicated to servicing you better. In our ongoing effort to exceed your expectations we have developed a short survey to capture your feedback. We know your time is valuable but hope that you will take a few minute to answer the following questions. You responses will be used to fine-tune our service model and further enhance your customer experience. We thank you in advance for your time. Please click the following hyperlink to complete the short survey: ATT Select Accounts Customer Satisfaction Survey If you are not the correct person to take this survey would you please forward this email to the person you feel is best suited to complete it. Your company's feedback is important to ATT and is intended to enhance your service and customer experience. We thank you in advance for your time and assistance. Sincerely, ATT Select Accounts Team You are subscribed as [EMAIL PROTECTED] To unsubscribe please click here.
Re: [Declude.JunkMail] New test
I'm interested. Thanks. Original Message From: Bud Durland Subject: [Declude.JunkMail] New test Date: Wed, 14 Apr 2004 06:05:40 -0700 I am testing a small external test program. A message fails the test if there is an discernable IP address in the HELO entry of the message. These fail the test: Received: from host-68-212-107-146.msy.bellsouth.net [68.212.107.146] by mrpcap.com Received: from ip-62-129-160-91.evhr.net [62.129.160.91] by mrpcap.com Received: from acs-24-154-41-142.zoominternet.net [24.154.41.142] by mrpcap.com Only the bolded part of the line (HELO name) is tested. Basically, dashes become 'dots', and anything other than numbers and dots are stripped out. If what remains looks like a valid 4-octet IP address, the test fails. These entries would NOT fail -- stray number make the location of the IP ambiguous Received: from wbar3.lax1-4-8-227-083.dsl-verizon.net [4.8.227.83] by mrpcap.com Received: from c-24-125-42-12.va.client2.attbi.com [24.125.42.12] by mrpcap.com For testing, I set it up with 0 weight and a HOLD action. So far, it has not flagged anything that was not spam. If anyone is interested in trying it out, let me know. I'll probably be putting it up for download from my web site later this week. Email checked by UKsubnet anti-virus service To prevent email abuse block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] all_list.date
Hello, Was just wondering what this file was? I missed a few days and didn't see anything in the archives.. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] all_list.date
all_list.dat uses the IP address to calculate the country code. Used with the COUNTRY and COUNTRIES tests. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/15/04 08:47AM Hello, Was just wondering what this file was? I missed a few days and didn't see anything in the archives.. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] JUNKMAIL Filter enhancements - using them less
I am working on reducing the amount of occasions that I need to call the BODY and ANYWHERE filters to help cut down on my server CPU spikes. I'd like to see these enhancements: 1. SKIPIFWEIGHTLESSTHAN for the filters. If the weights in the Body filter aren't going to make any difference in the final weight, why should I run it. I have to think this one is a bit of code similar to the SKIPIFWEIGHT. 2. Actual weights for the SKIPIFWEIGHT. I need to have my SKIPIFWEIGHT set to 7 points higher than my actual hold weight to accommodate the possibly negative scores for the IPNOTINMX and the NOLEGITCONTENT tests. If these tests were already calculated into the weight at the time of the SKIPIFWEIGHT is examined, I would be running the filter tests less. Does HIDETESTS play into this? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Updating Global.CFG
Hello, I'm also updating my Global.CFG file and noticed something new. What is WHITELIST AUTH? I checked the online manual, but there's nothing listed for it. There's an entry for WHITELIST HABEAS, but not AUTH. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Updating Global.CFG
It is for user SMTP authentication. To bypass relay settings and show you're really a user of the server when sending an email (so you can relay while off the local network) - since you're an authenticated user, you can choose to whitelist any emails from that particular session. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Thursday, April 15, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Updating Global.CFG Hello, I'm also updating my Global.CFG file and noticed something new. What is WHITELIST AUTH? I checked the online manual, but there's nothing listed for it. There's an entry for WHITELIST HABEAS, but not AUTH. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] JUNKMAIL Filter enhancements - using them less
Scott, It would be even better if the skip weights were listed in the Global.cfg instead of the individual filter files, that way they wouldn't even need to be opened. This could be done with the addition of two columns to the definitions of all of the custom filters and external tests. Regarding the calculation of weights with those negative weight tests, I asked about this a few months ago after a similar discussion and Scott indicated that this wasn't happening. Honestly, I can't really tell you if it is or isn't still happening on my box, though maybe only a small percentage of spam would get the credit and as a result end up in my hold file instead of landing in my drop range. Matt Scott Fisher wrote: I am working on reducing the amount of occasions that I need to call the BODY and ANYWHERE filters to help cut down on my server CPU spikes. I'd like to see these enhancements: 1. SKIPIFWEIGHTLESSTHAN for the filters. If the weights in the Body filter aren't going to make any difference in the final weight, why should I run it. I have to think this one is a bit of code similar to the SKIPIFWEIGHT. 2. Actual weights for the SKIPIFWEIGHT. I need to have my SKIPIFWEIGHT set to 7 points higher than my actual hold weight to accommodate the possibly negative scores for the IPNOTINMX and the NOLEGITCONTENT tests. If these tests were already calculated into the weight at the time of the SKIPIFWEIGHT is examined, I would be running the filter tests less. Does HIDETESTS play into this? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] JUNKMAIL Filter enhancements - using them less
I'd like to see these enhancements: 1. SKIPIFWEIGHTLESSTHAN for the filters. If the weights in the Body filter aren't going to make any difference in the final weight, why should I run it. I have to think this one is a bit of code similar to the SKIPIFWEIGHT. This is something that we hope to add. 2. Actual weights for the SKIPIFWEIGHT. I need to have my SKIPIFWEIGHT set to 7 points higher than my actual hold weight to accommodate the possibly negative scores for the IPNOTINMX and the NOLEGITCONTENT tests. If these tests were already calculated into the weight at the time of the SKIPIFWEIGHT is examined, I would be running the filter tests less. Does HIDETESTS play into this? Unfortunately, this would be difficult to implement. The reason for this is that Declude JunkMail keeps track of whether a test has failed or not. It starts off with no tests failing, then if a test runs, Declude JunkMail records that it has failed the test. So when it comes time to calculate the total weight for SKIPIFWEIGHT, Declude JunkMail would end up reducing the total weight of the E-mail for any tests that have not yet run that have a negative weight and that the E-mail would have failed. This ended up causing some problems when it was originally calculated that way. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey
Title: Message Definitely fake, Sharyn. 0) Like you said, it had at least one typo. And would they tell you what "segment" they've put you in? And to an email address they've never been given? 1)The link goes throughanother provider with a 6 month old domain name,through a Group Telecom connection in Canada. ATT certainly has their own bandwidth, and if they wanted the feedback survey to be done by a 3rd party, they would clearly state so. 2) Have you ever seen the legal disclaimer at the bottom of a real message from ATT? It's half as long as any email they send out, and those emails are full of happy pictures. 3) Check the URL. They have no reason to escape the characters in the URL, and it's full of tracking information that looks like classic ROKSO spamgang technique. The same info is in the links at the bottom of the message. 4) The weird thing is that the ATT logo comes from the website of an advertising agency... that seems really unlikely, unless it was the ad agency itself that sent it (but you didn't include the header of the email). Andrew 8) -Original Message-From: Sharyn Schmidt [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:19 AMTo: 'Declude Junkmail List'Subject: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey Good morning, I received this email this morning, supposedly from ATT. It was sent to the email address I use to test my spam settings. Anyone want to comment as to whom this is really from, or what the link really takes you to? This was a little scary to me as we deal with ATT, I can't stand their service, and would've loved to have told them how I really feel about them! My first instinct was to click on the link so I could bash them a bit, until I read it carefully, noticed a few spelling errors, and realized it had been sent to an alias account. Thanks, Sharyn -Original Message-From: ATT Business [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: ATT Customer Satisfaction SurveyImportance: High Dear Valued Customer, Welcome to the ATT Select Accounts Segment. ATT's commitment to the Mid-sized business customer has led us to create new sales segment dedicated to servicing you better. In our ongoing effort to exceed your expectations we have developed a short survey to capture your feedback. We know your time is valuable but hope that you will take a few minute to answer the following questions. You responses will be used to fine-tune our service model and further enhance your customer experience. We thank you in advance for your time. Please click the following hyperlink to complete the short survey: ATT Select Accounts Customer Satisfaction Survey If you are not the correct person to take this survey would you please forward this email to the person you feel is best suited to complete it. Your company's feedback is important to ATT and is intended to enhance your service and customer experience. We thank you in advance for your time and assistance. Sincerely, ATT Select Accounts Team You are subscribed as [EMAIL PROTECTED] To unsubscribe please click here.
[Declude.JunkMail] Updated SURBL filter script
Hi, The SURBL filter script has been updated and should now run under both Windows NT 4 and Windows 2000. The updated script can be downloaded at http://www.botany.gu.se/download/decludescript/SURBL_filter.zip. Those of you that downloaded the previous version and use it on Windows 2000 don't need to update. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] tricks for dealing with null senders?
Hi Dave, thanks for the response. I'm not sure of the mechanics of rejection, all I did to stop this for now was to check the reject null senders box in smtp security. Please understand that I'm just a guy who got stuck with this job, and 90% of the conversation in this list is over my head :D Originally this iwebmsg power consumption was happening by means of null senders sending messages to imailsrv which was generating tons of illegal list commands in the log, I got around this by renaming imailsrv.exe to something else which got the log files down to 4 or 5 mbs a day instead of 70 or 80. We don't have any need for the imailsrv function, so I thought what the heck... This lasted for a few weeks, but now it's happening again, although not to the same extent. I was previously getting somewhere around 170,000 of these a day. I'm seeing that a few of them are now starting to send to listserv. The log files are now at around 7 or 8 mbs, I'm getting about 2000 of these null senders a day now, which really shouldn't bother. I do have a number of tmp files in the spool directory which I wasn't getting before I renamed the imailsrv.exe, strangely these tmp files don't look as though they are related to any attempt to send a message to imailsrv. Weird. Another thing that is goofy is that I have a couple of users whose attachments seem to stay in the spool directory for ever and ever, is that normal for a user that pretty much exclusively uses the web mail function? spool directory size is usually about 60 or 70 mbs, with about 100 or 150 files in it. I usually keep about a months worth of logs in the spool. any suggestions? i'm waiting to get a bunch of postmaster messages from rfc-ignorant while i have things set this way. cheers Royce At 10:11 PM 14/04/2004 -0400, you wrote: Hi Royce- How are you rejecting the messages? Do you use a nobody alias with an autoresponse, or do you just let Imail return the standard error message? Any idea how many you're getting? It seems odd that this would effect iwebmsg. Look for another problem somewhere. How many files do you have in your spool directory? -Dave - Original Message - From: Royce Burnett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:43 PM Subject: [Declude.JunkMail] tricks for dealing with null senders? Using Imail 6.05, and Declude 1.79 beta on NT4.0 I've had a spate of crud flowing in the last week or so from @variousaddresses addressed to [EMAIL PROTECTED], which of course get turned away as the addressee is unknown to my mail server. Unfortunately there seems to be such a flood of the damned things that it ends up stalling the iwebmsg service and consuming 100% cpu so a number of times a day I have to shut the iwebmsg service down, which can take up to 20 minutes to accomplish. I've had to turn off accepting null senders just to grab my breath. Whats the quick and dirty solution, some sort of hold action? is there a way to configure a declude test to action these messages? please forgive if this seems a stupid question, i'm pretty foggy after a 4 AM hard drive replacement on a different machine Thanks for any answers Royce Burnett CICI --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey
Title: Message I could be wrong, but I disagree. I've seen a number of legit surveys run by zoomerang...and legit marketing messages delivered by postsnet.com. Darin. - Original Message - From: Colbeck, Andrew To: '[EMAIL PROTECTED]' Sent: Thursday, April 15, 2004 10:50 AM Subject: RE: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey Definitely fake, Sharyn. 0) Like you said, it had at least one typo. And would they tell you what "segment" they've put you in? And to an email address they've never been given? 1)The link goes throughanother provider with a 6 month old domain name,through a Group Telecom connection in Canada. ATT certainly has their own bandwidth, and if they wanted the feedback survey to be done by a 3rd party, they would clearly state so. 2) Have you ever seen the legal disclaimer at the bottom of a real message from ATT? It's half as long as any email they send out, and those emails are full of happy pictures. 3) Check the URL. They have no reason to escape the characters in the URL, and it's full of tracking information that looks like classic ROKSO spamgang technique. The same info is in the links at the bottom of the message. 4) The weird thing is that the ATT logo comes from the website of an advertising agency... that seems really unlikely, unless it was the ad agency itself that sent it (but you didn't include the header of the email). Andrew 8) -Original Message-From: Sharyn Schmidt [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:19 AMTo: 'Declude Junkmail List'Subject: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey Good morning, I received this email this morning, supposedly from ATT. It was sent to the email address I use to test my spam settings. Anyone want to comment as to whom this is really from, or what the link really takes you to? This was a little scary to me as we deal with ATT, I can't stand their service, and would've loved to have told them how I really feel about them! My first instinct was to click on the link so I could bash them a bit, until I read it carefully, noticed a few spelling errors, and realized it had been sent to an alias account. Thanks, Sharyn -Original Message-From: ATT Business [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 5:22 PMTo: [EMAIL PROTECTED]Subject: ATT Customer Satisfaction SurveyImportance: High Dear Valued Customer, Welcome to the ATT Select Accounts Segment. ATT's commitment to the Mid-sized business customer has led us to create new sales segment dedicated to servicing you better. In our ongoing effort to exceed your expectations we have developed a short survey to capture your feedback. We know your time is valuable but hope that you will take a few minute to answer the following questions. You responses will be used to fine-tune our service model and further enhance your customer experience. We thank you in advance for your time. Please click the following hyperlink to complete the short survey: ATT Select Accounts Customer Satisfaction Survey If you are not the correct person to take this survey would you please forward this email to the person you feel is best suited to complete it. Your company's feedback is important to ATT and is intended to enhance your service and customer experience. We thank you in advance for your time and assistance. Sincerely, ATT Select Accounts Team You are subscribed as [EMAIL PROTECTED] To unsubscribe please click here.
RE: [Declude.JunkMail] FW: ATT Customer Satisfaction Survey
Title: Message Thanks Folks. Appreciate the input. I decided against taking the survey although if it was legit, I would've liked to have REALLY told them how I feel! Sharyn
RE: [Declude.JunkMail] Per Domain Whitelisting of Individual E-Mail Addresses
AutoWhite for Declude. J http://www.eservicesforyou.com/products/autowhite.html John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Thursday, April 15, 2004 9:03 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Per Domain Whitelisting of Individual E-Mail Addresses Hello, All, Could some kind soul share with me what my options are for WHITELISTING with Declude JunkMail Pro? Specifically a WHITELIST which would be auto-created when the users of our spam filtering service send an e-mail message to someone on the Internet. It would be great if that could be added to a list which DJM Pro would automatically recognize as a valid address when the e-mail message reply comes back in I am currently setup with a per-domain configuration if that makes any difference. Thanks, Much! Dan Geiser [EMAIL PROTECTED]
[Declude.JunkMail] Mailbox-Spam
Hi; We are sending all emails that fail a certain weight to the spam mailbox of the user. The problem we are seeing is when users use aliases and not real UserID's. WEIGHT20mMAILBOX spam this sends the email to a User:First.Last@Domain.comwith Alias: [EMAIL PROTECTED] to [EMAIL PROTECTED] that user is not defined. IMail does not know that the user name is an alias therefore it can't create a mailbox. We are seeing mailbox not found errors. Any ideas as to how we can fix this? Regards, Kami
RE: [Declude.JunkMail] Per Domain Whitelisting of Individual E-Mail Addresses
Dan, We use John's external test Autowhite and until now I can't see any "false negative". Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)Sent: Thursday, April 15, 2004 6:20 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Per Domain Whitelisting of Individual E-Mail Addresses AutoWhite for Declude. J http://www.eservicesforyou.com/products/autowhite.html John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan GeiserSent: Thursday, April 15, 2004 9:03 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Per Domain Whitelisting of Individual E-Mail Addresses Hello, All, Could some kind soul share with me what my options are for WHITELISTING with Declude JunkMail Pro? Specifically a WHITELIST which would be auto-created when the users of our spam filtering service send an e-mail message to someone on the Internet. It would be great if that could be added to a list which DJM Pro would automatically recognize as a valid address when the e-mail message reply comes back in I am currently setup with a per-domain configuration if that makes any difference. Thanks, Much! Dan Geiser [EMAIL PROTECTED]
RE: [Declude.JunkMail] Per Domain Whitelisting of Individual E-Mail Addresses
Title: Message John is going to suggest Autowhite. He's biased, it's his product. We're a customer, we're not biased grin. It's great. Rob
RE: [Declude.JunkMail] Updated SURBL filter script
Roger, this version works on my NT4 machine like a champ. Thanks again. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Eriksson Sent: Thursday, April 15, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Updated SURBL filter script Hi, The SURBL filter script has been updated and should now run under both Windows NT 4 and Windows 2000. The updated script can be downloaded at http://www.botany.gu.se/download/decludescript/SURBL_filter.zip. Those of you that downloaded the previous version and use it on Windows 2000 don't need to update. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Ipfile.txt
Hello, I accidentally overwrote my ipfile.txt test when I upgraded my Declude config files (global.cfg $default$.junkmail). Just wanted to make sure I get this right (would like to add this as well even though the latest-greatest global.cfg file is catching A LOT of spam). In the global.cfg file I would enter the following entry: IPTEST ipfile C:\IMail\Declude\ipfile.txt x 10 0 And then in the $default$.junkmail file, I would enter the following entry: IPTEST ROUTETO [EMAIL PROTECTED] (or whatever I want) This appear as being correct, right? Thanks.. -Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ipfile.txt
In the global.cfg file I would enter the following entry: IPTEST ipfile C:\IMail\Declude\ipfile.txt x 10 0 And then in the $default$.junkmail file, I would enter the following entry: IPTEST ROUTETO [EMAIL PROTECTED] (or whatever I want) This appear as being correct, right? That looks good to me. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Mailbox-Spam
We are sending all emails that fail a certain weight to the spam mailbox of the user. The problem we are seeing is when users use aliases and not real UserID's. WEIGHT20m MAILBOX spam this sends the email to a User: First.Lastmailto:[EMAIL PROTECTED]@Domain.com with Alias: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] to mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Are you using the SWITCHRECIPS ON option? If so, that would be the intended behavior. Otherwise, for an E-mail to [EMAIL PROTECTED] that gets resolved to [EMAIL PROTECTED], the MAILBOX action should send the E-mail to [EMAIL PROTECTED] -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailbox-Spam
Hi Scott: No we are not using SWITCHRECIPS ON option. we are using: X-Note: This E-mail was scanned filtered by Declude [1.79i4] for SPAM virus. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 15, 2004 1:21 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Mailbox-Spam We are sending all emails that fail a certain weight to the spam mailbox of the user. The problem we are seeing is when users use aliases and not real UserID's. WEIGHT20m MAILBOX spam this sends the email to a User: First.Lastmailto:[EMAIL PROTECTED]@Domain.com with Alias: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] to mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Are you using the SWITCHRECIPS ON option? If so, that would be the intended behavior. Otherwise, for an E-mail to [EMAIL PROTECTED] that gets resolved to [EMAIL PROTECTED], the MAILBOX action should send the E-mail to [EMAIL PROTECTED] -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailbox-Spam
No we are not using SWITCHRECIPS ON option. So if you have an alias of [EMAIL PROTECTED] that points to an actual user account [EMAIL PROTECTED], are you saying that the MAILBOX action moves the E-mail to [EMAIL PROTECTED] (instead of [EMAIL PROTECTED])? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailbox-Spam
Hi Scott: Here is the situation. UserID: [EMAIL PROTECTED] Alias: [EMAIL PROTECTED] The mailbox action: WEIGHT20m MAILBOX spam sends the spam to: [EMAIL PROTECTED] Naturally [EMAIL PROTECTED] does not exist. [EMAIL PROTECTED] exists. So spam is bouncing and mailbox is not created. Am I not doing this right? Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 15, 2004 2:09 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Mailbox-Spam No we are not using SWITCHRECIPS ON option. So if you have an alias of [EMAIL PROTECTED] that points to an actual user account [EMAIL PROTECTED], are you saying that the MAILBOX action moves the E-mail to [EMAIL PROTECTED] (instead of [EMAIL PROTECTED])? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailbox-Spam
Here is the situation. UserID: [EMAIL PROTECTED] Alias: [EMAIL PROTECTED] The mailbox action: WEIGHT20m MAILBOX spam sends the spam to: [EMAIL PROTECTED] So you are saying that mail is sent to [EMAIL PROTECTED] (an alias), and Declude is changing it to [EMAIL PROTECTED] Either IMail isn't handling the alias properly, or Declude JunkMail isn't handling the re-routing properly. It sounds like the debug mode will be needed here. To use the debug mode, you can change the LOGLEVEL LOW line in \IMail\Declude\global.cfg to LOGLEVEL DEBUG. Then, after an E-mail arrives that has this issue, you can then switch back to LOGLEVEL LOW (the debug mode adds huge amounts of information to the log file). You can then send me the \IMail\spool\dec.log file (as an attachment, NOT sent from web messaging), and I can take a look at it to see what is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailbox-Spam
No its not declude changing anything This happens if you have automatic making of new mailboxes turned on in Imail, its that by default If you send an email to [EMAIL PROTECTED] and you alove this it will create a mail box like do-do Have seen this several times with aliases in Imail and mailboxes with dots in the name -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: 15. april 2004 20:32 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Mailbox-Spam Here is the situation. UserID: [EMAIL PROTECTED] Alias: [EMAIL PROTECTED] The mailbox action: WEIGHT20m MAILBOX spam sends the spam to: [EMAIL PROTECTED] So you are saying that mail is sent to [EMAIL PROTECTED] (an alias), and Declude is changing it to [EMAIL PROTECTED] Either IMail isn't handling the alias properly, or Declude JunkMail isn't handling the re-routing properly. It sounds like the debug mode will be needed here. To use the debug mode, you can change the LOGLEVEL LOW line in \IMail\Declude\global.cfg to LOGLEVEL DEBUG. Then, after an E-mail arrives that has this issue, you can then switch back to LOGLEVEL LOW (the debug mode adds huge amounts of information to the log file). You can then send me the \IMail\spool\dec.log file (as an attachment, NOT sent from web messaging), and I can take a look at it to see what is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] a SURBL snapshot observation
For what it's worth, over the last 2 days, my SURBL success has been 20% that of the text filter I use to block recent spam we've noticed (which contains spamvertised domains). And there has been little overlap between my local test and SURBL. Which simply shows that my spam is different from your spam, and his spam, and her spam. Also, SURBL has a much higher hit rate if I take into account the number of lines in each file, i.e. my local filter is more effective, but contains lots of lines that are not effective, so SURBL is also more CPU-friendly. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailbox-Spam
Forgot to post the solution I came upp with Full mailadress instead of just spam seems to solve the problem -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ISPHuset Nordic Sent: 15. april 2004 20:47 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Mailbox-Spam No its not declude changing anything This happens if you have automatic making of new mailboxes turned on in Imail, its that by default If you send an email to [EMAIL PROTECTED] and you alove this it will create a mail box like do-do Have seen this several times with aliases in Imail and mailboxes with dots in the name -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: 15. april 2004 20:32 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Mailbox-Spam Here is the situation. UserID: [EMAIL PROTECTED] Alias: [EMAIL PROTECTED] The mailbox action: WEIGHT20m MAILBOX spam sends the spam to: [EMAIL PROTECTED] So you are saying that mail is sent to [EMAIL PROTECTED] (an alias), and Declude is changing it to [EMAIL PROTECTED] Either IMail isn't handling the alias properly, or Declude JunkMail isn't handling the re-routing properly. It sounds like the debug mode will be needed here. To use the debug mode, you can change the LOGLEVEL LOW line in \IMail\Declude\global.cfg to LOGLEVEL DEBUG. Then, after an E-mail arrives that has this issue, you can then switch back to LOGLEVEL LOW (the debug mode adds huge amounts of information to the log file). You can then send me the \IMail\spool\dec.log file (as an attachment, NOT sent from web messaging), and I can take a look at it to see what is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS?
Hello, All, Can someone tell me why the below headers were flagged as HELOBOGUS? - Received: from prxyecs2.xlecs.com [216.83.185.228] by shkins.com with ESMTP (SMTPD32-6.06) id A06C267000A2; Thu, 15 Apr 2004 14:11:56 -0400Received: from msecs2.ecscenter.com (unverified) by prxyecs2.xlecs.com(Content Technologies SMTPRS 4.2.10) with ESMTP id [EMAIL PROTECTED];Thu, 15 Apr 2004 14:09:11 -0400Received: by msecs2.ext.usa.xl with Internet Mail Service (5.5.2655.55)id 20S8FADX; Thu, 15 Apr 2004 14:01:50 -0400Message-ID: [EMAIL PROTECTED]From: "Someone" Someone@xlprograms.comTo: "'[EMAIL PROTECTED]'" someone@shkins.comCc: "'someoneelse@shkins.com'" someoneelse@shkins.comSubject: OJ Loss RunDate: Thu, 15 Apr 2004 14:13:36 -0400MIME-Version: 1.0X-Mailer: Internet Mail Service (5.5.2655.55)Content-Type: multipart/alternative;boundary="_=_NextPart_001_01C42315.5E8311F0"X-Declude-Sender: someone@xlprograms.com [216.83.185.228]X-Note: This E-mail was scanned filtered by Declude [1.75] for SPAM viruses.X-Country-Chain: UNITED STATES-destinationX-Note: Recipient(s): someone@shkins.com, someoneelse@shkins.comX-Note: Sent with HELO [prxyecs2.xlecs.com] from Reverse DNS [prxyecs2.ecscenter.com] X-Spam-Tests-Failed: HELOBOGUS, IPNOTINMX, NOLEGITCONTENT, WEIGHT-HOLD [5] - The helo doesn't look bogus to me unless something has changed with that test. Thanks, Dan Geiser [EMAIL PROTECTED]
Re: [Declude.JunkMail] tricks for dealing with null senders?
Hi Royce- Sounds like you've got a few things going on there. Understand, I'm on version 8.05 now, so your mileage may vary. I'll try to keep it the basics. First off, it sounds to me like you have too much stuff in your spool directory. I suggest that you zip your older log files and move them out of the spool directory. You should be able to delete all spool files older than one or two days if you use normal SMTP retry settings like ten attempts half an hour apart. How large are the attachment files? They may be stuck in the queue because they were never delivered. That can happen if they are large, particularly larger than 2MB. If you have no lists, you should not have an imailsrv alias. Delete that if it's present. Delete the nobody alias if it's present. That will let Imail reject misaddressed messages before it processes them. This is way more efficient, and it should cut down on your processor and disk activity quite a lot. Maybe others here have more / better suggestions. -Dave Doherty Skywaves, Inc. - Original Message - From: Royce Burnett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:06 AM Subject: Re: [Declude.JunkMail] tricks for dealing with null senders? Hi Dave, thanks for the response. I'm not sure of the mechanics of rejection, all I did to stop this for now was to check the reject null senders box in smtp security. Please understand that I'm just a guy who got stuck with this job, and 90% of the conversation in this list is over my head :D Originally this iwebmsg power consumption was happening by means of null senders sending messages to imailsrv which was generating tons of illegal list commands in the log, I got around this by renaming imailsrv.exe to something else which got the log files down to 4 or 5 mbs a day instead of 70 or 80. We don't have any need for the imailsrv function, so I thought what the heck... This lasted for a few weeks, but now it's happening again, although not to the same extent. I was previously getting somewhere around 170,000 of these a day. I'm seeing that a few of them are now starting to send to listserv. The log files are now at around 7 or 8 mbs, I'm getting about 2000 of these null senders a day now, which really shouldn't bother. I do have a number of tmp files in the spool directory which I wasn't getting before I renamed the imailsrv.exe, strangely these tmp files don't look as though they are related to any attempt to send a message to imailsrv. Weird. Another thing that is goofy is that I have a couple of users whose attachments seem to stay in the spool directory for ever and ever, is that normal for a user that pretty much exclusively uses the web mail function? spool directory size is usually about 60 or 70 mbs, with about 100 or 150 files in it. I usually keep about a months worth of logs in the spool. any suggestions? i'm waiting to get a bunch of postmaster messages from rfc-ignorant while i have things set this way. cheers Royce At 10:11 PM 14/04/2004 -0400, you wrote: Hi Royce- How are you rejecting the messages? Do you use a nobody alias with an autoresponse, or do you just let Imail return the standard error message? Any idea how many you're getting? It seems odd that this would effect iwebmsg. Look for another problem somewhere. How many files do you have in your spool directory? -Dave - Original Message - From: Royce Burnett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:43 PM Subject: [Declude.JunkMail] tricks for dealing with null senders? Using Imail 6.05, and Declude 1.79 beta on NT4.0 I've had a spate of crud flowing in the last week or so from @variousaddresses addressed to [EMAIL PROTECTED], which of course get turned away as the addressee is unknown to my mail server. Unfortunately there seems to be such a flood of the damned things that it ends up stalling the iwebmsg service and consuming 100% cpu so a number of times a day I have to shut the iwebmsg service down, which can take up to 20 minutes to accomplish. I've had to turn off accepting null senders just to grab my breath. Whats the quick and dirty solution, some sort of hold action? is there a way to configure a declude test to action these messages? please forgive if this seems a stupid question, i'm pretty foggy after a 4 AM hard drive replacement on a different machine Thanks for any answers Royce Burnett CICI --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus
Re: [Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS?
Can someone tell me why the below headers were flagged as HELOBOGUS? Because: Received: from prxyecs2.xlecs.com [216.83.185.228] by shkins.com with ESMTP (SMTPD32-6.06) id A06C267000A2; Thu, 15 Apr 2004 14:11:56 -0400 The remote mailserver is identifying itself as a host named prxyecs2.xlecs.com, but prxyecs2.xlecs.com has no MX record or A record. It is not a real Internet host. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Multiple Actions for failed tests
Is it possible to specify multiple actions for failed tests? I.e.: filtername log filtername warn filtername copyto [EMAIL PROTECTED] Thank you,Joshua HughesSunline Team941-206-7870888-512-6100 http://www.sunline.net/
Re: [Declude.JunkMail] Multiple Actions for failed tests
Is it possible to specify multiple actions for failed tests? If you check out the Multiple actions per test section of the manual at http://www.declude.com/junkmail/manual.htm , it explains how you can accomplish this (you need to set up multiple tests that are defined the same way). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] tricks for dealing with null senders?
Great Dave, thanks a lot for the help. I'll make some changes and keep an eye on it. Cheers Royce CICI At 03:14 PM 15/04/2004 -0400, you wrote: Hi Royce- Sounds like you've got a few things going on there. Understand, I'm on version 8.05 now, so your mileage may vary. I'll try to keep it the basics. First off, it sounds to me like you have too much stuff in your spool directory. I suggest that you zip your older log files and move them out of the spool directory. You should be able to delete all spool files older than one or two days if you use normal SMTP retry settings like ten attempts half an hour apart. How large are the attachment files? They may be stuck in the queue because they were never delivered. That can happen if they are large, particularly larger than 2MB. If you have no lists, you should not have an imailsrv alias. Delete that if it's present. Delete the nobody alias if it's present. That will let Imail reject misaddressed messages before it processes them. This is way more efficient, and it should cut down on your processor and disk activity quite a lot. Maybe others here have more / better suggestions. -Dave Doherty Skywaves, Inc. - Original Message - From: Royce Burnett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:06 AM Subject: Re: [Declude.JunkMail] tricks for dealing with null senders? Hi Dave, thanks for the response. I'm not sure of the mechanics of rejection, all I did to stop this for now was to check the reject null senders box in smtp security. Please understand that I'm just a guy who got stuck with this job, and 90% of the conversation in this list is over my head :D Originally this iwebmsg power consumption was happening by means of null senders sending messages to imailsrv which was generating tons of illegal list commands in the log, I got around this by renaming imailsrv.exe to something else which got the log files down to 4 or 5 mbs a day instead of 70 or 80. We don't have any need for the imailsrv function, so I thought what the heck... This lasted for a few weeks, but now it's happening again, although not to the same extent. I was previously getting somewhere around 170,000 of these a day. I'm seeing that a few of them are now starting to send to listserv. The log files are now at around 7 or 8 mbs, I'm getting about 2000 of these null senders a day now, which really shouldn't bother. I do have a number of tmp files in the spool directory which I wasn't getting before I renamed the imailsrv.exe, strangely these tmp files don't look as though they are related to any attempt to send a message to imailsrv. Weird. Another thing that is goofy is that I have a couple of users whose attachments seem to stay in the spool directory for ever and ever, is that normal for a user that pretty much exclusively uses the web mail function? spool directory size is usually about 60 or 70 mbs, with about 100 or 150 files in it. I usually keep about a months worth of logs in the spool. any suggestions? i'm waiting to get a bunch of postmaster messages from rfc-ignorant while i have things set this way. cheers Royce At 10:11 PM 14/04/2004 -0400, you wrote: Hi Royce- How are you rejecting the messages? Do you use a nobody alias with an autoresponse, or do you just let Imail return the standard error message? Any idea how many you're getting? It seems odd that this would effect iwebmsg. Look for another problem somewhere. How many files do you have in your spool directory? -Dave - Original Message - From: Royce Burnett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 14, 2004 3:43 PM Subject: [Declude.JunkMail] tricks for dealing with null senders? Using Imail 6.05, and Declude 1.79 beta on NT4.0 I've had a spate of crud flowing in the last week or so from @variousaddresses addressed to [EMAIL PROTECTED], which of course get turned away as the addressee is unknown to my mail server. Unfortunately there seems to be such a flood of the damned things that it ends up stalling the iwebmsg service and consuming 100% cpu so a number of times a day I have to shut the iwebmsg service down, which can take up to 20 minutes to accomplish. I've had to turn off accepting null senders just to grab my breath. Whats the quick and dirty solution, some sort of hold action? is there a way to configure a declude test to action these messages? please forgive if this seems a stupid question, i'm pretty foggy after a 4 AM hard drive replacement on a different machine Thanks for any answers Royce Burnett CICI --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Re: [Declude.JunkMail] Multiple Actions for failed tests
From: Declude JunkMail Install/Manual Multiple actions per test Declude JunkMail does not support multiple actions per test. When it was designed, it was assumed that people would only want to use one of the two actions that other anti-spam products use: WARN or BOUNCE. However, since Declude JunkMail allows so many different actions to be taken on E-mail, a number of people have requested the ability to use multiple actions per test. Although Declude JunkMail does not support this, there is a way to accomplish the same end result. You just need to define two copies of the same test, each with a different name. For example, if you wanted to have the SPAMCOP test use both the WARN and SUBJECT actions, you would change add a new test SPAMCOP2. The \IMail\Declude\global.cfg defines the SPAMCOP test as: SPAMCOP ip4r bl.spamcop.net 127.0.0.2 7 0 You would add another entry that is identical except with a different name, so you would now have: SPAMCOP ip4r bl.spamcop.net 127.0.0.2 7 0 SPAMCOP2 ip4r bl.spamcop.net 127.0.0.2 0 0 Then, in your $default$.JunkMail file, you could have: SPAMCOP SUBJECT Spam: SPAMCOP2 WARN Now, both actions will be used. There are some combinations of actions that will not work together (such as DELETE and HOLD, which logically can't both be used), but most will. Also, if you use the weighting system, you should set the weights of the second test to 0, so that you do not end up with double the weight. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/15/04 02:36PM Is it possible to specify multiple actions for failed tests? I.e.: filternamelog filternamewarn filternamecopyto [EMAIL PROTECTED] Thank you, Joshua Hughes Sunline Team 941-206-7870 888-512-6100 http://www.sunline.net/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Reverse DNS on Hotmail..???
All of sudden yesterday evening and this morning hotmail and MSN messages are failing reverse DNS - saying that reverse dns does not exist. This makes it also fail spamdomains. Anyone else seeing this and have any idea of what is going on? Just curious. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Hotmail follow up
I thought I would forward some IPs this is happening on. 65.54.241.110 65.54.241.118 These IPs are registered to Microsoft when I do an IPWHOIS but when I do a reverse DNS I get a No PTR record response. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS?
Hi, Scott, Is the existence of an A record or MX record the only thing that the helovalid test type checks for? I, perhaps wrongly, assumed that it checked the format of the HELO string looking for a Fully-Qualified Domain Name. For example, OEMCOMPUTER would fail the test because it didn't have a TLD. But perhaps all along the test has just been looking for the existence of an MX or A record and if it doesn't find it then it tests fails. If an MX or A record does exist are there any other things the helovalid test type looks for? Thanks In Advance, Dan Geiser [EMAIL PROTECTED] - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 15, 2004 3:17 PM Subject: Re: [Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS? Can someone tell me why the below headers were flagged as HELOBOGUS? Because: Received: from prxyecs2.xlecs.com [216.83.185.228] by shkins.com with ESMTP (SMTPD32-6.06) id A06C267000A2; Thu, 15 Apr 2004 14:11:56 -0400 The remote mailserver is identifying itself as a host named prxyecs2.xlecs.com, but prxyecs2.xlecs.com has no MX record or A record. It is not a real Internet host. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS?
Is the existence of an A record or MX record the only thing that the helovalid test type checks for? Correct -- because those are the only two correct ways to do it. It *should* have an A record; if not, though, most people consider an MX record to be acceptable. I, perhaps wrongly, assumed that it checked the format of the HELO string looking for a Fully-Qualified Domain Name. For example, OEMCOMPUTER would fail the test because it didn't have a TLD. But perhaps all along the test has just been looking for the existence of an MX or A record and if it doesn't find it then it tests fails. If an MX or A record does exist are there any other things the helovalid test type looks for? It just looks for the MX/A records. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPNOTINMX and NOLEGITCONTENT
If the IPNOTINMX and NOLEGITCONTENT tests are displayed in the X-Spam-Tests-Failed: header in a message does that mean the message passed or failed the tests in question? It means that it failed those tests. Which is better for a message to have points subtracted off it's total score? To pass or fail these tests? It's better for E-mails to pass those tests (so that they do not appear in the headers). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Updating Global.CFG
Doesn't that only work with Imail 8.x and not the earlier versions. I got the impression somewhere, sometime. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Hyslip Sent: Thursday, April 15, 2004 8:22 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG It is for user SMTP authentication. To bypass relay settings and show you're really a user of the server when sending an email (so you can relay while off the local network) - since you're an authenticated user, you can choose to whitelist any emails from that particular session. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Thursday, April 15, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Updating Global.CFG Hello, I'm also updating my Global.CFG file and noticed something new. What is WHITELIST AUTH? I checked the online manual, but there's nothing listed for it. There's an entry for WHITELIST HABEAS, but not AUTH. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Updating Global.CFG
We're running iMail v6.06 and I've been running the SMTP AUTH for about 2 years (only way to remove our server from open-relay lists; started the job to find this out).. This is a very nice feature since I've had a number of people saying messages they they've sent from home being seen as SPAM and not being delivered.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hyslip Sent: Thursday, April 15, 2004 4:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG There's a checkbox under the properties of the SMTP service, something about disabling the AUTH function. This was on 7.x I am pretty sure, probably supported for quite some time. The introduction into declude I believe has been much more recent. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Thursday, April 15, 2004 4:18 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG Doesn't that only work with Imail 8.x and not the earlier versions. I got the impression somewhere, sometime. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Hyslip Sent: Thursday, April 15, 2004 8:22 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG It is for user SMTP authentication. To bypass relay settings and show you're really a user of the server when sending an email (so you can relay while off the local network) - since you're an authenticated user, you can choose to whitelist any emails from that particular session. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Thursday, April 15, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Updating Global.CFG Hello, I'm also updating my Global.CFG file and noticed something new. What is WHITELIST AUTH? I checked the online manual, but there's nothing listed for it. There's an entry for WHITELIST HABEAS, but not AUTH. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why does this fail the spam domains test?
Can anyone explain why this message would fail the spamdomains test? Here is the spamdomains entry: @juno.com.untd.com The key here is the reverse DNS entry -- do you have the full headers for the E-mail? Although the IMail log file shows the IP address, it is possible that Declude JunkMail may have used a different IP, which would be reflected in the headers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Updating Global.CFG
IIRC, this Declude option is only valid for IMail 8 and up. In version 8, Ipswitch started putting an entry into the Q*.SMD indicating whether or not the sender had AUTH'ed. Declude was programmed to recognize that entry and Whitelist users that had AUTH'ed if the WHITELIST AUTH directive is used. For Imail versions prior to IMail 8 there is no entry in the Q*.SMD, and so the directive will have no effect. Dan Horne, CCNA Web Services Administrator TAIS Web Wilcox World Travel Tours [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. SPAM-FREE 1.0(2476) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership
Oops, sorry all. I meant to reply directly to Sandy. Too many emails open. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Edge Sent: Thursday, April 15, 2004 2:15 PM To: [EMAIL PROTECTED] Subject: RE: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership Hi Sandy, Thanks for the info. I did see the message and will be having a look at it as well. My big hurdle will be to try to find something that will allow me to migrate existing email from Imail to an Exchange 2003 server. Its all in the pros and cons what if stage right now. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, April 14, 2004 8:42 PM To: Richard Edge Subject: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership We are likely going to be moving from Imail for our student email server to an Exchange 2003 server (as a mate to the staff faculty server). You might then be interested in MilterSink (announced earlier), which will incorporate limited support for Declude (all tests, but not all actions, are expected to be available). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership
Hi Sandy, Thanks for the info. I did see the message and will be having a look at it as well. My big hurdle will be to try to find something that will allow me to migrate existing email from Imail to an Exchange 2003 server. Its all in the pros and cons what if stage right now. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, April 14, 2004 8:42 PM To: Richard Edge Subject: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership We are likely going to be moving from Imail for our student email server to an Exchange 2003 server (as a mate to the staff faculty server). You might then be interested in MilterSink (announced earlier), which will incorporate limited support for Declude (all tests, but not all actions, are expected to be available). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] smime.p7s Description: S/MIME cryptographic signature
[Declude.JunkMail] ENDSWITH Filter question
Does the endswith terminate the filter with no score or the current filter score? Lets say I have this code in the filter MAILFROM 5 CONTAINS MAILFROM END CONTAINS MAILFROM 10 CONTAINS MAILFROM 10 CONTAINS What would the final value be for a mailfrom of ? 0 (end with no score), or 5 (ends after 5 points) Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ENDSWITH Filter question
Does the endswith terminate the filter with no score or the current filter score? Lets say I have this code in the filter MAILFROM 5 CONTAINS MAILFROM END CONTAINS MAILFROM 10 CONTAINS MAILFROM 10 CONTAINS What would the final value be for a mailfrom of ? 0 (end with no score), or 5 (ends after 5 points) In this case, the final value should be 5 (plus the weight of the test itself, if any). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test? test?
Scott here is the header for this message. Received: from hebron.psr.edu (hebron.psr.edu [209.76.204.3]) by gabriel.cdsp.edu (8.9.3/8.9.3) with ESMTP id PAA12702 for [EMAIL PROTECTED]; Wed, 14 Apr 2004 15:15:10 -0700 Received: from m11.lax.untd.com [64.136.30.74] by hebron.psr.edu (SMTPD32-7.07) id AA672ACB0144; Wed, 14 Apr 2004 15:25:43 -0700 Received: from cookie.untd.com by cookie.untd.com for vuYqdvKWrWGUhnNcKZ+kmBr94SKTWaz4L+t/wTPbIAMx6AJFf8Bm5A==; Wed, 14 Apr 2004 15:19:19 PDT Received: (from [EMAIL PROTECTED]) by m11.lax.untd.com (jqueuemail) id JS78PXB8; Wed, 14 Apr 2004 15:19:19 PDT To: [EMAIL PROTECTED] Date: Wed, 14 Apr 2004 15:18:28 -0700 Subject: Re: Email Test Message-ID: [EMAIL PROTECTED] X-Mailer: Juno 5.0.33 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Juno-Line-Breaks: 0-3,6-7,10-15 From: [EMAIL PROTECTED] X-Alligate-In: Passed - Adult: 0 (Req: 17) Spam: 8 (Req: 30) Tot: 8 (Req: 35) X-Alligate-Tracking: BD12445F41774F4E X-Alligate-Signature: 1869066384 X-Alligate-SpoolFile: Dba672acb0144dad9.SMD X-Alligate-Sender: [EMAIL PROTECTED] [64.136.30.74] x-PSR-warning: WEIGHT13 X-Declude-Sender: [EMAIL PROTECTED] [64.136.30.74] X-Spam-Tests-Failed: NOABUSE [2], REVDNS [4], WEIGHT13 [13], SPAMDOMAINS [8] X-Country-Chain: UNITED STATES-destination X-Note: Reverse DNS: [No Reverse DNS] X-Note-Out: The total spam weight is 14 X-UIDL: bXM!A^R!?CV!!\%P!! What am I missing here? I don't understand why it states no reverse DNS, when I can look it up on www.dnsstuff.com with no problem. Any help in understanding this would be much appreciated. Thanks as always, Jeffrey -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] why does this fail the spam domains test? test? Can anyone explain why this message would fail the spamdomains test? Here is the spamdomains entry: @juno.com.untd.com The key here is the reverse DNS entry -- do you have the full headers for the E-mail? Although the IMail log file shows the IP address, it is possible that Declude JunkMail may have used a different IP, which would be reflected in the headers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test? test?
Scott here is the header for this message. X-Declude-Sender: [EMAIL PROTECTED] [64.136.30.74] X-Note: Reverse DNS: [No Reverse DNS] What am I missing here? I don't understand why it states no reverse DNS, when I can look it up on www.dnsstuff.com with no problem. Any help in understanding this would be much appreciated. That's the problem -- for some reason, the IP is showing up as not having a reverse DNS entry. Since it *does*, it sounds like there is a serious DNS problem (a dropped packet shouldn't cause this). Are you using bandwidth from ATT (which intentionally alters many non-MX-record lookups from mailservers), which could account for this? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test?
My bandwidth comes from SBC. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:02 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] why does this fail the spam domains test? test? test? test? Scott here is the header for this message. X-Declude-Sender: [EMAIL PROTECTED] [64.136.30.74] X-Note: Reverse DNS: [No Reverse DNS] What am I missing here? I don't understand why it states no reverse DNS, when I can look it up on www.dnsstuff.com with no problem. Any help in understanding this would be much appreciated. That's the problem -- for some reason, the IP is showing up as not having a reverse DNS entry. Since it *does*, it sounds like there is a serious DNS problem (a dropped packet shouldn't cause this). Are you using bandwidth from ATT (which intentionally alters many non-MX-record lookups from mailservers), which could account for this? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test?
My bandwidth comes from SBC. Are you using a local DNS server? Somehow, a DNS server was reporting that there was no reverse DNS entry for 64.136.30.74. Have you noticed any other issues like this that could be related to DNS? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test? test?
Scott, My DNS servers are local, and I have not noticed any DNS issues recently. I'll monitor the messages that fail the REVDNS test for the rest of the day. Thanks, Jeffrey -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] why does this fail the spam domains test? test? My bandwidth comes from SBC. Are you using a local DNS server? Somehow, a DNS server was reporting that there was no reverse DNS entry for 64.136.30.74. Have you noticed any other issues like this that could be related to DNS? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why does this fail the spam domains test?
Scott- I think that I may misunderstand SPAMDOMAINS. From the manual: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. Taking the lead from that description, my SPAMDOMAINS file consists of a simple list of domains, one to a line, like this: ebay.com aol.com Yet every example I have seen on this subject the past few days shows two domains per line like this: @juno.com.untd.com How is this supposed to work? -Dave - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:42 PM Subject: Re: [Declude.JunkMail] why does this fail the spam domains test? Can anyone explain why this message would fail the spamdomains test? Here is the spamdomains entry: @juno.com.untd.com The key here is the reverse DNS entry -- do you have the full headers for the E-mail? Although the IMail log file shows the IP address, it is possible that Declude JunkMail may have used a different IP, which would be reflected in the headers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS?
Scott, If a sending mail server has an A record but it does not have an MX then it would not fail the HELOBOGUS check? Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 15, 2004 4:12 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Why Was This E-Mail Marked As HELOBOGUS? Is the existence of an A record or MX record the only thing that the helovalid test type checks for? Correct -- because those are the only two correct ways to do it. It *should* have an A record; if not, though, most people consider an MX record to be acceptable. I, perhaps wrongly, assumed that it checked the format of the HELO string looking for a Fully-Qualified Domain Name. For example, OEMCOMPUTER would fail the test because it didn't have a TLD. But perhaps all along the test has just been looking for the existence of an MX or A record and if it doesn't find it then it tests fails. If an MX or A record does exist are there any other things the helovalid test type looks for? It just looks for the MX/A records. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Updated SURBL filter script
Roger, Thanks for the fine work. I finally got around to setting this up after figuring out that it wasn't thousands of URL's long and my server seems to be handling it well enough for now. I have two suggestions for the script. 1) Add a MAXWEIGHT variable. If you score each line at say 4 points and set the MAXWEIGHT to 4, then the filter will stop processing on the first hit and save resources. I tried playing around with this to get it to work, but I'm totally clueless when it comes to batch file programming and I think I was hitting some sort of a reserved word. 2) Add the ability to remove listings contained in a text file (an exclude list). From looking over the current list of domains, there are the following: - norton.com - webhosting.yahoo.com These were probably in spam, but they are not unique to spam. I also found an entry for pe.kg in the list which doesn't resolve and seems like it was probably from a parsing error. A list of top sites from a page linked to from the project's site shows that yahoo.com is one of the most frequently spamvertised domains, though this is clearly not listed in this file due to an exception on their end. This type of test is definitely very vulnerable to pollution and it would be great to have a way to detect such problems and add them to a list for exclusion. Long-term this is best suited for a DNS lookup due to various limitations of doing a contains filter, but for now, it seems to be working very well at adding points to things that are coming in below my drop weight, in fact it might very well be tagging the majority of what is scoring in my Hold level and pushing it over the top. Matt Roger Eriksson wrote: Hi, The SURBL filter script has been updated and should now run under both Windows NT 4 and Windows 2000. The updated script can be downloaded at http://www.botany.gu.se/download/decludescript/SURBL_filter.zip. Those of you that downloaded the previous version and use it on Windows 2000 don't need to update. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.