Post.Office is dead and gone. I shut off my last PO server about six months
ago. It was a great product, orphaned by its new owner who did not choose to
upgrade any of its capabilities to reflect the modern world.
Sad.
-d
- Original Message -
From: Darrell ([EMAIL PROTECTED]) [EMAIL
Sorry to be a bother but I need to find someone who has successfully
harvested the passwords from Post.office so we can migrate to a
newer MTA.
If you have a small number of users (250? 500?), and assuming
unencrypted POP3, parsing a lengthy network trace could do the job.
Let me start by saying I am a Declude newbie. Here's my situation. I am
running Imail v8.11.
I whitelisted my wife's email address, [EMAIL PROTECTED] But, when
she sends me an email it is not whitelisted by Imail/Declude. It continues
to be processed and is not being whitelisted!
What can I do?
what the heck is going on?
Received: from declude.com [68.162.218.198] by
mailhost.Advernetsolutions.net with ESMTP
(SMTPD32-8.11) id A5111EF027A; Fri, 04 Jun 2004 09:11:45 -0400
Received: from mailhost.Advernetsolutions.net [204.96.18.131] by
mail.declude.com with ESMTP
(SMTPD32-8.05) id
Let me start by saying I am a Declude newbie. Here's my situation. I am
running Imail v8.11.
I whitelisted my wife's email address, [EMAIL PROTECTED] But, when
she sends me an email it is not whitelisted by Imail/Declude. It continues
to be processed and is not being whitelisted!
What can I do?
what the heck is going on?
You'll have to tell me. :) The only thing I see here that seems to
indicate that the E-mail may have been marked as spam is:
X-IMail-Rule: H~X-RBL-Warning:NULL Data- X-RBL-WARNING: SPAMCHK: MESSAG
It sounds like you have an IMail rule to delete any E-mail with an
Hello again Scott. Actually, if a rule fails, I have the X-RBL-Warning
inserted in the header. In my rules.ima file, if X-RBL-Warning is found, an
email is moved into a folder called NULL.
Maybe you can help me here. Basically I am using the default Declude config
files. Is there a site/resource
No I added to Imail...I guess that is it.
So, what it is the pecking order here? Does Imail's anti-spam ever come into
play with Declude? Are the Kill list's looked at first? The phrase list
used? Rules.ima?
Where exactly does Declude take over?
Thanks Scott.
-- Original Message
Below are the headers from a message that was blocked. However, I
having a problem figuring out just what blocked it. I don't block
NOABUSE or NOPOSTMASTER so I am not sure why it was blocked. And that
is why those both show as X-RBL_WARNING? So what blocked it? Hoping
someone can help
If I want to allow mail from [EMAIL PROTECTED] to pass SPAMDOMAINS, knwoing
that at least some msn.com mail is actually transmitted by hotmail.com
servers, how should I set up SPAMDOMAINS to allow both domains?
msn.com
msn.comhotmail.com
???
-Dave
---
[This E-mail was scanned for viruses
Maybe you can help me here. Basically I am using the default Declude config
files. Is there a site/resource where a can download a mature version of
the $default$.junkmail and the GLOBAL.CFG files?
By default, any E-mail that is marked as spam will just have a warning
added to its headers (spam
So, what it is the pecking order here? Does Imail's anti-spam ever come into
play with Declude? Are the Kill list's looked at first? The phrase list
used? Rules.ima?
Where exactly does Declude take over?
The order is as follows:
1. IMail's Control Access file (to block IPs)
2. IMail's Kill List
A few more questions...
#3. IMail v8 anti-spam (most tests). Is this the anti-spam seeder file and
the url.blacklist file? Which are these actually?
Also, how/what do you do to turn off Imail's V8 anti-spam completely? Just
remove the kill,rules and phrase-text files?
Thanks Che'
---
[This
A few more questions...
#3. IMail v8 anti-spam (most tests). Is this the anti-spam seeder file and
the url.blacklist file? Which are these actually?
You'll need to contact Ipswitch to find out. For some unknown reason, they
decided to have the IMail v8 anti-spam run at two different points in
If I want to allow mail from [EMAIL PROTECTED] to pass SPAMDOMAINS, knwoing
that at least some msn.com mail is actually transmitted by hotmail.com
servers, how should I set up SPAMDOMAINS to allow both domains?
msn.com
msn.comhotmail.com
If you just use the second line, you'll be fine (do not
Below are the headers from a message that was blocked.
How was it blocked? The HOLD action? What does the log file say about the
E-mail?
However, I having a problem figuring out just what blocked it. I don't block
NOABUSE or NOPOSTMASTER so I am not sure why it was blocked.
Those are the
I know it was blocked because I have a spam mailbox that all Declude
spam is routed to or ROUTETO [EMAIL PROTECTED] This is also where IMail is
told to send its spam.
Maybe I will just make two separate mailboxes - 1 for Declude Spam and 1
for IMail spam. That would probably be the easiest way.
I know it was blocked because I have a spam mailbox that all Declude
spam is routed to or ROUTETO [EMAIL PROTECTED] This is also where IMail is
told to send its spam.
Maybe I will just make two separate mailboxes - 1 for Declude Spam and 1
for IMail spam. That would probably be the easiest way.
Why did this fail the REVDNS test? If I do a reverse DNS
lookup for precisionx.net I get a valid PTR record back.
TIA
Received: from precisionx.net [216.119.112.51] by fpmamail.com with ESMTP
(SMTPD32-6.06) id A02C4790076; Fri, 04 Jun 2004 11:07:24 -0400
Received: from DedA50 [216.119.112.51]
Why did this fail the REVDNS test? If I do a reverse DNS
lookup for precisionx.net I get a valid PTR record back.
Reverse DNS is different than forward DNS. Reverse DNS takes an IP and
returns the host name (using a PTR record); forward DNS usually takes a
host name and returns an IP (using an
You have to turn it off in several places for each non-virtual domain, that
is each domain with its own IP address.
So, from IMail Administrator, under localhost | Antispam disable all DNS
blacklists. Then under each domain with an IP go to Antispam and disable
everything on all four tabs.
Thanks, Scott.
-d
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 04, 2004 10:42 AM
Subject: Re: [Declude.JunkMail] Quick SPAMDOMAINS Questuion
If I want to allow mail from [EMAIL PROTECTED] to pass SPAMDOMAINS,
knwoing
that at
OK, thanks.
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, June 04, 2004 11:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] REVDNS Failure question
I guess I'm confused as to why it's coming from this IP
I guess I'm confused as to why it's coming from this IP
216.119.112.51 when I've specified the MX record for precisionx.net
to point to 65.110.77.72
Thanks, Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, June 04, 2004
I guess I'm confused as to why it's coming from this IP
216.119.112.51 when I've specified the MX record for precisionx.net
to point to 65.110.77.72
That I can't explain -- you would need to check with the documents for the
inFusion email Server that sent the mail to see how to get it to use a
That's a great idea, Sandy.
And I'll contribute a tiny hint and suggest that if anyone were to do so,
using a sniffer like Ethereal with a capture filter would minimize the size
of the actual data file collected, which would then make post-processing
much simpler.
Andrew 8)
-Original
Mutant son of MyDoom plans three-pronged attack
Virus writers have used code from the infamous Mydoom
worm to create a potentially dangerous new Internet worm which uses multiple
methods to spread.
Plexus-A
spreads using three different methods: infected email attachments,
After searching the list archives, documentation and doing a test or two
looking for undocumented variables with no luck I am hoping someone on
this list will have a solution.
We have a bounce message that needs to say who the message was sent to
not the final recipient. This where someone has
I second that. As a Declude newbie, I could use the expertise of others!
Thanks, Che
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Chris Ulrich
Sent: Friday, June 04, 2004 3:36 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Good Configuration Files?
We've seen more and more junk getting through on our servers. No doubt our
config files are not up to date.
I've downloaded the latest patch with the included config files.
My question: does everyone run them stock or are there particular
configs / settings / etc., that people are
I'm playing with a subject filter to stop the latest round of spam we
seem to be getting. The messages have subjects like:
Stop Spm Now!
I'm adding points for multiple occurrences of letters, particularly
vowels, with a filter like:
SUBJECT 1 CONTAINSooo
SUBJECT 1
I've solved this problem, thanks; it was related to a mail server
config problem. Now, the IPNOTINMX test is failing for precisionx.net
and I'm not sure why since the MX record is pointing to 65.110.77.72
(http://dnsstuff.com/tools/lookup.ch?name=precisionx.nettype=MX)
Received: from
My question: does everyone run them stock or are there particular
configs / settings / etc., that people are implementing to make
Declude even more effective than it is out of the box?
Run them stock until you know what to change, then change only
one thing at a time. That way you can tell
I'm playing with a subject filter to stop the latest round of spam we
seem to be getting. The messages have subjects like:
Stop Spm Now!
I'm adding points for multiple occurrences of letters, particularly
vowels, with a filter like:
SUBJECT 1 CONTAINSooo
SUBJECT 1
A spot for filter downloads is an excellent idea.
Kami has also posted his filters or an address to them in the mailing list.
The bulk of my filters are based from the MailPure filters or Kami's.
The Mailpure beta filters (don't use the old ones unless you have to) are very good
filters to
I've solved this problem, thanks; it was related to a mail server
config problem. Now, the IPNOTINMX test is failing for precisionx.net
and I'm not sure why since the MX record is pointing to 65.110.77.72
(http://dnsstuff.com/tools/lookup.ch?name=precisionx.nettype=MX)
X-Declude-Sender: [EMAIL
My company gets lots of e-mail from universities.
Here's a filter that has been working good to credit good edu (mailfrom and revdns
both .edu)
I set the negative weight to credit enough points to counteract a one hit from a
strong test like sbl/sniffer/spamcop.
I've seen virus bounces get
My company gets lots of e-mail from state agencies.
Here's a filter that has been working good to credit good gov (mailfrom and revdns
both .us)
I set the negative weight to credit enough points to counteract a one hit from a
strong test like sbl/sniffer/spamcop.
I've seen virus bounces get
My company gets lots of e-mail from US government agencies.
Here's a filter that has been working good to credit good gov (mailfrom and revdns
both .gov)
I set the negative weight to credit enough points to counteract a one hit from a
strong test like sbl/sniffer/spamcop.
I've seen virus
Each line in the filter file will only trigger a maximum of one time
So if I have a filter like:
ANYWHERE1 CONTAINSBob
And a message that says:
Bob can be called Bob, Bobby or Robert but not Bobalooza
It gets assigned a weight of 1, correct?
I was kinda hoping to
Scott,
This goes along the lines of something that I have been wondering about
recently, trying to find a pseudo-whitelisting method that isn't likely
to be exploited.
The issue that I primarily find is that some open relays are that way
because they will accept any local Mail From and relay
I'll post some filters and here are my favorite tests and why:
For reference: I subject tag at 100, hold at 200 and delete at 300.
1. SPAMCOP. Use IP number. It had a very impressive May with me. Caught 150,000 out
of 170,000 spams, with only about 25 false hits. I weight at 90% of my tag
Scott,
It turns out that the DYNA trick wasn't the best method. Declude will
skip any IP4R test with DUL/DYNA/DUHL in the name whenever it comes
across an E-mail that has a local Mail From domain, which zombie
spammers will often forge. That was a good idea before Declude 1.76
introduced the
I move mail beyond a certain weight to a suspect
mailbox. Is there a way to NOT do that for just one account?
thanks,
Larry Craddock
I've noticed that my Relay counts have definitely been on the downturn.
It doesn't seem to be the spammer's weapon of choice anymore. Maybe you shouldn't be
worried about relays as much?
The goal of my three tests is mostly to counteract one false positive possibly from
Message Sniffer. In
I remember the discussion. I did some testing on the LAST for a week or so and I
really didn't see much difference.
That said, I'm not adverse to trying it again. Maybe I look into it again.
Looking at your config, I do notice that the Dial Up tests are done in a last hop.
That's a good idea
If you have Declude JunkMail Pro, the answer is yes.
You would set up a different .junkmail file, either with a REDIRECT
statement or using the instructions for Per-User Configuration in the
manual.
http://www.declude.com/Articles.asp?ID=116
Matt
Larry Craddock wrote:
I
Scott Fisher wrote:
One counteract could be to end the tests on a relay test hit, a DYNA hit probably not an ALL hit.
I was thinking along the same lines. For instance, I defeat the
GIBBERISH and GIBBERISHSUB tests on my own system if they hit
SNIFFER-GRAY since that's not what it was
Can someone take a look at the folowing header and
let me know why it seems looping thru my server ?
TIA
Received: from mail.cefib.com [208.154.200.6] by
mail.cefib.com with ESMTP (SMTPD32-8.05) id A8DEF3E0054; Wed, 02 Jun
2004 00:01:34 +Received: from mail.cefib.com [208.154.200.6]
Hi, all-
Does anybody know how to disable the nobody alias universally on all
domains on an IMail 8 server?
We have about 500 domains on this box and roughly 200 of them have this
alias. If I delete them, there's nothing to prevent a user from setting it
up again. We've had a lot of dctionary
If I delete them, there's nothing to prevent a user from setting it
up again.
I'd think it pretty unlikely that, if you used JavaScript validation
to silently prevent the normal addition of the alias, people would
craft form posts to hack around that.
--Sandy
Hi, Sandy-
You're right, of course. I had not thought of that. Thanks!
-d
- Original Message -
From: Sanford Whiteman [EMAIL PROTECTED]
To: Dave Doherty [EMAIL PROTECTED]
Sent: Saturday, June 05, 2004 12:32 AM
Subject: Re: [Declude.JunkMail] Disable nobody ?
If I delete them,
Does %ALLRECIPS% do what you want?
Darin.
- Original Message -
From: Roderick A. Anderson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 04, 2004 1:53 PM
Subject: [Declude.JunkMail] %TO% variable
After searching the list archives, documentation and doing a test or two
53 matches
Mail list logo
