Re: [Declude.JunkMail] What seems to work better for others?
It seems that more smaller ones are easier to manage using categories. But what uses less CPU/Memory usage? Which way is faster? Fewer larger files are slightly faster, but the difference is not likely to be noticed. So my question is the same as asked previous (listed below) but also, would it be better to simply use headers filter versus mailfrom and helo.or does it not matter? MAILFROM and HELO will be quicker than HEADERS, since Declude JunkMail only needs to check a small portion of information, rather than all the headers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] CORRUPTEDVIRUS v1.0.0
This results in a zero-byte attachment and it will always get past Declude Virus, even if it has one of the commonly banned extensions associated with viruses (unless this has been addressed in a more recent interim that I'm not aware of ). I haven't hit a single file as yet with this filter. It may be that this was in fact fixed with a more recent version of Declude Virus ... FWIW, I can't recall any issue where the size of a file (even 0-byte) will prevent Declude Virus from banning the file based on the extension. Of course, a 0-byte file won't be blocked by the virus scanner (since it can't contain a virus), but Declude Virus should block it as expected. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF Issues
Thanks to Darin and Sandy. -d - Original Message - From: Darin Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 19, 2004 4:50 PM Subject: Re: [Declude.JunkMail] SPF Issues I believe the consensus has been that SPF Pass is not good to use in negative weighting, but SPF Fail helps. If nothing else, we catch a good bit of spam and viruses that forge our email addresses by using SPF. As it gets more widely adopted, it will help more. There is still the drawback for weak SPF criteria for those who may send through alternate ISP mail servers, though. Darin. - Original Message - From: Dave Doherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 19, 2004 4:36 PM Subject: [Declude.JunkMail] SPF Issues 1) Now that AOL passes SPF, I'm getting more junk from them. So I lowered SPFPass to -3 to offset AOL's normal failure of noabuse (1) and nopostmaster (2). 2) We're starting to see real spammers passing SPF. So now I'm thinking of dropping SPFPASS altogether, and using SPFFAIL to help identify spoofs. Has anybody else done this? What are you all seeing with SPF? -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF Issues
If nothing else, we catch a good bit of spam and viruses that forge our email addresses by using SPF. I have found, that so, far, the BEST usage for SPF, as stated above, is that it's catching spam that has spoofed my own domain's address. Sharyn We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships. For more information, please click (go to) htmla href=http://www.cruzanrums.com;www.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CORRUPTEDVIRUS v1.0.0
FWIW, I can't recall any issue where the size of a file (even 0-byte) will prevent Declude Virus from banning the file based on the extension. Of course, a 0-byte file won't be blocked by the virus scanner (since it can't contain a virus), but Declude Virus should block it as expected. Some of our customers today received messages containing a (encrypted?) zip file with no files inside. The body contains something like Password: 12345 I've forwarded one of this message to the virustrap address. As it doesn't contain any viral code it's not so problematic, but it creates a lot of doubt's on customer side if our mailboxes are realy protected. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CORRUPTEDVIRUS v1.0.0
Some of our customers today received messages containing a (encrypted?) zip file with no files inside. The body contains something like Password: 12345 As it doesn't contain any viral code it's not so problematic, but it creates a lot of doubt's on customer side if our mailboxes are realy protected. Unfortunately, there is little that can be done about attachments that appear to be viruses but are not. That's something that filters in Declude JunkMail would probably handle best. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] misconfiguration in following line
Im getting this error in my logs 07/20/2004 00:01:19 Warning: misconfiguration in following line in configuration file (filter is not an ACTION). May be a duplicate test definition? Is this causing this error? Config IPLINKED filter E:\IMail\Declude\Filters\IPLinked.txt x 3 0 IPLINKED filter E:\IMail\Declude\Filters\IPLinked-lite.txtx 3 0 #MYFILTER filter E:\Imail\Declude\Filters\myfilter.txt x 2 KILLFROM fromfile E:\imail\declude\Filters\fromfile.txt x 10 SUBJECTFILTER fromfile E:\Imail\Declude\Filters\Subjectfilter.txt x 8 0 BODYFILTER fromfile E:\Imail\Declude\Filters\bodyfilter.txt x 2 0 GIBBERISHfilter E:\IMail\Declude\Filters\Gibberish.txtx 6 0 ANTI-GIBBERISH filter E:\IMail\Declude\Filters\Anti-Gibberish.txt x -6 0 $default$ SPAMHEADERS WARN GIBBERISH WARN ANTI-GIBBERISH WARN IPLINKED warn # MYFILTER alert SubjectFilter warn #BodyFilter warn KILLFROM delete Kevin Shimwell Link Brokers Group, LLC ( Support ) 1600 Hwy 17 South North Myrtle Beach, SC 29582 Phone: 843-663-1004 Fax: 843-663-1007 Email: [EMAIL PROTECTED] 24/7 Support http://www.linkbrokers.com/support_ticket.cfmhttp://www.linkbrokers.com/support_ticket.cfm Support M-F 1-888-546-5631 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] misconfiguration in following line
Im getting this error in my logs 07/20/2004 00:01:19 Warning: misconfiguration in following line in configuration file (filter is not an ACTION). May be a duplicate test definition? Is this causing this error? Yes, it is: IPLINKED filter E:\IMail\Declude\Filters\IPLinked.txt x 3 0 The first occurrence of any test name (IPLINKED in this case) defines the test. A subsequent line with the same test name determines the action to take on outgoing E-mails failing the test. So this line is fine. But: IPLINKED filter E:\IMail\Declude\Filters\IPLinked-lite.txtx 3 0 This next line isn't fine. It is telling Declude JunkMail that if an outgoing E-mail fails the IPLINKED test, Declude JunkMail should use the FILTER action -- but that isn't an action that Declude JunkMail knows about. So if you delete one of those lines, or rename the test in one of them, you should be all set. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] misconfiguration in following line
2 tests with same name: Rename one. IPLINKED filter E:\IMail\Declude\Filters\IPLinked.txt x 3 0 IPLINKED filter E:\IMail\Declude\Filters\IPLinked-lite.txtx 3 0 Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/20/04 09:12AM Im getting this error in my logs 07/20/2004 00:01:19 Warning: misconfiguration in following line in configuration file (filter is not an ACTION). May be a duplicate test definition? Is this causing this error? Config IPLINKED filter E:\IMail\Declude\Filters\IPLinked.txt x 3 0 IPLINKED filter E:\IMail\Declude\Filters\IPLinked-lite.txtx 3 0 #MYFILTER filter E:\Imail\Declude\Filters\myfilter.txt x 2 KILLFROM fromfile E:\imail\declude\Filters\fromfile.txt x 10 SUBJECTFILTER fromfile E:\Imail\Declude\Filters\Subjectfilter.txt x 8 0 BODYFILTER fromfile E:\Imail\Declude\Filters\bodyfilter.txt x 2 0 GIBBERISHfilter E:\IMail\Declude\Filters\Gibberish.txtx 6 0 ANTI-GIBBERISH filter E:\IMail\Declude\Filters\Anti-Gibberish.txt x -6 0 $default$ SPAMHEADERS WARN GIBBERISH WARN ANTI-GIBBERISH WARN IPLINKED warn # MYFILTER alert SubjectFilter warn #BodyFilter warn KILLFROM delete Kevin Shimwell Link Brokers Group, LLC ( Support ) 1600 Hwy 17 South North Myrtle Beach, SC 29582 Phone: 843-663-1004 Fax: 843-663-1007 Email: [EMAIL PROTECTED] 24/7 Support http://www.linkbrokers.com/support_ticket.cfmhttp://www.linkbrokers.com/support_ticket.cfm Support M-F 1-888-546-5631 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] CORRUPTEDVIRUS v1.0.0
Scott, I probably mistakened the zero-byte zips which most won't ban by extension. Declude Virus however seems to have introduced a bogus ZIP file vunerability in a more recent interim which is blocking these zero-byte zip files. I suppose that's good although it may have been unintentional. Yesterday's virus has huge problems with zero-byte files being sent. Matt R. Scott Perry wrote: Some of our customers today received messages containing a (encrypted?) zip file with no files inside. The body contains something like Password: 12345 As it doesn't contain any viral code it's not so problematic, but it creates a lot of doubt's on customer side if our mailboxes are realy protected. Unfortunately, there is little that can be done about attachments that appear to be viruses but are not. That's something that filters in Declude JunkMail would probably handle best. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Reconfiguring sorbs.net tests
I currently have 9 sorbs.net lookups: SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 It seems I can replace these 9 lookups with 1: rhsbl.sorbs.net - Aggregate zone (contains all RHS zones) Would the new config file line would look like this? (replacing the ip numbers with a *)? SORBS-DUHL ip4rdnsbl.sorbs.net * 4 0 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Reconfiguring sorbs.net tests
I currently have 9 sorbs.net lookups: ... It seems I can replace these 9 lookups with 1: rhsbl.sorbs.net - Aggregate zone (contains all RHS zones) Would the new config file line would look like this? (replacing the ip numbers with a *)? SORBS-DUHL ip4rdnsbl.sorbs.net * 4 0 That will work fine (although I would suggest using just SORBS or SORBS-ALL as the test name). The main benefit includes fewer lines in the config files, but the drawback is less flexibility (for example, all the SORBS tests would need to have the same weight). Note that even with all 9 lines, Declude JunkMail will still only send one DNS query. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Njabl test?
I notice the njabl test is not a standard test in the sample Declude JunkMail config file: # The following tests are commented out by default because they are not commonly used # NJABL ip4r dnsbl.njabl.org 127.0.0.2 5 0 Is this test worth the machine time doing the lookup? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Njabl test?
Here are my NJABL results for June: TestCount Delete SPAM Held SPAM Poss SPAM Not SPAM CATCHALLMAILS 27398384.0% 3.2% 0.4% 12.3% NJABL-DUL 1266898.9% 1.1% 0.0% 0.0% NJABL-DYNABLOCK8890398.9% 1.0% 0.1% 0.0% NJABL-FORMMAIL-ALL 1060.0% 0.0% 0.0% 40.0% NJABL-FORMMAIL-LAST 1060.0% 0.0% 0.0% 40.0% NJABL-HELO-DYNABLOCK8396.4% 3.6% 0.0% 0.0% NJABL-PROXIES-ALL 4250199.7% 0.2% 0.0% 0.1% NJABL-PROXIES-LAST 4206499.9% 0.1% 0.0% 0.0% NJABL-RELAYS-ALL35387.3% 2.5% 1.4% 8.8% NJABL-RELAYS-LAST 34986.8% 2.6% 1.7% 8.9% NJABL-SOURCES 637199.0% 0.7% 0.1% 0.2% NJABL-SOURCES-ALL 128599.5% 0.4% 0.0% 0.1% NJABL-SOURCES-LAST128199.6% 0.3% 0.0% 0.1% Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/20/04 09:54AM I notice the njabl test is not a standard test in the sample Declude JunkMail config file: # The following tests are commented out by default because they are not commonly used # NJABL ip4r dnsbl.njabl.org 127.0.0.2 5 0 Is this test worth the machine time doing the lookup? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Reconfiguring sorbs.net tests
I think keeping them separate gives you a little more weighting flexibility. I weight the sorbs-spam a little lower because it is not quite as effective as the other tests (dropping into the mere 98%'s: Test Count Delete SPAM Held SPAM Poss SPAM Not SPAM SORBS-BADCONF86799.1% 0.9% 0.0% 0.0% SORBS-DUHL 8452799.2% 0.8% 0.0% 0.0% SORBS-FORMMAIL-ALL 179099.7% 0.3% 0.0% 0.0% SORBS-FORMMAIL-LAST217999.9% 0.1% 0.0% 0.0% SORBS-HTTP-ALL 2637699.6% 0.1% 0.0% 0.2% SORBS-HTTP-LAST 2610799.8% 0.0% 0.0% 0.2% SORBS-MISC-ALL1525299.9% 0.1% 0.0% 0.0% SORBS-MISC-LAST 1526799.9% 0.1% 0.0% 0.0% SORBS-SMTP-ALL 241999.5% 0.0% 0.0% 0.5% SORBS-SMTP-LAST242199.5% 0.0% 0.0% 0.5% SORBS-SOCKS-ALL 2884199.8% 0.1% 0.0% 0.1% SORBS-SOCKS-LAST28640 100.0% 0.0% 0.0% 0.0% SORBS-SPAM-ALL 2542097.0% 1.6% 0.2% 1.2% SORBS-SPAM-LAST 2528797.0% 1.6% 0.2% 1.2% SORBS-ZOMBIE50799.2% 0.2% 0.0% 0.6% Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/20/04 09:50AM I currently have 9 sorbs.net lookups: SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 It seems I can replace these 9 lookups with 1: rhsbl.sorbs.net - Aggregate zone (contains all RHS zones) Would the new config file line would look like this? (replacing the ip numbers with a *)? SORBS-DUHL ip4rdnsbl.sorbs.net * 4 0 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Another way to skin broken BAGLE.AH
Brute force works well for this particular virus, because it has so few possibilities and doesn't use common enough attachment names for me to consider it any risk for false positives: #Jul-20-2004 AC broken BAGLE.AH and so forth BODY 0 CONTAINS filename=cat. BODY 0 CONTAINS filename=Cool_MP3. BODY 0 CONTAINS filename=Dog. BODY 0 CONTAINS filename=Doll. BODY 0 CONTAINS filename=Fish. BODY 0 CONTAINS filename=Garry. BODY 0 CONTAINS filename=MP3. BODY 0 CONTAINS filename=Music_MP3. BODY 0 CONTAINS filename=New_MP3_Player. I put this in a JunkMail Pro filter file with a HOLD action. Andrew 8) -Original Message- From: Scott Fisher [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 8:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Njabl test? Here are my NJABL results for June: TestCount Delete SPAM Held SPAM Poss SPAM Not SPAM CATCHALLMAILS 27398384.0% 3.2% 0.4% 12.3% NJABL-DUL 1266898.9% 1.1% 0.0% 0.0% NJABL-DYNABLOCK8890398.9% 1.0% 0.1% 0.0% NJABL-FORMMAIL-ALL 1060.0% 0.0% 0.0% 40.0% NJABL-FORMMAIL-LAST 1060.0% 0.0% 0.0% 40.0% NJABL-HELO-DYNABLOCK8396.4% 3.6% 0.0% 0.0% NJABL-PROXIES-ALL 4250199.7% 0.2% 0.0% 0.1% NJABL-PROXIES-LAST 4206499.9% 0.1% 0.0% 0.0% NJABL-RELAYS-ALL35387.3% 2.5% 1.4% 8.8% NJABL-RELAYS-LAST 34986.8% 2.6% 1.7% 8.9% NJABL-SOURCES 637199.0% 0.7% 0.1% 0.2% NJABL-SOURCES-ALL 128599.5% 0.4% 0.0% 0.1% NJABL-SOURCES-LAST128199.6% 0.3% 0.0% 0.1% Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/20/04 09:54AM I notice the njabl test is not a standard test in the sample Declude JunkMail config file: # The following tests are commented out by default because they are not commonly used # NJABL ip4r dnsbl.njabl.org 127.0.0.2 5 0 Is this test worth the machine time doing the lookup? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SURBL Question
Hi, From the Declude log 07/19/2004 08:04:24 Qb8bf32820036f483 Filter SURBL: Not skipping E-mail due to current weight of 8. 07/19/2004 08:04:25 Qb8bf32820036f483 Triggered CONTAINS filter SURBL on ly.to [weight-0; [EMAIL PROTECTED] 07/19/2004 08:04:26 Qb8bf32820036f483 CMDSPACE:8 nNOLEGITCONTENT:-5 SURBL:7 . Total weight = 10. 07/19/2004 08:04:26 Qb8bf32820036f483 Msg failed SURBL (Message failed SURBL test (line 435, weight 7)). Action=""> Does this mean that the line the SURBL filter tripped on was [EMAIL PROTECTED] and then it assigned a weight of 7 to the score. I looked in my SURBL.txt file and the above does not appear?? Am I reading the log right? Thanx Goran Jovanovic The LAN Shoppe
Re: [Declude.JunkMail] SURBL Question
07/19/2004 08:04:25 Qb8bf32820036f483 Triggered CONTAINS filter SURBL on ly.to [weight-0; [EMAIL PROTECTED] Does this mean that the line the SURBL filter tripped on was mailto:[EMAIL PROTECTED][EMAIL PROTECTED] and then it assigned a weight of 7 to the score. No. It means that the SURBL filter tripped on a line with ... CONTAINS ly.to. Since that E-mail address contains ly.to, the E-mail was caught. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Question
- Original Message - From: Goran Jovanovic [EMAIL PROTECTED] From the Declude log 07/19/2004 08:04:25 Qb8bf32820036f483 Triggered CONTAINS filter SURBL on ly.to [weight-0; [EMAIL PROTECTED] Does this mean that the line the SURBL filter tripped on was [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and then it assigned a weight of 7 to the score. I looked in my SURBL.txt file and the above does not appear?? It matched on ly.to, with matched on LY.TOwsend in the e-mail address. Change your filter file entries from CONTAINS to ENDSWITH and that should take care of this problem. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Question
Yes you are reading the log correctly. You've probably scheduled a updates of the surbl, so they probably removed it somewhere along the line. If it's in the body it is fair game because of the way the BODY filter works. As always with filters, the shorter the comparison, the more dangerous it is. That's why full non-filter support for SURBLs would be a great addition to Declude. I have these in my SURBL exclude file: edu.au ne.jp ly.to oo.to Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/20/04 11:43AM Hi, From the Declude log 07/19/2004 08:04:24 Qb8bf32820036f483 Filter SURBL: Not skipping E-mail due to current weight of 8. 07/19/2004 08:04:25 Qb8bf32820036f483 Triggered CONTAINS filter SURBL on ly.to [weight-0; [EMAIL PROTECTED] 07/19/2004 08:04:26 Qb8bf32820036f483 CMDSPACE:8 nNOLEGITCONTENT:-5 SURBL:7 . Total weight = 10. 07/19/2004 08:04:26 Qb8bf32820036f483 Msg failed SURBL (Message failed SURBL test (line 435, weight 7)). Action=WARN. Does this mean that the line the SURBL filter tripped on was [EMAIL PROTECTED] and then it assigned a weight of 7 to the score. I looked in my SURBL.txt file and the above does not appear?? Am I reading the log right? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SURBL Question
OK now I see the ly.to in the front of the [weight Unfortunately this is the SURBL test and it auto downloads the updates and this is the line that it tripped on BODY 0 CONTAINS ly.to Am not going to be able to do anything about the SURBL.txt file. Will have to see that else I can think of (short of whitelisting the sender). Goran Jovanovic The LAN Shoppe 2345 Yonge Street, Suite 302 Toronto, Ontario M4P 2E5 Phone: (416) 440-1167 x-2113 Cell: (416) 931-0688 E-Mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Tuesday, July 20, 2004 12:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SURBL Question - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] From the Declude log 07/19/2004 08:04:25 Qb8bf32820036f483 Triggered CONTAINS filter SURBL on ly.to [weight-0; [EMAIL PROTECTED] Does this mean that the line the SURBL filter tripped on was [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and then it assigned a weight of 7 to the score. I looked in my SURBL.txt file and the above does not appear?? It matched on ly.to, with matched on LY.TOwsend in the e-mail address. Change your filter file entries from CONTAINS to ENDSWITH and that should take care of this problem. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SURBL Question
Scott, Thank you. I have been doing these type of excludes/fixes with some other filters that I download (and I had to create the excludes) and here SURBL already has it built in. Wow. Updated the exclude list and DONE. Thanx Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Tuesday, July 20, 2004 12:59 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SURBL Question Yes you are reading the log correctly. You've probably scheduled a updates of the surbl, so they probably removed it somewhere along the line. If it's in the body it is fair game because of the way the BODY filter works. As always with filters, the shorter the comparison, the more dangerous it is. That's why full non-filter support for SURBLs would be a great addition to Declude. I have these in my SURBL exclude file: edu.au ne.jp ly.to oo.to Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/20/04 11:43AM Hi, From the Declude log 07/19/2004 08:04:24 Qb8bf32820036f483 Filter SURBL: Not skipping E-mail due to current weight of 8. 07/19/2004 08:04:25 Qb8bf32820036f483 Triggered CONTAINS filter SURBL on ly.to [weight-0; [EMAIL PROTECTED] 07/19/2004 08:04:26 Qb8bf32820036f483 CMDSPACE:8 nNOLEGITCONTENT:-5 SURBL:7 . Total weight = 10. 07/19/2004 08:04:26 Qb8bf32820036f483 Msg failed SURBL (Message failed SURBL test (line 435, weight 7)). Action=WARN. Does this mean that the line the SURBL filter tripped on was [EMAIL PROTECTED] and then it assigned a weight of 7 to the score. I looked in my SURBL.txt file and the above does not appear?? Am I reading the log right? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Question
You need CONTAINS, not ENDSWITH BODY 0 ENDSWITH ly.co isn't what you want. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/20/04 11:57AM - Original Message - From: Goran Jovanovic [EMAIL PROTECTED] From the Declude log 07/19/2004 08:04:25 Qb8bf32820036f483 Triggered CONTAINS filter SURBL on ly.to [weight-0; [EMAIL PROTECTED] Does this mean that the line the SURBL filter tripped on was [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and then it assigned a weight of 7 to the score. I looked in my SURBL.txt file and the above does not appear?? It matched on ly.to, with matched on LY.TOwsend in the e-mail address. Change your filter file entries from CONTAINS to ENDSWITH and that should take care of this problem. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL Question
- Original Message - From: Scott Fisher [EMAIL PROTECTED] You need CONTAINS, not ENDSWITH BODY 0 ENDSWITH ly.co isn't what you want. Yep, makes sense. I use the SURBLs as a DNS query on my SpamAssassin gateways, so wasn't thinking of the application in a filter file and how it applies to a URI string. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF Issues
Thanks, Sharyn -d - Original Message - From: Sharyn Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 7:38 AM Subject: RE: [Declude.JunkMail] SPF Issues If nothing else, we catch a good bit of spam and viruses that forge our email addresses by using SPF. I have found, that so, far, the BEST usage for SPF, as stated above, is that it's catching spam that has spoofed my own domain's address. Sharyn We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships. For more information, please click (go to) htmla href=ttp://www.cruzanrums.comwww.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelisted[0]
Hi all, We tag email with the subject tag "SPAM*-" when email gets a score of higher than 10. What happened here. It says that it was whitelisted but it still tagged with "SPAM*-" Message Headers. Reply-To: [EMAIL PROTECTED]From: "Eddie Jacob" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: RE: *SPAM -FW: National Flame ScheduleDate: Tue, 20 Jul 2004 13:23:43 -0500Message-ID: [EMAIL PROTECTED]MIME-Version: 1.0Content-Type: text/plain;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printableX-Mailer: Microsoft Outlook, Build 10.0.2627Thread-Index: AcRuhvuoW48llqwwRhSwNFVG4SVYDA==X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441In-Reply-To: [EMAIL PROTECTED]X-Declude-Sender:[EMAIL PROTECTED] [208.57.78.89]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: Whitelisted [0]X-RCPT-TO: [EMAIL PROTECTED]X-UIDL: 356763148 Jay Calvert
Re: [Declude.JunkMail] Whitelisted[0]
We tag email with the subject tag SPAM*- when email gets a score of higher than 10. What happened here. It says that it was whitelisted but it still tagged with SPAM*- What happened here is that someone got an E-mail with *SPAM in the subject, and replied to it: Subject: RE: *SPAM -FW: National Flame Schedule Declude JunkMail only adds to the beginning of the subject, but this one starts with RE:. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisted[0]
Nevermind! Is it Friday yet? - Original Message - From: Jay Calvert To: [EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 1:17 PM Subject: [Declude.JunkMail] Whitelisted[0] Hi all, We tag email with the subject tag "SPAM*-" when email gets a score of higher than 10. What happened here. It says that it was whitelisted but it still tagged with "SPAM*-" Message Headers. Reply-To: [EMAIL PROTECTED]From: "Eddie Jacob" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: RE: *SPAM -FW: National Flame ScheduleDate: Tue, 20 Jul 2004 13:23:43 -0500Message-ID: [EMAIL PROTECTED]MIME-Version: 1.0Content-Type: text/plain;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printableX-Mailer: Microsoft Outlook, Build 10.0.2627Thread-Index: AcRuhvuoW48llqwwRhSwNFVG4SVYDA==X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441In-Reply-To: [EMAIL PROTECTED]X-Declude-Sender:[EMAIL PROTECTED] [208.57.78.89]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: Whitelisted [0]X-RCPT-TO: [EMAIL PROTECTED]X-UIDL: 356763148 Jay Calvert
[Declude.JunkMail] Spam now (should) fail tests, didn't when received.
I have a couple of spams that got past Declude JunkMail yesterday by only failing SPAMHEADERS. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [421f]. X-Declude-Sender: [EMAIL PROTECTED] [81.118.52.193] and X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. X-Declude-Sender: [EMAIL PROTECTED] [12.215.203.9] Today if I feed these IP addresses into www.dnsstuff.com, they now fail multiple tests that I have enabled (SPAMCOP, CBL for example). I looked at the Declude JunkMail log and didn't see anything suspicious. The messages were received over 30 minutes apart. The only explanation I can come up with is that they were just added to the lists. Is this reasonable? Are there other explanations? Can I find out when they were added to any of the lists they now fail? Is there an easy way to feed them back through the system and see if they get a different weight today? Regards, Brad Morgan IT Manager Horizon Interactive Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam now (should) fail tests, didn't when received.
... Today if I feed these IP addresses into www.dnsstuff.com, they now fail multiple tests that I have enabled (SPAMCOP, CBL for example). ... The only explanation I can come up with is that they were just added to the lists. Is this reasonable? Are there other explanations? Can I find out when they were added to any of the lists they now fail? That is probably what happened. Spamcop used to list when the IPs had been added, which was a really nice feature, but now they are very vague (Listed 18 of the past 21 days, for example), which doesn't help much. Most other spam databases do not, however, list when the IPs were added. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam now (should) fail tests, didn't when received.
Brad, several of the ip4r tests list whole subnets, and I've seen hits from IPs in that and similar subnets across the last week. More likely is that your DNS didn't respond in time when Declude inspected this particular message. Andrew. -Original Message- From: Brad Morgan [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 20, 2004 2:54 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam now (should) fail tests, didn't when received. I have a couple of spams that got past Declude JunkMail yesterday by only failing SPAMHEADERS. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [421f]. X-Declude-Sender: [EMAIL PROTECTED] [81.118.52.193] and X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. X-Declude-Sender: [EMAIL PROTECTED] [12.215.203.9] Today if I feed these IP addresses into www.dnsstuff.com, they now fail multiple tests that I have enabled (SPAMCOP, CBL for example). I looked at the Declude JunkMail log and didn't see anything suspicious. The messages were received over 30 minutes apart. The only explanation I can come up with is that they were just added to the lists. Is this reasonable? Are there other explanations? Can I find out when they were added to any of the lists they now fail? Is there an easy way to feed them back through the system and see if they get a different weight today? Regards, Brad Morgan IT Manager Horizon Interactive Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam now (should) fail tests, didn't when received.
Brad, several of the ip4r tests list whole subnets, and I've seen hits from IPs in that and similar subnets across the last week. More likely is that your DNS didn't respond in time when Declude inspected this particular message. Andrew. Andrew, I was able to grovel around on SPAMCOP's web site and found a page that said these two IPs have been listed for 6.9 days so your explanation makes the most sense so far. Is this timeout adjustable? My email server isn't that busy so I could afford to increase this timeout a bit and see if that helps. Regards, Brad --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam now (should) fail tests, didn't when received.
More likely is that your DNS didn't respond in time when Declude inspected this particular message. Is this timeout adjustable? My email server isn't that busy so I could afford to increase this timeout a bit and see if that helps. Unfortunately, it is not adjustable. However, Declude JunkMail will re-try if the first one times out, so you should only see a problem if either your DNS server has network problems, or if the spam database isn't responding well. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
