[Declude.JunkMail] Hop not scanned when passed through Postini

2004-09-16 Thread Matt 




Scott,

I'm going to guess that this is an issue with RFC compliance of Postini
in how it includes the received headers, but the following headers
shows a first hop that isn't being looked up consistently when one of
our clients have E-mail being forwarded through a Postini protected
host.
Received: from mail.pyramid.net [206.100.212.1] by
mx1.mailpure.com with ESMTP
  (SMTPD32-8.05) id A35989BE0154; Thu, 16 Sep 2004 19:35:53 -0400
Received: from psmtp.com [12.158.34.32] by mail.pyramid.net
  (SMTPD32-8.11) id A3589E430150; Thu, 16 Sep 2004 16:35:52 -0700
Received: from source ([66.109.19.198]) by exprod5mx118.postini.com
([12.158.34.245]) with SMTP;
Thu, 16 Sep 2004 18:35:50 CDT
Received: by mailmw-gv3.movingwiththegreatest.com (PowerMTA(TM) v1.5);
Thu, 16 Sep 2004 18:13:56 -0400 (envelope-from <[EMAIL PROTECTED]>)
Errors-To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
From: American Life Direct <[EMAIL PROTECTED]>
Subject: [14] Policy Approval in 10 Minutes. No Medical Exam
To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="Boundary_QEukAfEOcdApulnRQWfFXx4rhvY"
Date: Thu, 16 Sep 2004 18:13:56 -0400


I've noted that Declude can handle special headers from some Web mail
applications such as Hotmail so that the originating IP can be scanned,
and it would be helpful if Declude could also make use of this format
as well.  I haven't noticed this with any other type of server, but
this is causing massive amounts of spam from this one forwarded account
to either pass through or land in our Hold file where it makes review
more difficult due to the extra volume.  All of the DNSBL tests are
useless on these messages.  One might think that Postini would limit
the amount of spam being passed for this account, but they suck :)

Thanks,

Matt
-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

Re: [Declude.JunkMail] ATTACH action

2004-09-16 Thread Matt 




They are a large financial institution, AIM.  One of these attacks also
got relayed off of their bandwidth providers servers and ended up
hitting me with three IP's at the same time.  I didn't look into this
one, but I don't think it is wise to block outright.  I just want them
to fix the address in their system.  It's probably just a typo on their
part and my complaining to standard addresses didn't even illicit a
response, but having 2,300 of the messages that they generated will
likely cause them to take action :)

Note that these messages from them have been blocked by our system, but
processing them in rapid succession is causing our server to go
non-responsive for periods of time due to the overhead of having them
scanned with Declude.  I have to get them to stop.

Matt

 

Kevin Bilbee wrote:

  Why not just block them from connecting to your server altogether??? Block
their ip addresses.


Kevin Bilbee

  
  
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matt
Sent: Thursday, September 16, 2004 4:58 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] ATTACH action


I was trying to add a message to the message that was being received.
These boneheads from aim-ag.com hit us with 2,300 messages in under one
just before noon and this isn't the first time that this happened.  They
forge the From address to say that is is coming from the same address as
the To address.  I get the feeling that just ROUTETO'ing back to them
would cause them to think that we originally sent it, but who knows.  I
did take all 2,300 of today's messages from a COPYFILE capture and sent
them back to three of their public addresses by modifying the Q file and
I also inserted a strongly worded message into the D file.  Hopefully
that will be enough for them to get the picture.  It sucks to have 2,300
messages land in your inbox, and my intention was to have this stuff
automatically get bounced to all three addresses until they stopped.
Unfortunately asking them to stop was ineffective.

So anyway, it doesn't look like ATTACH is a good answer for this
considering that the client's domain is only being gatewayed, but
hopefully my previous actions will cause them to fix it.

Thanks,

Matt




R. Scott Perry wrote:



  
I need to use the ATTACH action to bounce back unwanted E-mails to a
single source that has been bombarding us with thousands of unwanted
E-mails from a misconfigured automated system (it's some financial
institution in Austria).  I have followed the instructions on how to
ATTACH, but I am still wondering if this is a final action, i.e. do I
need to still do a DELETE action on the E-mail or will ATTACH keep it
from hitting the original recipient?

  
  
The ATTACH action will deliver the E-mail to the original recipient.
In this case, you could use ROUTETO to cause the E-mail to go back to
the sender ("TESTNAME ROUTETO [EMAIL PROTECTED]"), which would
prevent the original recipient from seeing the E-mail.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail
mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


  

--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

---
[This E-mail was scanned for viruses by Declude Virus

  
  (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


  


-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

RE: [Declude.JunkMail] ATTACH action

2004-09-16 Thread Kevin Bilbee 
Why not just block them from connecting to your server altogether??? Block
their ip addresses.


Kevin Bilbee

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Matt
> Sent: Thursday, September 16, 2004 4:58 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] ATTACH action
>
>
> I was trying to add a message to the message that was being received.
> These boneheads from aim-ag.com hit us with 2,300 messages in under one
> just before noon and this isn't the first time that this happened.  They
> forge the From address to say that is is coming from the same address as
> the To address.  I get the feeling that just ROUTETO'ing back to them
> would cause them to think that we originally sent it, but who knows.  I
> did take all 2,300 of today's messages from a COPYFILE capture and sent
> them back to three of their public addresses by modifying the Q file and
> I also inserted a strongly worded message into the D file.  Hopefully
> that will be enough for them to get the picture.  It sucks to have 2,300
> messages land in your inbox, and my intention was to have this stuff
> automatically get bounced to all three addresses until they stopped.
> Unfortunately asking them to stop was ineffective.
>
> So anyway, it doesn't look like ATTACH is a good answer for this
> considering that the client's domain is only being gatewayed, but
> hopefully my previous actions will cause them to fix it.
>
> Thanks,
>
> Matt
>
>
>
>
> R. Scott Perry wrote:
>
> >
> >> I need to use the ATTACH action to bounce back unwanted E-mails to a
> >> single source that has been bombarding us with thousands of unwanted
> >> E-mails from a misconfigured automated system (it's some financial
> >> institution in Austria).  I have followed the instructions on how to
> >> ATTACH, but I am still wondering if this is a final action, i.e. do I
> >> need to still do a DELETE action on the E-mail or will ATTACH keep it
> >> from hitting the original recipient?
> >
> >
> > The ATTACH action will deliver the E-mail to the original recipient.
> > In this case, you could use ROUTETO to cause the E-mail to go back to
> > the sender ("TESTNAME ROUTETO [EMAIL PROTECTED]"), which would
> > prevent the original recipient from seeing the E-mail.
> >
> >-Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail
> > mailservers since 2000.
> > Declude Virus: Ultra reliable virus detection and the leader in
> > mailserver vulnerability detection.
> > Find out what you've been missing: Ask for a free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail".  The archives can be found
> > at http://www.mail-archive.com.
> >
> >
>
> --
> =
> MailPure custom filters for Declude JunkMail Pro.
> http://www.mailpure.com/software/
> =
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] ATTACH action

2004-09-16 Thread Matt 
I was trying to add a message to the message that was being received.  
These boneheads from aim-ag.com hit us with 2,300 messages in under one 
just before noon and this isn't the first time that this happened.  They 
forge the From address to say that is is coming from the same address as 
the To address.  I get the feeling that just ROUTETO'ing back to them 
would cause them to think that we originally sent it, but who knows.  I 
did take all 2,300 of today's messages from a COPYFILE capture and sent 
them back to three of their public addresses by modifying the Q file and 
I also inserted a strongly worded message into the D file.  Hopefully 
that will be enough for them to get the picture.  It sucks to have 2,300 
messages land in your inbox, and my intention was to have this stuff 
automatically get bounced to all three addresses until they stopped.  
Unfortunately asking them to stop was ineffective.

So anyway, it doesn't look like ATTACH is a good answer for this 
considering that the client's domain is only being gatewayed, but 
hopefully my previous actions will cause them to fix it.

Thanks,
Matt

R. Scott Perry wrote:

I need to use the ATTACH action to bounce back unwanted E-mails to a 
single source that has been bombarding us with thousands of unwanted 
E-mails from a misconfigured automated system (it's some financial 
institution in Austria).  I have followed the instructions on how to 
ATTACH, but I am still wondering if this is a final action, i.e. do I 
need to still do a DELETE action on the E-mail or will ATTACH keep it 
from hitting the original recipient?

The ATTACH action will deliver the E-mail to the original recipient.  
In this case, you could use ROUTETO to cause the E-mail to go back to 
the sender ("TESTNAME ROUTETO [EMAIL PROTECTED]"), which would 
prevent the original recipient from seeing the E-mail.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail 
mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in 
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] ATTACH action

2004-09-16 Thread R. Scott Perry 

I need to use the ATTACH action to bounce back unwanted E-mails to a 
single source that has been bombarding us with thousands of unwanted 
E-mails from a misconfigured automated system (it's some financial 
institution in Austria).  I have followed the instructions on how to 
ATTACH, but I am still wondering if this is a final action, i.e. do I need 
to still do a DELETE action on the E-mail or will ATTACH keep it from 
hitting the original recipient?
The ATTACH action will deliver the E-mail to the original recipient.  In 
this case, you could use ROUTETO to cause the E-mail to go back to the 
sender ("TESTNAME ROUTETO [EMAIL PROTECTED]"), which would prevent the 
original recipient from seeing the E-mail.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] SPF and virtual domains

2004-09-16 Thread Dean Lawrence 
Great! I figured that I would need to do it eventually, but I would
rather do it in stages and not all at once.

Dean


On Thu, 16 Sep 2004 17:11:45 -0400, Sanford Whiteman
<[EMAIL PROTECTED]> wrote:
> > Does anyone know if setting up SPF for a primary domain would affect
> > virtual domains that shares it's IP in Imail?
> 
> It  will  not  "affect"  them--which is both good and bad. If a domain
> doesn't have an SPF record, it will be rejected or negatively weighted
> by  remote  servers that _require_ SPF records (don't worry about this
> for a while, of course).
> 
> --Sandy
> 
> 
> Sanford Whiteman, Chief Technologist
> Broadleaf Systems, a division of
> Cypress Integrated Systems, Inc.
> e-mail: [EMAIL PROTECTED]
> 
> SpamAssassin plugs into Declude!
>  http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/
> 
> Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
>  
> http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/
>  http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/
> 
> 
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] ATTACH action

2004-09-16 Thread Matt 
I need to use the ATTACH action to bounce back unwanted E-mails to a 
single source that has been bombarding us with thousands of unwanted 
E-mails from a misconfigured automated system (it's some financial 
institution in Austria).  I have followed the instructions on how to 
ATTACH, but I am still wondering if this is a final action, i.e. do I 
need to still do a DELETE action on the E-mail or will ATTACH keep it 
from hitting the original recipient?

Thanks,
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] SPF and virtual domains

2004-09-16 Thread Sanford Whiteman 
> Does anyone know if setting up SPF for a primary domain would affect
> virtual domains that shares it's IP in Imail?

It  will  not  "affect"  them--which is both good and bad. If a domain
doesn't have an SPF record, it will be rejected or negatively weighted
by  remote  servers that _require_ SPF records (don't worry about this
for a while, of course).

--Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]

SpamAssassin plugs into Declude!
  http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
  
http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/
  http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] SPF and virtual domains

2004-09-16 Thread R. Scott Perry 

Does anyone know if setting up SPF for a primary domain would affect
virtual domains that shares it's IP in Imail? Will the virtual domains
start to fail SPF tests because the IP that they are bound to in DNS
lists only the primary domain's name in the SPF record. Will I be
forced to setup SPF for all my client's virtual domains as well? I'm
hoping to move into SPF gradually, not in one big shot.
SPF doesn't know or care about virtual domains.
SPF works by having a TXT record for a domain (such as example.com) that 
says what IPs are allowed to send E-mail from that domain.  SPF doesn't 
know that it is a virtual domain, so it is fine to have multiple domains 
allowing mail to be sent from the same IP.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] SPF and virtual domains

2004-09-16 Thread Dean Lawrence 
Does anyone know if setting up SPF for a primary domain would affect
virtual domains that shares it's IP in Imail? Will the virtual domains
start to fail SPF tests because the IP that they are bound to in DNS
lists only the primary domain's name in the SPF record. Will I be
forced to setup SPF for all my client's virtual domains as well? I'm
hoping to move into SPF gradually, not in one big shot.

Thanks,

Dean
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] More info ref: BADHEADERS SPAMHEADERS

2004-09-16 Thread Roderick A. Anderson 
John Tolmachoff (Lists) wrote:

> http://www.declude.com/Articles.asp?ID=100

Damn!  I had this bookmarked but below a couple of other Declude
articles and completely missed it.  Thanks for the whack with the
clue-stick.  :-)


Rod
-- 
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Blacklisted again

2004-09-16 Thread Richard Farris 
I emailed them and asked why they didnt sent anything to abusetheir
email is not in there...thanxs anyway..

Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"

- Original Message - 
From: "Chuck Schick" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 16, 2004 9:28 AM
Subject: RE: [Declude.JunkMail] Blacklisted again


> When you get listed on spamcop they usually send a notice to your abuse
> contacts with full headers.  You should be able to identify the source
> IP address from those headers and then use that IP to check you mail
> logs.  Once you match up the spam with headers with the log files you
> should quickly see what the problem is.
>
> Chuck Schick
> Warp 8, Inc.
> (303)-421-5140
> www.warp8.com
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris
> Sent: Wednesday, September 15, 2004 8:16 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] Blacklisted again
>
>
> I just got blacklisted again with Spamcop...I have taken out every IP
> address from my mail server except for my 1 dial up pool...Everyone else
> must authenticateMy server is still at almost 100% most of the
> time...I am still sending out spam but how do I tell where it is coming
> from...
>
> Richard Farris
> Ethixs Online
> 1.270.247. Office
> 1.800.548.3877 Tech Support
> "Crossroads to a Cleaner Internet"
>
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] More info ref: BADHEADERS SPAMHEADERS

2004-09-16 Thread John Tolmachoff \(Lists\) 
http://www.declude.com/Articles.asp?ID=100

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Roderick A. Anderson
> Sent: Thursday, September 16, 2004 8:26 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] More info ref: BADHEADERS SPAMHEADERS
> 
> I have a script that sends an email using the Perl module Net::SMTP_Auth.
> 
> The messages come through but end up in the spam folder marked as
> BADHEADERS and SPAMHEADERS.  Looking at the on line documentation I
> can't find description as to what these look for or don't find.  I've
> also passed the message through a very old copy of Spamassassin and I
> see several things tagged and have fixed _them_ but I still get the
> BADHEADERS/SPAMHEADERS from Declude.
> 
> This script is run on the mail server and uses a SMTP server on that
> system to send the message to another domain on the same server.
> (Twisted eh?)
> 
> Where can I find more information about BADHEADERS/SPAMHEADERS and how
> to fix the messages so they don't get caught?
> 
> 
> TIA,
> Rod
> --
> Roderick A. Anderson
> Technology Services Management Group
> 
> Spokane WA, 99202
> ---
> [This E-mail scanned for viruses by Declude Virus]
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] More info ref: BADHEADERS SPAMHEADERS

2004-09-16 Thread Roderick A. Anderson 
I have a script that sends an email using the Perl module Net::SMTP_Auth.

The messages come through but end up in the spam folder marked as
BADHEADERS and SPAMHEADERS.  Looking at the on line documentation I
can't find description as to what these look for or don't find.  I've
also passed the message through a very old copy of Spamassassin and I
see several things tagged and have fixed _them_ but I still get the
BADHEADERS/SPAMHEADERS from Declude.

This script is run on the mail server and uses a SMTP server on that
system to send the message to another domain on the same server.
(Twisted eh?)

Where can I find more information about BADHEADERS/SPAMHEADERS and how
to fix the messages so they don't get caught?


TIA,
Rod
-- 
Roderick A. Anderson
Technology Services Management Group

Spokane WA, 99202
---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Blacklisted again

2004-09-16 Thread Chuck Schick 
When you get listed on spamcop they usually send a notice to your abuse
contacts with full headers.  You should be able to identify the source
IP address from those headers and then use that IP to check you mail
logs.  Once you match up the spam with headers with the log files you
should quickly see what the problem is.

Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris
Sent: Wednesday, September 15, 2004 8:16 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Blacklisted again


I just got blacklisted again with Spamcop...I have taken out every IP
address from my mail server except for my 1 dial up pool...Everyone else
must authenticateMy server is still at almost 100% most of the
time...I am still sending out spam but how do I tell where it is coming
from...

Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Blacklisted again

2004-09-16 Thread Richard Farris 



Thanks for the info..I will send this to my guys 
that are working on it...
Richard FarrisEthixs Online1.270.247. 
Office1.800.548.3877 Tech Support"Crossroads to a Cleaner 
Internet"

  - Original Message - 
  From: 
  Larry 
  Craddock 
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, September 16, 2004 7:11 
  AM
  Subject: Re: [Declude.JunkMail] 
  Blacklisted again
  
  Good suggestion and if you're not familiar with 
  linux and don't have time to learn right now just get the windows version. 
  You'll need to install winpcap first and then ethereal. You can get them both 
  here: http://www.ethereal.com/distribution/win32/ They 
  work great.
   
  Larry Craddock
  
- Original Message - 
From: 
Jeff Maze 
To: [EMAIL PROTECTED] 

Sent: Thursday, September 16, 2004 6:44 
AM
Subject: RE: [Declude.JunkMail] 
Blacklisted again

Hook the server up to a hub and then hook another 
computer to the hub..  Next, get a network sniffer (Linux machine and 
ethereal works great) and sniff to see what information is being 
passed..  Run it for about 30 seconds and you should have enough 
information to begin working 
with..

Re: [Declude.JunkMail] Blacklisted again

2004-09-16 Thread Larry Craddock 



Good suggestion and if you're not familiar with 
linux and don't have time to learn right now just get the windows version. 
You'll need to install winpcap first and then ethereal. You can get them both 
here: http://www.ethereal.com/distribution/win32/ They 
work great.
 
Larry Craddock

  - Original Message - 
  From: 
  Jeff Maze 
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, September 16, 2004 6:44 
  AM
  Subject: RE: [Declude.JunkMail] 
  Blacklisted again
  
  Hook the server up to a hub and then hook another 
  computer to the hub..  Next, get a network sniffer (Linux machine and 
  ethereal works great) and sniff to see what information is being 
  passed..  Run it for about 30 seconds and you should have enough 
  information to begin working 
with..

RE: [Declude.JunkMail] Blacklisted again

2004-09-16 Thread Jeff Maze 



Hook the server up to a hub and then hook another computer 
to the hub..  Next, get a network sniffer (Linux machine and ethereal works 
great) and sniff to see what information is being passed..  Run it for 
about 30 seconds and you should have enough information to begin working 
with..
 


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Richard 
FarrisSent: Wednesday, September 15, 2004 10:16 PMTo: 
[EMAIL PROTECTED]Subject: [Declude.JunkMail] Blacklisted 
again

I just got 
blacklisted again with Spamcop...I have taken out every IP address from my mail 
server except for my 1 dial up pool...Everyone else must authenticateMy 
server is still at almost 100% most of the time...I am still sending out spam 
but how do I tell where it is coming from...
Richard FarrisEthixs 
Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to 
a Cleaner Internet"