RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude
Having said that could it be one of the external tests that Declude is calling? In other words, it would appear that the problem is with Declude.exe but it's really with a shelled process that declude is calling? That shouldn't cause this -- Declude will timeout the external process if it takes too long.Looks like this is the problem.I removed all of our External tests except Sniffer and the problem has gone away.Anyone had problems with SpamChk or the others listed here?Here's what we're running?#SUBJECT-OBFUSCATE external weight "e:\IMail\Declude\obfsubj.exe PATH=e:\IMail\declude\OBSubFilters LOG=HIGH CW=%WEIGHT% SW=350 %SUBJECT%" 0 0#HEADERCODE-FILTER external weight "e:\IMail\Declude\HEADER2.exe PATH=e:\IMail\declude\HeaderFilters LOG=HIGH CW=%WEIGHT% SW=350 %HEADERCODE%" 0 0#DISPLAY-FROM external weight "e:\IMail\Declude\dispfrom.exe PATH=e:\IMail\declude\DispFrom LOG=HIGH CW=%WEIGHT% SW=350 %HEADERS%" 40 0#Size Tests#SIZE-XXS Result Code 11 - Less than 0.5 KB (but not zero)#SIZE-XS Result Code 12 - Between 0.5 KB and 5 KB#SIZE-S Result Code 13 - Between 5 KB and 30 KB#SIZE-M Result Code 14 - Between 30 KB and 100 KB#SIZE-L Result Code 15 - Between 100 KB and 300 KB#SIZE-XL Result Code 16 - Between 300 KB and 1000 KB#SIZE-XXL Result Code 17 - Greater than or equal to 1000 KB## Values# SZ = String of Message Sizes# CW = Current Weight# SW = Skip Weight#SIZE-XXS external 11 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 20 0#SIZE-XS external 12 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-S external 13 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-M external 14 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-L external 15 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=140" -20 0#SIZE-XL external 16 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=150" -30 0#SIZE-XXL external 17 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=170" -50 0# SNIFFER TESTSMS-TRAVEL external 047 "SNIFFER_CODE" 100 0MS-INSURANCE external 048 "SNIFFER_CODE" 150 0MS-AV-PUSH external 049 "SNIFFER_CODE" 100 0MS-THEFT external 050 "SNIFFER_CODE" 150 0MS-SPAMWARE external 051 "SNIFFER_CODE" 150 0MS-SNAKEOIL external 052 "SNIFFER_CODE" 150 0MS-SCAMS external 053 "SNIFFER_CODE" 150 0MS-PORN external 054 "SNIFFER_CODE" 170 0MS-MALWARE external 055 "SNIFFER_CODE" 170 0MS-SALES external 056 "SNIFFER_CODE" 150 0MS-SCHEMES external 057 "SNIFFER_CODE" 150 0MS-CREDIT external 058 "SNIFFER_CODE" 150 0MS-GAMBLING external 059 "SNIFFER_CODE" 150 0MS-GREYMAIL external 060 "SNIFFER_CODE" 90 0MS-OBFUSCATION external 061 "SNIFFER_CODE" 150 0MS-SPAM external 062 "SNIFFER_CODE" 120 0MS-GENERAL external 063 "SNIFFER_CODE" 120 0MS-WHITE external 000 "SNIFFER_CODE" 0 0# SPAMCHK#SPAMCHK external weight "e:\IMail\declude\SpamChk\spamchk.exe"
RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude
Never seen this problem but at this time I've running 3 external tests. in your cfg I can see 12 different calls of external programs Add the call of declude.exe and maybe 2 av-engines and multiply this number by the number of messages your server is processing each day. I assume it will be a big value. Maybe too big for your server. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. SmithSent: Thursday, December 16, 2004 1:18 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude Having said that could it be one of the external tests that Declude is calling? In other words, it would appear that the problem is with Declude.exe but it's really with a shelled process that declude is calling? That shouldn't cause this -- Declude will timeout the external process if it takes too long.Looks like this is the problem.I removed all of our External tests except Sniffer and the problem has gone away.Anyone had problems with SpamChk or the others listed here?Here's what we're running?#SUBJECT-OBFUSCATE external weight "e:\IMail\Declude\obfsubj.exe PATH=e:\IMail\declude\OBSubFilters LOG=HIGH CW=%WEIGHT% SW=350 %SUBJECT%" 0 0#HEADERCODE-FILTER external weight "e:\IMail\Declude\HEADER2.exe PATH=e:\IMail\declude\HeaderFilters LOG=HIGH CW=%WEIGHT% SW=350 %HEADERCODE%" 0 0#DISPLAY-FROM external weight "e:\IMail\Declude\dispfrom.exe PATH=e:\IMail\declude\DispFrom LOG=HIGH CW=%WEIGHT% SW=350 %HEADERS%" 40 0#Size Tests#SIZE-XXS Result Code 11 - Less than 0.5 KB (but not zero)#SIZE-XS Result Code 12 - Between 0.5 KB and 5 KB#SIZE-S Result Code 13 - Between 5 KB and 30 KB#SIZE-M Result Code 14 - Between 30 KB and 100 KB#SIZE-L Result Code 15 - Between 100 KB and 300 KB#SIZE-XL Result Code 16 - Between 300 KB and 1000 KB#SIZE-XXL Result Code 17 - Greater than or equal to 1000 KB## Values# SZ = String of Message Sizes# CW = Current Weight# SW = Skip Weight#SIZE-XXS external 11 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 20 0#SIZE-XS external 12 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-S external 13 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-M external 14 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-L external 15 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=140" -20 0#SIZE-XL external 16 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=150" -30 0#SIZE-XXL external 17 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=170" -50 0# SNIFFER TESTSMS-TRAVEL external 047 "SNIFFER_CODE" 100 0MS-INSURANCE external 048 "SNIFFER_CODE" 150 0MS-AV-PUSH external 049 "SNIFFER_CODE" 100 0MS-THEFT external 050 "SNIFFER_CODE" 150 0MS-SPAMWARE external 051 "SNIFFER_CODE" 150 0MS-SNAKEOIL external 052 "SNIFFER_CODE" 150 0MS-SCAMS external 053 "SNIFFER_CODE" 150 0MS-PORN external 054 "SNIFFER_CODE" 170 0MS-MALWARE external 055 "SNIFFER_CODE" 170 0MS-SALES external 056 "SNIFFER_CODE" 150 0MS-SCHEMES external 057 "SNIFFER_CODE" 150 0MS-CREDIT external 058 "SNIFFER_CODE" 150 0MS-GAMBLING external 059 "SNIFFER_CODE" 150 0MS-GREYMAIL external 060 "SNIFFER_CODE" 90 0MS-OBFUSCATION external 061 "SNIFFER_CODE" 150 0MS-SPAM external 062 "SNIFFER_CODE" 120 0MS-GENERAL external 063 "SNIFFER_CODE" 120 0MS-WHITE external 000 "SNIFFER_CODE" 0 0# SPAMCHK#SPAMCHK external weight "e:\IMail\declude\SpamChk\spamchk.exe"
RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude
We're pushing about 150,000 messages per day through this server. Dual processor 2Ghz, 2GB RAM, RAID 5. This server ONLY runs Imail/Declude as a gateway. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus GuflerSent: Thursday, December 16, 2004 8:08 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude Never seen this problem but at this time I've running 3 external tests. in your cfg I can see 12 different calls of external programs Add the call of declude.exe and maybe 2 av-engines and multiply this number by the number of messages your server is processing each day. I assume it will be a big value. Maybe too big for your server. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. SmithSent: Thursday, December 16, 2004 1:18 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude Having said that could it be one of the external tests that Declude is calling? In other words, it would appear that the problem is with Declude.exe but it's really with a shelled process that declude is calling? That shouldn't cause this -- Declude will timeout the external process if it takes too long.Looks like this is the problem.I removed all of our External tests except Sniffer and the problem has gone away.Anyone had problems with SpamChk or the others listed here?Here's what we're running?#SUBJECT-OBFUSCATE external weight "e:\IMail\Declude\obfsubj.exe PATH=e:\IMail\declude\OBSubFilters LOG=HIGH CW=%WEIGHT% SW=350 %SUBJECT%" 0 0#HEADERCODE-FILTER external weight "e:\IMail\Declude\HEADER2.exe PATH=e:\IMail\declude\HeaderFilters LOG=HIGH CW=%WEIGHT% SW=350 %HEADERCODE%" 0 0#DISPLAY-FROM external weight "e:\IMail\Declude\dispfrom.exe PATH=e:\IMail\declude\DispFrom LOG=HIGH CW=%WEIGHT% SW=350 %HEADERS%" 40 0#Size Tests#SIZE-XXS Result Code 11 - Less than 0.5 KB (but not zero)#SIZE-XS Result Code 12 - Between 0.5 KB and 5 KB#SIZE-S Result Code 13 - Between 5 KB and 30 KB#SIZE-M Result Code 14 - Between 30 KB and 100 KB#SIZE-L Result Code 15 - Between 100 KB and 300 KB#SIZE-XL Result Code 16 - Between 300 KB and 1000 KB#SIZE-XXL Result Code 17 - Greater than or equal to 1000 KB## Values# SZ = String of Message Sizes# CW = Current Weight# SW = Skip Weight#SIZE-XXS external 11 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 20 0#SIZE-XS external 12 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-S external 13 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-M external 14 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-L external 15 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=140" -20 0#SIZE-XL external 16 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=150" -30 0#SIZE-XXL external 17 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=170" -50 0# SNIFFER TESTSMS-TRAVEL external 047 "SNIFFER_CODE" 100 0MS-INSURANCE external 048 "SNIFFER_CODE" 150 0MS-AV-PUSH external 049 "SNIFFER_CODE" 100 0MS-THEFT external 050 "SNIFFER_CODE" 150 0MS-SPAMWARE external 051 "SNIFFER_CODE" 150 0MS-SNAKEOIL external 052 "SNIFFER_CODE" 150 0MS-SCAMS external 053 "SNIFFER_CODE" 150 0MS-PORN external 054 "SNIFFER_CODE" 170 0MS-MALWARE external 055 "SNIFFER_CODE" 170 0MS-SALES external 056 "SNIFFER_CODE" 150 0MS-SCHEMES external 057 "SNIFFER_CODE" 150 0MS-CREDIT external 058 "SNIFFER_CODE" 150 0MS-GAMBLING external 059 "SNIFFER_CODE" 150 0MS-GREYMAIL external 060 "SNIFFER_CODE" 90 0MS-OBFUSCATION external 061 "SNIFFER_CODE" 150 0MS-SPAM external 062 "SNIFFER_CODE"
[Declude.JunkMail] IPBYPASS Question
Can a CIDR range be used with the IPBYPASS option We just acquired a company who has Postini in the loop and I need to skip their IPs IPBYPASS 64.18.0.0/20 Rick Davidson National Systems Manager North American Title Group --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude
So 150,000 msgs x 15 exes = 225 ... due to prefiltered viruses let's say 1,500,000 exe calls each day. Or in other words: each processor has to run around 8 exes each second, not considering peak and low-traffic times. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. SmithSent: Thursday, December 16, 2004 4:33 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude We're pushing about 150,000 messages per day through this server. Dual processor 2Ghz, 2GB RAM, RAID 5. This server ONLY runs Imail/Declude as a gateway. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus GuflerSent: Thursday, December 16, 2004 8:08 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude Never seen this problem but at this time I've running 3 external tests. in your cfg I can see 12 different calls of external programs Add the call of declude.exe and maybe 2 av-engines and multiply this number by the number of messages your server is processing each day. I assume it will be a big value. Maybe too big for your server. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. SmithSent: Thursday, December 16, 2004 1:18 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude Having said that could it be one of the external tests that Declude is calling? In other words, it would appear that the problem is with Declude.exe but it's really with a shelled process that declude is calling? That shouldn't cause this -- Declude will timeout the external process if it takes too long.Looks like this is the problem.I removed all of our External tests except Sniffer and the problem has gone away.Anyone had problems with SpamChk or the others listed here?Here's what we're running?#SUBJECT-OBFUSCATE external weight "e:\IMail\Declude\obfsubj.exe PATH=e:\IMail\declude\OBSubFilters LOG=HIGH CW=%WEIGHT% SW=350 %SUBJECT%" 0 0#HEADERCODE-FILTER external weight "e:\IMail\Declude\HEADER2.exe PATH=e:\IMail\declude\HeaderFilters LOG=HIGH CW=%WEIGHT% SW=350 %HEADERCODE%" 0 0#DISPLAY-FROM external weight "e:\IMail\Declude\dispfrom.exe PATH=e:\IMail\declude\DispFrom LOG=HIGH CW=%WEIGHT% SW=350 %HEADERS%" 40 0#Size Tests#SIZE-XXS Result Code 11 - Less than 0.5 KB (but not zero)#SIZE-XS Result Code 12 - Between 0.5 KB and 5 KB#SIZE-S Result Code 13 - Between 5 KB and 30 KB#SIZE-M Result Code 14 - Between 30 KB and 100 KB#SIZE-L Result Code 15 - Between 100 KB and 300 KB#SIZE-XL Result Code 16 - Between 300 KB and 1000 KB#SIZE-XXL Result Code 17 - Greater than or equal to 1000 KB## Values# SZ = String of Message Sizes# CW = Current Weight# SW = Skip Weight#SIZE-XXS external 11 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 20 0#SIZE-XS external 12 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-S external 13 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-M external 14 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-L external 15 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=140" -20 0#SIZE-XL external 16 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=150" -30 0#SIZE-XXL external 17 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=170" -50 0# SNIFFER TESTSMS-TRAVEL external 047 "SNIFFER_CODE" 100 0MS-INSURANCE external 048 "SNIFFER_CODE" 150 0MS-AV-PUSH external 049 "SNIFFER_CODE" 100 0MS-THEFT external 050 "SNIFFER_CODE" 150 0MS-SPAMWARE external 051 "SNIFFER_CODE" 150 0MS-SNAKEOIL external 052 "SNIFFER_CODE" 150 0MS-SCAMS external 053
RE: [Declude.JunkMail] Imail/Declude queues backing up - Narrowed down to Scott Fisher's externals
I've been able to narrow down the locked file problem to Scott Fisher's external tests. I re-enabled SpamCHK - no problems. If I enable any of the following: size.exe obfsubj.exeHEADER2.exe dispfrom.exe I start seeing random locked files in the \spool directory. Scott, Any thoughts on this? Thanks! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. SmithSent: Thursday, December 16, 2004 10:33 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude We're pushing about 150,000 messages per day through this server. Dual processor 2Ghz, 2GB RAM, RAID 5. This server ONLY runs Imail/Declude as a gateway. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus GuflerSent: Thursday, December 16, 2004 8:08 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude Never seen this problem but at this time I've running 3 external tests. in your cfg I can see 12 different calls of external programs Add the call of declude.exe and maybe 2 av-engines and multiply this number by the number of messages your server is processing each day. I assume it will be a big value. Maybe too big for your server. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. SmithSent: Thursday, December 16, 2004 1:18 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Imail/Declude queues backing up - I think it's Declude Having said that could it be one of the external tests that Declude is calling? In other words, it would appear that the problem is with Declude.exe but it's really with a shelled process that declude is calling? That shouldn't cause this -- Declude will timeout the external process if it takes too long.Looks like this is the problem.I removed all of our External tests except Sniffer and the problem has gone away.Anyone had problems with SpamChk or the others listed here?Here's what we're running?#SUBJECT-OBFUSCATE external weight "e:\IMail\Declude\obfsubj.exe PATH=e:\IMail\declude\OBSubFilters LOG=HIGH CW=%WEIGHT% SW=350 %SUBJECT%" 0 0#HEADERCODE-FILTER external weight "e:\IMail\Declude\HEADER2.exe PATH=e:\IMail\declude\HeaderFilters LOG=HIGH CW=%WEIGHT% SW=350 %HEADERCODE%" 0 0#DISPLAY-FROM external weight "e:\IMail\Declude\dispfrom.exe PATH=e:\IMail\declude\DispFrom LOG=HIGH CW=%WEIGHT% SW=350 %HEADERS%" 40 0#Size Tests#SIZE-XXS Result Code 11 - Less than 0.5 KB (but not zero)#SIZE-XS Result Code 12 - Between 0.5 KB and 5 KB#SIZE-S Result Code 13 - Between 5 KB and 30 KB#SIZE-M Result Code 14 - Between 30 KB and 100 KB#SIZE-L Result Code 15 - Between 100 KB and 300 KB#SIZE-XL Result Code 16 - Between 300 KB and 1000 KB#SIZE-XXL Result Code 17 - Greater than or equal to 1000 KB## Values# SZ = String of Message Sizes# CW = Current Weight# SW = Skip Weight#SIZE-XXS external 11 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 20 0#SIZE-XS external 12 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-S external 13 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-M external 14 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=120" 0 0#SIZE-L external 15 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=140" -20 0#SIZE-XL external 16 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=150" -30 0#SIZE-XXL external 17 "e:\IMail\Declude\Size.exe SZ=.5,5,30,100,300,1000 CW=%WEIGHT% SW=170" -50 0# SNIFFER TESTSMS-TRAVEL external 047 "SNIFFER_CODE" 100 0MS-INSURANCE external 048 "SNIFFER_CODE" 150 0MS-AV-PUSH external 049 "SNIFFER_CODE" 100 0MS-THEFT external 050 "SNIFFER_CODE" 150 0MS-SPAMWARE external 051 "SNIFFER_CODE" 150 0MS-SNAKEOIL external 052 "SNIFFER_CODE"
Re: [Declude.JunkMail] declude problems after imail upgrade.
I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. What do the IMail and Declude log files show for the E-mail?What version of IMail are you running? What version of Declude are you running? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New info in Yahoo HELO string?
I have started to notice alot of headers lately with @x.x.x.x with login included in them from yahoo SMTP servers (including mail from sbcglobal.net customers). Maybe it isn't new but looks like something decent to key in on when looking for legit mail. What is the likeliness of spam coming from an authed account? Coincidentally the header I grabbed for the sample in this post contained a funny HELO :-) Received: from unknown (HELO ASS) ([EMAIL PROTECTED]@4.41.173.154 with login) Rick Davidson National Systems Manager North American Title Group --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
I did search the declude log file for [EMAIL PROTECTED] but could not find anything.. If you use the XSPOOLNAME ON option in the \IMail\Declude\global.cfg file, it will be easy to find the entries for the E-mail in the log file. If you do not use the XSPOOLNAME ON option, you may need to look at the IMail SMTP log file to file the queue file name of the E-mail, and search the Declude JunkMail log file for it (minus the first character and extension; for example, if you see Q1234567.SMD in the IMail log, you would search the Declude JunkMail log for 1234567). IMail v8.14 takes care of most of the known bugs that could prevent it from calling Declude, but there are still one or two left (such as the possibility of it happening when the queue manager is stopped before the SMTP service is). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
Here is 2 messages that did fail weight350 and did get saved in the weight350 directory. This is working correctly, expect there are no declude headers for the messages. Below each message is the lines from the declude log file: Received: from z-point.de [24.202.78.132] by deepspace.i360.net (SMTPD32-8.14) id AA1018301E8; Thu, 16 Dec 2004 15:11:44 -0600 Received: from 150.238.113.147 by smtp.tecban.com.br; Thu, 16 Dec 2004 21:04:45 + Message-ID: [EMAIL PROTECTED] From: Cristina Pickett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: New product! Cialis soft tabs. Date: Thu, 16 Dec 2004 18:04:33 -0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Status: Possible SPAM, hits=7.00 required=5.00 tests=SUBJECT_DRUG_GAP_C:2.90 tests=BAYES_99:4.10 12/16/2004 15:11:50 Qfa10018301e85c11 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 24.202.78.132 ID: 12/16/2004 15:11:50 Qfa10018301e85c11 Tests failed [weight=435]: DSBL=WARN SPAMCOP=WARN FIVETENSRC=WARN CBL=WARN SORBS-DUL=WARN SPAMDOMAINS=WARN NOLEGITCONTENT=WARN IPNOTINMX=WARN CMDSPACE=WARN EFFILTER=WARN EFFILTER5-9=WARN COUNTRYFILTER=WARN SNIFFER=WARN WEIGHT75=WARN WEIGHT100=HOLD WEIGHT350=COPYFILE CATCHALLMAILS=IGNORE 12/16/2004 15:11:50 Qfa10018301e85c11 Last action = HOLD. Received: from 64.95.220.80 [61.107.153.188] by deepspace.i360.net (SMTPD32-8.14) id A9F42CB0218; Thu, 16 Dec 2004 15:11:16 -0600 Received: from mn68.jxg.gpvig.com ([134.120.6.47]) by mc12-f20.hotmail.com with Microsoft SMTPSVC(5.0.2195.08347); Wed, 15 Dec 2004 23:26:24 +0200 Received: from mb24.dko.bkvok.com ([224.224.232.122])by mx21.scy.tjdwr.com (8.12.3/8.12.3) with ESMTP id i2E5XSGm029877for [EMAIL PROTECTED]; Wed, 15 Dec 2004 17:27:24 -0400 X-Message-Info: WR29Th3to0Xu9wfR/8vk2Ct7sgB Return-Path: [EMAIL PROTECTED] Date: Wed, 15 Dec 2004 19:23:24 -0200 Subject: Get Cable FOR NOTHING Wed, 15 Dec 2004 13:29:24 -0800 From: Jean Mclaughlin [EMAIL PROTECTED] To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--080875099130426541 X-Spam-Status: Possible SPAM, hits=14.40 required=5.00 tests=MIME_BOUND_DD_DIGITS:3.20 tests=RCVD_FAKE_IP_224:3.10 tests=X_MESSAGE_INFO:3.30 tests=BAYES_90:3.00 tests=MIME_MISSING_BOUNDARY:1.80 12/16/2004 15:11:22 Qf9f302cb02185bdd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 61.107.153.188 ID: i2E5XSGm029877for 12/16/2004 15:11:22 Qf9f302cb02185bdd Tests failed [weight=683]: SPAMCOP=WARN FIVETENSRC=WARN CBL=WARN SORBS-DUL=WARN MAILPOLICE-BULK=WARN BHOLE-KOREA=WARN SUBJECTSPACES7=WARN NOLEGITCONTENT=WARN BADHEADERS=WARN IPNOTINMX=WARN REVDNS=WARN ROUTING=WARN SPAMHEADERS=WARN CMDSPACE=WARN EFFILTER=WARN EFFILTER10-14=WARN COUNTRYFILTER=WARN SNIFFER=WARN WEIGHT75=WARN WEIGHT100=HOLD WEIGHT350=COPYFILE CATCHALLMAILS=IGNORE 12/16/2004 15:11:22 Qf9f302cb02185bdd Last action = HOLD. The message below came to my inbox and has no declude headers and I can not find the sender [EMAIL PROTECTED] in the declude log file. Received: from dsl47-172.pool.bitel.net [212.100.47.172] by deepspace.i360.net (SMTPD32-8.14) id AB734400DA; Thu, 16 Dec 2004 00:30:11 -0600 Received: from affable.roliosaa.com ([24.122.72.118]) by shay.beinjgh.com (InterMail vK.4.04.00.03 635-306-403-20030852 license 9nm547ll4323r7kq3y1ztk9766t8kjo6) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 16 Dec 2004 07:25:21 +0100 Received: from www.roliosaa.com (231.231.144.0) by affable.roliosaa.com (RS ver 1.0.92vs) with SMTP id 3-26c103487040 for [EMAIL PROTECTED]; Thu, 16 Dec 2004 09:22:21 +0300 (EDT) Date: Wed, 15 Dec 2004 23:27:21 -0700 From: Demetrius Nunez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Cheao Online Pharmacy::: Sender: Demetrius Nunez [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Spam-Status: Possible SPAM, hits=7.20 required=5.00 tests=BAYES_99:4.10 tests=ONLINE_PHARMACY:3.10 R. Scott Perry wrote: I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. What do the IMail and Declude log files show for the E-mail?What version of IMail are you running? What version of Declude are you running? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask
Re: [Declude.JunkMail] declude problems after imail upgrade.
Here is 2 messages that did fail weight350 and did get saved in the weight350 directory. This is working correctly, expect there are no declude headers for the messages. Below each message is the lines from the declude log file: The only time that I have seen this happen (an E-mail that didn't appear to have Declude headers, but was indeed scanned by Declude without any problems) was when Declude *did* add the headers, but the spam was malformed so badly that the body of the spam was in the headers. If you check the D*.SMD file and see the Declude headers anywhere in there, then this is the case. The message below came to my inbox and has no declude headers and I can not find the sender [EMAIL PROTECTED] in the declude log file. You won't be able to. See my previous message. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] mailpolice
Hi, Is anyone using mailpolice and if so what details are required in the global.cfg file? _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Fw: [Declude.JunkMail] New info in Yahoo HELO string?
Hey who ever this is on this list can you turn this off please, its a tad bit inapropriate for a public list don't you think? I started getting these today each time I posted to the junkmail list. From: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Inc [EMAIL PROTECTED] Rick Davidson National Systems Manager North American Title Group - - Original Message - From: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Inc [EMAIL PROTECTED] To: Rick Davidson [EMAIL PROTECTED] Sent: Thursday, December 16, 2004 4:30 PM Subject: Re: [Declude.JunkMail] New info in Yahoo HELO string? Rick Davidson, This is Joseph Trimboli, System Administrator, Cyberlink, Inc. I am running Spam Interceptor to get rid of junk email. Please follow this link to verify that the message you sent me isn't junk email. http://si20.com/auth?uid=2600mid=4sid=rdavidson%40nat.com Your email was intercepted because it got a spam rating of 2.9 and I set Spam Interceptor to ask everyone who sends me a message rated over 2 to authenticate. When you authenticate I'll receive your email and you'll never have to authenticate for me again, no matter what spam rating your emails get. Thanks, Joseph Trimboli, System Administrator, Cyberlink, Inc ___ For more information on Spam Interceptor go to http://si20.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AVFILTER Combo
Hi all, Due to the constat increasing number of needless virus warning messages from dumb av-scanners not knowing what worms are forging I've tried to set up a COMBO filter to catch this messages as spam. (Text filter files for Junkmail Pro) On (remove the space in the middle) http://www2.spamchk.com/ download/AVFILTER-COMBO_v0.3.zip I've prepared the 4 files files for download in the hope that other users can befefit from it and maybe also bring in some improvements. How it works: The Combo-filter looks for certain combinations of phrases commonly used in virus warning messages. The phrases are seprated in 3 categories VNAME: virusnames known to be forging (example: Sober) WARN: phrases used to report some action or warning (example: quarantined, delivered, blocked) ITEM: phrases mentioning the identified item (example: virus, file, atachment) The last filter file is the COMBO-test and the only one assigning weights. It's able to add points if WARN and VNAME or WARN and ITEM was triggered before. Furthermore it can add additional points if WARN and VNAME and ITEM was triggered before. The tests can be used in the global.cfg file like AVFILTER-VNAME filter C:\IMail\Declude\lists\filter_av_vname.txt x 0 0 AVFILTER-WARN filter C:\IMail\Declude\lists\filter_av_warn.txt x 0 0 AVFILTER-ITEM filter C:\IMail\Declude\lists\filter_av_item.txt x 0 0 AVFILTER-COMBO filter C:\IMail\Declude\lists\filter_av_combo.txt x 0 0 Maybe some others brain can find something to improve this COMBO filter. In this case please report it to me so that I can maintain up-to-date a centralized version of this COMBO filter. I will notify the list if updates are available, for example if a new forging virus is comming up. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. Received: from 64.95.220.80 [217.96.6.120] by deepspace.i360.net (SMTPD32-8.14) id AB6D3008E; Thu, 16 Dec 2004 00:30:05 -0600 Received: from beforehand.purpossz.com ([59.208.20.202]) by esophagi.purpossz.com (Sun Java System Messaging Server 6.1 HotFix 0.07 (built Aug 27 2004)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 16 Dec 2004 02:22:15 -0400 (IST) Received: from bobble.disppopp.com ([32.192.160.12]) by beforehand.purpossz.com (Sun Java System Messaging Server 6.1 HotFix 0.06 (built Aug 27 2004)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Thu, 16 Dec 2004 03:24:15 -0300 (IST) Received: from sycophant.disppopp.com ([130.50.0.160]) by bobble.disppopp.com with Microsoft SMTPSVC(6.0.2951.707); Thu, 16 Dec 2004 02:25:15 -0400 Date: Thu, 16 Dec 2004 09:29:15 +0300 From: Josefa Yu [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ,Best Online Pharmacy Sender: Josefa Yu [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] MIME-Version: 1.0 Content-type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 397200687 This one came in a few hours later and you see the Declude headers: Received: from 3D1 [12.96.0.66] by 3dnetsolutions.com with ESMTP (SMTPD32-8.14) id A46A3EE0122; Thu, 16 Dec 2004 06:49:46 -0600 From: David Brauner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Stone Store Date: Thu, 16 Dec 2004 06:45:45 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0006_01C4E33A.E063C620 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcTjbSjjgbGMUjKmTO+xUhD2Mk6M8g== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Message-Id: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [12.96.0.66] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from fw01.aumgt.com ([12.96.0.66]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 397200690 Heimir Eidskrem wrote: Imail's anti spam is turned off. Atleast I think it is. I have nothing in the DNS list and do not have the antispam option under the domains. Here is another header and it does not show the Imail spam header: Note that is only show weight75 but with a score of 540 Received: from FIREWALL [200.228.80.2] by deepspace.i360.net (SMTPD32-8.14) id AD04801DC; Thu, 16 Dec 2004 00:36:52 -0600 Received: from dns0.keromail.com ([132.146.16.88]) by 1swk-wkl15.200.228.80.2 with Microsoft SMTPSVC(5.0.3243.5389); Thu, 16 Dec 2004 05:30:07 -0100 Reply-To: Your wife sleeps around man [EMAIL PROTECTED] From: Your wife sleeps around man [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: MILF looking for fun Date: Thu, 16 Dec 2004 02:27:07 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--9567293821psrq3033 Message-Id: [EMAIL PROTECTED] X-RBL-Warning: DSBL: http://dsbl.org/listing?200.228.80.2; X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?200.228.80.2; X-RBL-Warning: NJABLPROXIES: open proxy -- 1096166403 X-RBL-Warning: FIVETENSRC: miscellaneous address blocks that have sent spam here X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.228.80.2; X-RBL-Warning: BHOLE-BRAZIL: Brazil blocked by brazil.blackholes.us X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: HELOBOGUS: Domain FIREWALL has no MX or A records [0301]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.228.80.2 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [630f]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [630f]. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 29, weight 20) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 54. X-RBL-Warning: WEIGHT75: Weight of 540 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [200.228.80.2] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: DSBL, SPAMCOP, NJABLPROXIES, FIVETENSRC, CBL, BHOLE-BRAZIL, NOLEGITCONTENT, HELOBOGUS, IPNOTINMX, REVDNS, ROUTING, SPAMHEADERS, CMDSPACE, COUNTRYFILTER, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [540] X-Country-Chain: 'EU' [corrupt RIPE data]-BRAZIL-destination X-Note: This E-mail was sent from [No Reverse DNS] ([200.228.80.2]). Matt wrote: From the attached issue #2 headers I saw the following that suggests the issue: X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892) You need to make sure that IMail's spam stuff is turned off. It seems like
RE: [Declude.JunkMail] IPBYPASS Question
But, Rick, Postini does a fabulous job of spam and virus control. Just ask them! You won't need to IPBYPASS them at all. Andrew (tongue firmly in cheek) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Thursday, December 16, 2004 7:46 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] IPBYPASS Question Can a CIDR range be used with the IPBYPASS option We just acquired a company who has Postini in the loop and I need to skip their IPs IPBYPASS 64.18.0.0/20 Rick Davidson National Systems Manager North American Title Group --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPBYPASS Question
LOL Andrew, thats why I call them Postweenie Here is what I need to bypass: Received: from equal.iaxs.net (localhost [127.0.0.1]) by equal.iaxs.net (8.12.11/8.12.11) with ESMTP id iBGHrg1m020919 for AddressRemoved; Thu, 16 Dec 2004 11:53:42 -0600 (CST) Received: (from [EMAIL PROTECTED]) by equal.iaxs.net (8.12.11/8.12.11/Submit) id iBGHrQfe020609 for AddressRemoved; Thu, 16 Dec 2004 11:53:26 -0600 (CST) Received: from psmtp.com (exprod5mx126.postini.com [64.18.0.40]) by equal.iaxs.net (8.12.11/8.12.11) with SMTP id iBGHrPC5020578 for AddressRemoved; Thu, 16 Dec 2004 11:53:25 -0600 (CST) Received: from source ([210.105.115.179]) by exprod5mx126.postini.com ([64.18.4.10]) with SMTP; Thu, 16 Dec 2004 12:53:23 EST equal.iaxs.net (localhost [127.0.0.1]) is triggering country test for ARIN Resevered Space I added the ip address for equal.iaxs.net but it isnt helping The IPs of the Postini systems keep changing so using the CIDR range is my only option until I can get their email moved entirely. Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 16, 2004 12:17 PM Subject: RE: [Declude.JunkMail] IPBYPASS Question But, Rick, Postini does a fabulous job of spam and virus control. Just ask them! You won't need to IPBYPASS them at all. Andrew (tongue firmly in cheek) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Thursday, December 16, 2004 7:46 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] IPBYPASS Question Can a CIDR range be used with the IPBYPASS option We just acquired a company who has Postini in the loop and I need to skip their IPs IPBYPASS 64.18.0.0/20 Rick Davidson National Systems Manager North American Title Group --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude problems after imail upgrade.
Hi I also got one mail that I noticed did not have any Declude headers (it was spam, that's why I checked the headers to see why it was not marked as spam) From the logs I found traces of the e-mail in Imail, and in Declude Virus, but not in Declude Spam. I made no changes to the setup of Imail/Declude for a long time except to change a few weights. If you need the e-mail and log files just say so. Regards, Kaj -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: 16. december 2004 18:03 I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
Scott, This is from the my first email regarding this: Hello there, I did an upgrade to 8.14 tonight and im seeing a few things thats are different. Tech info: Imail 8.14 Declude 1.81 (Junkmail/virus Pro) Server 2.6Ghz Xeon/1GB Ram I am capturing spam so I know Declude is working. Issue 1. I hold on weigth100 and on weight350 I do a copyfile d:\imail\spool\spam\weight350. I see several emails in the normal hold directory with a weight higher then 350 that should have been saved in the weight350 directory Also the emails in the weight350 directory does not have ANY declude headers? Weigth350 header: eceived: from 64.95.220.80 [211.221.13.162] by deepspace.i360.net (SMTPD32-8.14) id A02C2900C6; Wed, 15 Dec 2004 21:25:32 -0600 Received: from dotcool.com ([142.67.185.186]) by infinite.audioseek.com (InterMail vK.4.04.00.00 583-722-824 license 9jh638vy1934o4xw8h8ozi6348a0igq4) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 05 Dec 2003 15:08:11 +0200 Date: Fri, 05 Dec 2003 15:09:11 +0200 From: Jodi Luna [EMAIL PROTECTED] Subject: our discussion on december 21th To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit Weight100 Header Received: from outmail-01.supplyleadb.com [209.216.105.34] by deepspace.i360.net (SMTPD32-8.14) id A0519B0146; Wed, 15 Dec 2004 22:34:25 -0600 From: Family Pictures [EMAIL PROTECTED] Subject: Something the whole family can enjoy...a free Panasonic Camcorder To: [EMAIL PROTECTED] MIME-Version: 1.0 Date: Wed, 15 Dec 2004 23:33:36 EST Message-ID: q7AA1,[EMAIL PROTECTED] X-Mailer: 3.2.2-23 [Dec 14 2004, 19:36:15] Content-Type: text/html; charset=us-ascii; class-id=1:311TXBIMpInmBEs1BI131sYMp1:1787079 Content-Transfer-Encoding: 7bit X-Spam-Status: Possible SPAM, hits=8.00 required=5.00 tests=BAYES_80:2.20 tests=HTTP_WITH_EMAIL_IN_URL:1.60 tests=NAI_BAD_URI:4.20 X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?209.216.105.34; X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18575; X-RBL-Warning: AHBL: 1100493921 bruns - Spam Source - 209.216.105.0/24 - demandconnection.com, SubscriberBASE, animateddeliverye.com X-RBL-Warning: FIVETEN-SPAMSUPPORT: added 2003-05-30; spam support - hosting admanmail, emailbucks X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from stderr.supplyleadb.com, a potential spam source listed in MAILPOLICE-BULK. X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found. X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8008000e]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: EFFILTER: Message failed EFFILTER test (line 1, weight 0) X-RBL-Warning: EFFILTER5-9: Message failed EFFILTER5-9 test (line 4, weight 40) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 400, weight 60) (weight capped at 60) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 57. X-RBL-Warning: WEIGHT75: Weight of 438 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [209.216.105.34] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, SBL, AHBL, FIVETEN-SPAMSUPPORT, MAILPOLICE-BULK, SUBJECTSPACES7, NOLEGITCONTENT, BADHEADERS, IPNOTINMX, EFFILTER, EFFILTER5-9, GIBBERISH, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [438] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from outmail-01.supplyleadb.com ([209.216.105.34]). Issue 2. I did recive an email in my inbox with no Declude headers. Any idea why? Received: from host44.200-45-196.telecom.net.ar [200.45.196.44] by deepspace.i360.net (SMTPD32-8.14) id AE1E20032; Wed, 15 Dec 2004 21:16:46 -0600 Received: from .striker.ottawa.on.ca ([101.154.58.194] helo=mail.nitros5.org) by .striker.ottawa.on.ca with esmtp ( 3.35 #1 ()) id 450nlc-0078MM-00 for [EMAIL PROTECTED]; Thu, 16 Dec 2004 17:07:25 -0200 Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Date: Thu, 16 Dec 2004 21:13:25 +0200 From: Deena Sumner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: You Need This Heimir X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892) X-RCPT-TO: [EMAIL PROTECTED] Status: R X-UIDL: 397200679 I did search the declude log file for [EMAIL PROTECTED] but could not find anything.. R. Scott Perry wrote: I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. What do the IMail and Declude log files show for the E-mail?What version of IMail are you running? What version of Declude are you running? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail
