Kyle,
On a side note gamestrek . com has been getting
caught on SURBL multi for most of the day today. Doing URI lookup's
in the URI RBL's has been very effective for us
in catching a lot of the new spam campaigns.
Darrell
---Check out http://www
So it’s not just me getting it.
I thought maybe it was pay back for not betting enough when I play.
Gamestrek is the
biggest one I am seeing. Thanks
for the info didn’t know about British
Columbia.
Scott is the MAILFROM-IP.txt filter ok to
use since you did all the work? If it
thanks Scott,
This appears to have fixed the
issue.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott
FisherSent: Tuesday, August 24, 2004 5:47 PMTo:
Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Strange
filtering behavior
I believe there is a problem w
gambling, strip clubs, is BC the Nevada of
Canada?
- Original Message -
From:
Matt
To: Declude.JunkMail@declude.com
Sent: Friday, February 25, 2005 8:35
PM
Subject: Re: [Declude.JunkMail] casino
spam
If you do a lookup on ARIN, you will find that this netbloc
I'd picked 2525 before I really knew about
25.
What really irks me is that Imail has made no
provisions to accomodate a port 587. It can't be two hard to accomodate another
SMTP port... most of the code is that same as the port 25 code... This has been
an issue for over a year and no word
I'll forward to my network person. He talks Cisco
much better than I.
- Original Message -
From:
Matt
To: Declude.JunkMail@declude.com
Sent: Friday, February 25, 2005 6:49
PM
Subject: Re: [Declude.JunkMail] Spammed
on port 2525
Here's what I am using for a ma
If you do a lookup on ARIN, you will find that this netblock is
delegated by BChosting, which is a subdivision of AssertiveNetworks.
All of their IP space is treated as suspect by our system. You might
also note their address...Vancouver, British Columbia...
http://ws.arin.net/cgi-bin/wh
I added this to my ipfile today:
66.154.124.0/29 66.154.124.0/29 gamingpen.com added
02-25-05
gamingpen, playerjuice and gamestrek all .com.
Also in kind of a spammy neighborhood with several
SBL entries near:
66.154.111.0/24 66.154.111.0/24 agooba.com added
02-17-05 SBL1370966.
My thought is not directed at the issue
that Scott is having, but in general. How easy would it be for spammers to
start using 587 as well. That is my thought, to have a port whereby ONLY SMTP
AUTH connections can be made.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
SMTP AUTH on port 587 isn't required by the RFC...it just simply makes
a whole ton of sense in most setups. Considering that this is a
standard port, and it will most likely find its way through broadband
provider's blocks since it is reserved for this use and likely to be
restricted to authen
See my thoughts on the Imail forum on
587.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Friday, February 25, 2005 4:50 PM
To: Declude.JunkMail@declude.com
Sub
You can solve this problem by simply blacklisting British Columbia.
Seriously though, it's strange how much of this stuff comes from
there. In the penny stock world, this province also gained quite the
reputation for fraud in the past. I won't mention the strip clubs.
Andrew might be able t
Here's what I am using for a mail server located at 192.168.1.1 for
this example. IMail is configured to listen on port 587, but to the
outside world it appears as both port 25 and 587. Even though one
would think that you didn't have to NAT 587 to 587, in
this case you do because of the othe
On Friday, February 25, 2005, 6:11:58 PM, David wrote:
DB> Which can under certain circumstances be correct. If you had
DB> signed up with the website then declude is correct in identifying
DB> them as legitimate email. It is possible we could set up some
DB> additional filters to help with a s
On Friday, February 25, 2005, 5:50:45 PM, Glenn wrote:
GW> I've seen several kinds of spam increase in the last day.
We're seeing a new porn campaign, a new kiddie porn campaign, a
ramp-up of the current M$ software rip-off (media-theft) spam. We've
seen a bit of a pick-up in the casino stuff to
On Friday, February 25, 2005, 5:40:10 PM, Kyle wrote:
KF> Has anyone noticed in the past week an increase in casino, or party poker,
etc.. spam?
Yup.
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declu
I’ve actually noticed an increase
specifically in gambling site spam myself.
Paul Navarre
Has anyone noticed in the past week an increase in casino, or
party poker, etc.. spam?
Kyle
Which can under certain circumstances be correct.
If you had signed up with the website then declude is correct in
identifying them as legitimate email. It is possible we could set up some
additional filters to help with a specific type of Spam.
David B
www.declude.com
- Original Mes
What’s funny is I did sign up for an
account a couple of weeks ago and I still haven’t won. I did it for the
free set of poker chips.
That’s what I figured. It’s
strange everything will be going fine for a few weeks then for some reason we
get a small flood of something. Like casino.
Kyle,
When will you stop signing up for those
gambling sites, you know you can't win ? :)
No reported increase on our side.
David B
www.declude.com
- Original Message -
From:
Kyle Fisher
To: Declude.JunkMail@declude.com
Sent: Friday, February 25, 2005 5:40
PM
I've seen several kinds of spam increase in the
last day.
- Original Message -
From: Kyle Fisher
To: Declude.JunkMail@declude.com
Sent: Friday, February 25, 2005 4:40 PM
Subject: [Declude.JunkMail] casino spam
Has anyone noticed in the past week
an increase in casino, or party
Has anyone noticed in the past week an increase in casino,
or party poker, etc.. spam?
Kyle
I use port 2525 to bypass port 25 blocking for my
employees.
I was just checking my logs and I've been receiving
spam on port 2525
Can anyone share the necessary Cisco IOS commands to let the Cisco router
do port translation?
P.S. IOS isn't my primary language...
Goran and Scott... John probably hit the nail on the head. I was going
to make the same comment, actually.
Since you have the message, turn on HIGH or DEBUG level logging and send
the message to yourself.
I bet that there are other tests in that same filter file that are
triggered, and that the
Scott,
Since I do the editing on the filter files and I do not remember doing
this .
I have been doing a bunch of work on COMBO filters but not on tweaking
that filter. Now it is possible that I did tweak it and I do not
remember doing it but ...
I will ask around the office as well
I sent
Could it have been set to "body contains 12.." on 2/16 and subsequently
changed to "body contains 2.." sometime after the email was processes?
It's the only explanation that I can see...
- Original Message -
From: "Goran Jovanovic" <[EMAIL PROTECTED]>
To:
Sent: Friday, February 25, 2005
Disregard this post, hit the wrong button.
Darn keyboard virus.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> Sent: Friday, February 25, 2005
Yep, Dan is correct. I saw the first
line about whitelist which was a Imail SMTPD line and stopped there.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Horne
Sent: Fr
Not sure if I am missing something
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Goran Jovanovic
> Sent: Friday, February 25, 2005 7:44 AM
> To: Declude.JunkMail@declud
Remember, on a filter, the LAST hit is shown in the log, but there could be
other hits that are added to the total.
You would need to check the logs to see if there were other hits.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED
I will be out of the office starting 02/25/2005 and will not return until
02/28/2005.
I will respond to your message when I return.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscrib
Thanks! Deleting the hijack.cfg did it.
-Jeff
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ralph Krausse
Sent: Friday, February 25, 2005
11:20 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail]
Errors in virus log
In your global.cfg
Can you post the entire filter?
My copy of Kami's filter shows:
BODY 12 CONTAINS STRICTLY CONFIDENTIAL
- Original Message -
From: "Goran Jovanovic" <[EMAIL PROTECTED]>
To:
Sent: Friday, February 25, 2005 9:44 AM
Subject: [Declude.JunkMail] Body filter adding extra 10 points
Nope sorry,
FILTER-NIGERIAN-SCAMfilter
C:\IMail\Declude\Filters\Kami\Filter_Nigerian.txt X 0 0
Goran Jovanovic
The LAN Shoppe
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Heinrich Richter
> Sent
1. In the delcude folder if you are not running
Hijack rename the file hijack.cfg to hijack.bak
2. Open your global.cfg comment out the line CONSOLE
ON
David B
www.declude.com
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeff
FrantzSent: Friday, February 25, 2005 11:09
Can you post the line in your global.cfg file FILTER-NIGERIAN-SCAM I am
guessing you may have an extra 10 point being added there that should not
be. Lets have a look.
Thanks
David
www.declude.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jova
In your global.cfg and/or virus.cfg, you
have CONSOLE ON. Change that to # CONSOLE ON
to comment it out. Also delete hijack.cfg if are not running hijack.
Ralph
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Frantz
Sent: Friday, February 25, 2005
11
David,
4 e-mails with the same text failed.
This is what came back to me as part of the SpamAttach.eml file. Do you
need anything else?
Subject:RE: Governance Working Group Call
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: 16 Feb
Maybe the filtertest itself have an additional weight of 10?
Then there should be a line like
FILTER-NIGERIAN-SCAM filter c:\declude\nigerian.txt x 10 0
in your global.cfg
Heinrich
---
This E-mail was scanned for viruses by CAD-FEM GmbH
**
I’m using Declude v2.05 on Imail 8.15. I see the
below error for each message in the virus log.
02/25/2005 11:05:26 Q4cb81c81018c9f59 Couldn't find console;
starting... (2).
02/25/2005 11:05:26 Q4cb81c81018c9f59 Error starting
deccon.exe: 2
02/25/2005 11:05:28 Q4cb81c81018c9f59 Scann
Goran,
1. Do you have a copy of the actual email header ?
2. Is this Qbca31d68008ed51d the only test that failed ?
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Friday, February 25, 2005 10:44 AM
To: Declu
So it looks like BOTH Imail (via trusted addresses) and
Declude (via Autowhitelist) were whitelisting this
message.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin
CoxSent: Friday, February 25, 2005 9:32 AMTo:
Declude.JunkMail@declude.comSubject: Re: [Dec
Hi,
I am seeing very strange behaviour with one of my body filters.
These are the only three entries with STRICTLY CONFIDENTIAL:
BODY2 CONTAINSSTRICTLY CONFIDENTIAL
BODY20 CONTAINSSTRICTLY CONFIDENTIAL & URGENT
BODY20 CONTAINS
Hi John,
I think you missed a thread Doug and I
exchanged. He explained that he combined the IMail and Declude logs below
to show everything in regards to the message. The following two lines are
from his Declude logs showing that the message was whitelisted by
Declude:
02/22/2005 07:4
I’ll repost here what I posted on
the Imail list. The problem is within Imail, not Declude. Declude does not log
a line using SMTPD, Imail does. The line showing the whitelisting is a Imail
SMTPD line, end of story as far as Declude is concerned.
John Tolmachoff
Engineer/Consultant/
45 matches
Mail list logo