Re: [Declude.JunkMail] No one at Declude?

is on to the next domain. -------- From: Darin Cox [mailto:dc...@4cweb.com] Sent: Wednesday, April 17, 2013 12:23 PM To: Declude.JunkMail@declude.com Subject: [SPAM]- Score (19)Re: [Declude.JunkMail] No one at Declude? Not many IPs in that range in use yet according to SenderBase, but th

Re: [Declude.JunkMail] No one at Declude?

Not many IPs in that range in use yet according to SenderBase, but those that are are very bad. We’ve been seeing a lot of spam traffic where SenderBase didn’t have any measurements on the IP yet that we were seeing, but had a number of others in the same subnet... all bad. Darin. From: Katie

Re: [Declude.JunkMail] No one at Declude?

)541-9338 From: Darin Cox [mailto:dc...@4cweb.com] Sent: Wednesday, April 17, 2013 10:52 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? There are a lot of new spam nets that have just been turned up over the past few days. Volumes more than doubled for

Re: [Declude.JunkMail] No one at Declude?

There are a lot of new spam nets that have just been turned up over the past few days. Volumes more than doubled for us, with a lot slipping through. We’ve added quite a few class Cs to our firewall blocks this week as we see new ones light up that are entirely owned by a spammer. That’s helped c

Re: [Declude.JunkMail] why have spam scores jumped?

eded. So for now, I'm still stuck. -Original Message- From: Darin Cox Sent: Friday, March 15, 2013 11:11 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? Hi Ben, You'll want to set up at least two DNS servers for that. One recursive f

Re: [Declude.JunkMail] why have spam scores jumped?

Hi Ben, You'll want to set up at least two DNS servers for that. One recursive for mail server lookups, most likely on the mail server. The DNS service on the mail server should not be publicly accessible. The other non-recursive DNS server can be used as your nameserver and, of course, publicl

Re: [Declude.JunkMail] NJABL Shut Down

Appreciate the heads up, Andy! Darin. From: Andy Schmidt Sent: Tuesday, March 05, 2013 11:09 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] NJABL Shut Down March 1, 2013: NJABL is in the process of being shut down. The DNSBL zones have been emptied. After "the Internet" has ha

Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff

Hi Ben, Spam only to a server that no longer has MX records pointing to it isn’t really a surprise. Spammers have been known to cache MX records and continue to spam them long after an MX record is changed. The rationale behind that may be to bypass spam filtering gateways that have placed in fr

Re: [Declude.JunkMail] Joe Jobs

Hi Dave, A firm SPF policy generally does help, but it depends on the receiving servers implementing SPF in order to block messages that violate your SPF policy. Aside from that and filtering that blocks any original included message content, there's nothing I know of that can stop bounces and re

Re: [Declude.JunkMail] abused whitelist?

Hi Andy, He sent it to the Declude Junkmail list, of which you are a member. However, the list is pretty much defunct. Declude switched to online forums years ago, which effectively killed the list. Darin. -Original Message- From: andyb@thumpernet Sent: Monday, October 22, 2012 6:03 PM

Re: [Declude.JunkMail] Dealing with Joe Jobs?

uot;no such user here" response and disconnects. No mail is actually delivered. At least that is my interpretation (from the log files) as to what's happening. I suspect this has been going on for months with the one domain. -Original Message- From: Darin Cox [mailto:dc...@4cweb.com

Re: [Declude.JunkMail] Dealing with Joe Jobs?

Hi Dave, We see this occasionally, and SPF does help a little, but SPF is often not enforced, so it's more valuable for self-addressed spam than anything else... and many senders violate their own SPF policy. Deleting your MX doesn't help since the bounces are coming from all over, not from the s

Re: [Declude.JunkMail] error 0xC0000142 smtp.exe

No, that's typical. We have a script scheduled to delete them every day. It seems the sniffer script doesn't always delete them... probably Declude still has a lock on the file, so it can be read, but not changed or deleted. We monitor our spool and overflow directories, and when thresholds (b

Re: [Declude.JunkMail] How do you read the Inv-Uribl log file?

We've seen this a lot with Inv-URIBL. You can patch it somewhat by putting in a counterweight for Inv-URIBL when it crashes. There is a small set of scores to adjust for. Darin. - Original Message - From: IMail Admin To: Declude.JunkMail@declude.com Sent: Friday, April 08, 2011 1:35

Re: [Declude.JunkMail] Idea for new Declude add-on

I agree. We see forging attacks like this periodically. While not every day, there's usually one every week, and when they hit, they hit hard. If we whitelisted or even negative-weighted addresses people sent to, when these attacks hit we would let through a ton of spam. We would _never_ consid

Re: [Declude.JunkMail] Fine tuning Declude

This is about 1/3 of the process to sync the servers. Then there's the processing of the file on the gateway to add/delete accounts as needed, and the minor Exchange config changes to accept mail from a subdomain. In our implementations, and due to often insufficient access/knowledge on the pa

Re: [Declude.JunkMail] Fine tuning Declude

Sorry guys, I meant to send this directly to Michael. Got distracted with other email and phone calls, and didn't check the address before sending. My apologies. Darin. - Original Message - From: Darin Cox To: declude.junkmail@declude.com Sent: Wednesday, May 12, 2010 10:

Re: [Declude.JunkMail] Fine tuning Declude

change so it is automatically added when an account is created. Anyway, if you have any interest, let me know. I know we wouldn't be able to survive if we were accepting email for any address in a domain, so I feel your pain. Best, Darin Cox 4C Web A division of 4C Design Technology Corp.

Re: [Declude.JunkMail] stop scanning after x points

Hi Bonno, You can alter the InvURIBL and Sniffer test definitions in your config to use Pete McNeil's WeightGate utility to conditionally run those tests. An example InvURIBL line is INV-URIBL external weight "C:\IMail\Declude\WeightGate\WeightGate.exe -100 %WEIGHT% 500 F:\IMail\Declude\INVURI

Re: Re[6]: [Declude.JunkMail] Cutting down on DNS

Hi Michael, I'm using Windows 2003 DNS server as well, and have had no trouble with it at all. There are some advantages to Simple DNS when it comes to integration and replication of an entire server, but I've made up those deficiencies with scripting around the DNSCMD utility in the Windows S

Re: [Declude.JunkMail] Whitelisting Bug?

Hi Mark, Are you certain the user does not have their own address in their webmail address book? This looks like a typical problem where users have their own email address in the address book. Removing their email address and explaining to them why they should avoid putting in their own addre

Re: [Declude.JunkMail] Enforce spf record for one domain

Setting and SPF policy will do what you want. If you set up the SPF TEXT record in DNS for your domain to specify that mail sent from your domain should only come from your servers, and set the weight of SPFFAIL in Declude to at least your hold weight, then you should be able to filter. The on

Re: [Declude.JunkMail] BackScatter

p...@declude.com] On Behalf Of Darin Cox Sent: Saturday, May 16, 2009 7:33 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] BackScatter Todd, you might want to check SenderBase. We had a similar issue a month ago. SenderBase had recorded a number of backscatter messages fr

Re: [Declude.JunkMail] BackScatter

Todd, you might want to check SenderBase. We had a similar issue a month ago. SenderBase had recorded a number of backscatter messages from a private list we host that often gets attacked by spammers. The unauthorized access notices that were sent back were seen as backscatter by SenderBase a

Re: [Declude.JunkMail] website design service spam emails

Sample headers would help in determining a way to filter these. Also, do you use Message Sniffer? Darin. - Original Message - From: "Craig Edmonds" To: Sent: Thursday, February 19, 2009 3:16 AM Subject: [Declude.JunkMail] website design service spam emails Okay. I am starting to

Re: [Declude.JunkMail] What about a TOFILE

It's possible to accomplish this now using per address configs, though that would be configured in the $default$.junkmail instead of a separate test definition as you would normally do. To outline this process: - Add a redirect line to the $default$.junkmail for each address you want to handle

Re: [Declude.JunkMail] create a TODOMAIN file

Hi Craig, While it's not a whitelist, you could use the fromfile test with a high negative weight to achieve your goal. We have a tiered set of tests that work similar to this: FROMWHITELIST_LOWfromfile\fromwhitelist_low.txt-100 0 FROMWHITELIST_MEDfromfile\fromwhitelist

Re: [Declude.JunkMail] Spam

check. WHITELIST AUTH is used for user authentication. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, December 03, 2008 2:58 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Spam WHITELIST AUTH can whitelist

Re: [Declude.JunkMail] Spam

WHITELIST AUTH can whitelist such spam if the user has their own address in their webmail address book. This is the one drawback with WHITELIST AUTH. It would be nice to be able to use this but exempt the user's address from the whitelist. Darin. - Original Message - From: "Todd Ric

Re: [Declude.JunkMail] Blacklist Based on TO Address?

\.doc\.exe) William Stillwell Systems Architect Professional Staffing-ABTS,Inc d/b/a Able Body Labor ph. 727.724.2610 fx. 727.724.2680 cl. 727.638.6208 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, October 30, 2008 9:4

Re: [Declude.JunkMail] Blacklist Based on TO Address?

Instead of blacklisting, why not just create a TO/SUBJECT filter that adds a large weight. That would serve the same purpose as blacklisting. Darin. - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Thursday, October 30, 2008 9:02 AM Subject: RE: [Declude.JunkMa

Re: [Declude.JunkMail] Negative Weight an IP

Any server sending mail should have REVDNS. Darin. - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, October 23, 2008 3:30 PM Subject: RE: [Declude.JunkMail] Negative Weight an IP Sandy, I guess that was a question that was on my mind. We've never ha

Re: [Declude.JunkMail] Negative Weight an IP

You can either fix your DNS so the web server doesn't fail the REVDNS check, or add WHITELIST IP without the <> to your Declude config, or both. Darin. - Original Message - From: "Todd Richards" <[EMAIL PROTECTED]> To: Sent: Thursday, October 23, 2008 1:49 PM Subject: [Declude.Jun

Re: Re[6]: [Declude.JunkMail] DNS Changes

I have to say I also agree with Sandy. While recommending a free external DNS solution like OpenDNS is an easy fix for many less technical customers, as Sandy has pointed out it is not the best solution. 1. The customer has no control over its availability. With a free external DNS solution t

Re: [Declude.JunkMail] Re:Declude vs Perry (ES)

m: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, September 09, 2008 2:03 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Re:Declude vs Perry (ES) Did he keep a copy of the code, or did he just use libraries he developed through the years,

Re: [Declude.JunkMail] Re:Declude vs Perry (ES)

Did he keep a copy of the code, or did he just use libraries he developed through the years, as all programmers do, that he used for all of his programming? It's not possible to tell that without an in-depth review of source code for both products. Also, bear in mind that programmers tend to d

Re: [Declude.JunkMail] Command Line Scanner - Help!

Hi Kathy, Here is what I posted a week ago. Works for us...with no excessive CPU load. However, it sounds like your problems are a deeper configuration issue since you mention multiple scanners allowing viruses through. Assuming the default locati

Re: [Declude.JunkMail] form spam filter

ion program to get right. CAPTCHA's on the other hand are a burden for legitimate users, and their utility will likely disappear in time, whereas these other methods are neither a burden, nor are they likely to cease being effective. That's my take on it. Matt Darin Cox wrote:

Re: [Declude.JunkMail] form spam filter

s assumes that a person would take significantly more time to fill a form than a program, even if it is a keystroke generator From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, April 09, 2008 11:54 AM To: declude.junkmail@declude.com Subject: Re: [Decl

Re: [Declude.JunkMail] form spam filter

Matt, I did understand. What I'm saying is that it doesn't always work. To clarify, in addition to less sophisticated automated form fillers that would fill out all fields, there are also more sophisticated ones that use keystroke generators to fill out forms. I just saw one in the public do

Re: [Declude.JunkMail] form spam filter

;t hinder your visitors with CAPTCHAs. It's not like there isn't code being used by spammers elsewhere that read CAPTCHA's anyway, though I suspect that the current form spammers are not doing that right now. Matt Darin Cox wrote: Hi Matt, Some do, some don

Re: [Declude.JunkMail] form spam filter

d by spammers elsewhere that read CAPTCHA's anyway, though I suspect that the current form spammers are not doing that right now. Matt Darin Cox wrote: Hi Matt, Some do, some don't. I've seen both methods used on some customer sites. Setting session variables on the for

Re: [Declude.JunkMail] form spam filter

indest Regards Craig Edmonds 123 Marbella Web Design in Spain W: www.123marbella.net From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: 09 April 2008 15:09 To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] form spam filter Hi Matt, Some do, some do

Re: [Declude.JunkMail] form spam filter

script silently reject a submission that has a URL in it. RegEx would be required in both JavaScript and the ASP or whatever code to do the URL checking. As far as I know, this seems to work perfectly, but setting session variables on the form page doesn't do a damn thing. Matt Darin Cox wro

Re: [Declude.JunkMail] form spam filter

Since forms all use different emailers, and the form content is different as well, your only hope is content filtering based on what the spammer submitted... like SURBL filtering or REGEX on the spammer submission. These days, web-based form processing pages should minimally check that the refe

Re: [Declude.JunkMail] Forged-Spam Backscatter

Hi Kevin, This doesn't have anything to do with incoming mail servers, only outgoing. Also, there should be just one SPF record per domain. So assuming you send mail for myriadnetwork.com as well, and either domain can send outbound mail through any of the servers listed in the MX records for bot

Re: [Declude.JunkMail] why isn't this message deleted

l messages. Thanks, Ben - Original Message - From: Darin Cox To: declude.junkmail@declude.com Sent: Tuesday, February 26, 2008 1:19 PM Subject: Re: [Declude.JunkMail] why isn't this message deleted I don't believe it will work that way for you. Forwarded messa

Re: [Declude.JunkMail] why isn't this message deleted

are coming from. Thanks, Ben - Original Message - From: Darin Cox To: declude.junkmail@declude.com Sent: Monday, February 25, 2008 3:34 PM Subject: Re: [Declude.JunkMail] why isn't this message deleted Yes, it will work. However, I think you'll want the delete

Re: [Declude.JunkMail] why isn't this message deleted

Yes, it will work. However, I think you'll want the delete setting put on inbound messages rather than outbound. In other words, do the scanning and actions on the inbound message to that account, before it is forwarded to the other account. You'll also want to be careful that you're not dele

Re: [Declude.JunkMail] Indicate msg size in header on an authenticated whitelisted

Hmmm... well, if externals do run, then a message rewriter (to insert the header line) could be launched an a Declude test. Darin. - Original Message - From: "John T (lists)" <[EMAIL PROTECTED]> To: Sent: Thursday, January 24, 2008 12:58 PM Subject: RE: [Declude.JunkMail] Indicate msg

Re: [Declude.JunkMail] Indicate msg size in header on an authenticated whitelisted

Slammed... I did have your message saved to reply, just hadn't had time. Since Declude's whitelisting bypasses any tests, an external test won't work. So, it appears you would need to write a plug-in that is called by IMail, and then chains to Declude after rewriting the message. It might als

Re: [Declude.JunkMail] Per-User Blacklist

Hi Dean, We do limited per domain configs (from a set of choices, so it is not completely custom per domain), but not per user, and have never seen a need to go to the user level. Maintenance of that would be a nightmare as any change to the master list of tests run or weights involved would r

Re: [Declude.JunkMail] Postmaster Spoofed Returns

l] Postmaster Spoofed Returns I suppose the detection of "any remnants of the original spam" is going to be a manual process...correct? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, September 27, 2007 9:08 AM To: declu

Re: [Declude.JunkMail] Postmaster Spoofed Returns

SPF can help a bit, if the receiver of the spoofed emails uses SPF for filtering and does not bounce on SPF violation. We've been able to limit the bounces that get through so far to just a few, mostly through detection of any remnants of the original spam in the bounce. Darin. - Original

Re: [Declude.JunkMail] Per User config redirecting

Hi Bill, No gotchas that I can think of. We've been using that kind of config for a couple of years now. You can redirect for an email address by specifying the email address on the REDIRECT line You can redirect for a domain by specifying "@example.com" (replace example.com with your domain

Re: [Declude.JunkMail] SPF (Fail or Pass)

Only SPFFAIL is recommended, as spammers may have SPF records. Also, since many organizations are not using SPF, SPFUNKNOWN is not useful. Here's how you declare it in your GLOBAL.CFG SPFFAILspffailx0 I find that SPF is very useful, if for no other reason than to block spam

Re: [Declude.JunkMail] Interesting Spam

I use a command line tool from www.whoisview.com that works well for both domains and IP blocks. Occasionally I run into a domain that doesn't resolve, but when that happens I also have trouble from registrar sites like netsol and godaddy. www.freewho.com generally works well, though. Darin.

Re: [Declude.JunkMail] New PDF worm?

I whipped this up mid afternoon, and it's catching them for us. An earlier version this morning didn't catch the entire campaign. - MINWEIGHTTOFAIL 23 SKIPIFWEIGHT 250 REVDNS END ENDSWITH .smarsh.com HEADERS 10 CONTAINS X-Mailer: Microsoft Outlook Expres

Re: [Declude.JunkMail] Spam Increase?

9.4% of the Storm botnet messages are reaching our DELETE weight and not needing to be virus scanned. I attribute the relative 10% increase over last week to the change in volume. The following chart shows the effect on an 8 core server: Matt Darin Cox wrote: We've saw about

Re: [Declude.JunkMail] Spam Increase?

I think we started seeing it last Saturday... pretty constant since then. Fortunately it's almost entirely being caught so our customers are not seeing it. Darin. - Original Message - From: "John T (lists)" <[EMAIL PROTECTED]> To: Sent: Friday, August 03, 2007 6:19 PM Subject: RE: [D

Re: Re[2]: [Declude.JunkMail] Spam Increase?

We've saw about a 15% increase a few days ago, and it has stayed there. Bandwidth increase was significantly more than that, though. Took our primary mail server from 20-40% cpu to 50-80%. We just upgraded last night to deal with it. Darin. - Original Message - From: "Pete McNeil"

Re: [Declude.JunkMail] Zip files

Sure. You could create a Declude combo filter like that. Put a size test before the custom filter in your global.cfg, add the tests the message fails to incoming message headers, and in the custom combo filter look for the size test failure warning in the headers, and look for the zip file in

Re: [Declude.JunkMail] Fidelity Independent Adviser

We had one that was definitely an FP last week. Submitted and received a response that the rule had already been removed. Darin. - Original Message - From: "John T (lists)" <[EMAIL PROTECTED]> To: Sent: Wednesday, July 18, 2007 9:03 PM Subject: [Declude.JunkMail] Fidelity Independent

Re: [Declude.JunkMail] frustration

We're running pretty well... catching somewhere between 99.7% and 99.9% of incoming spam. Declude 2.0.6 (waiting on Imail 2006 to stabilize before upgrading to the latest version) on IMail 8.22, along with Sniffer and invURIBL. Darin. - Original Message - From: "Uwe Degenhardt" <[E

Re: [Declude.JunkMail] Re: PDF spam detection

n)*Content-Type: application/pdf; Note that I have not tested this, but the code is in fact fairly simple and it should work. Matt Darin Cox wrote: So far all that I've seen have a blank body with the pdf attachment. Anyone have any ideas as to how to test for a blank body, or one w

[Declude.JunkMail] Re: PDF spam detection

So far all that I've seen have a blank body with the pdf attachment. Anyone have any ideas as to how to test for a blank body, or one with only whitespace characters? The new PCRE function can do it, but we're still on 2.0.6 at the moment, waiting until IMail 2006.21 comes out and passes testin

Re: Re[4]: [Declude.JunkMail] Using Footer32 in per domain configuration

Excellent practice. I should have thought to look. Appreciate it, Sandy! Darin. - Original Message - From: "Sanford Whiteman" <[EMAIL PROTECTED]> To: "Darin Cox" Sent: Wednesday, June 27, 2007 4:29 PM Subject: Re[4]: [Declude.JunkMail] Using Footer32 in

Re: [Declude.JunkMail] New PDF worm?

Hi David, What's the CB-ATTACH.txt filter? Darin. - Original Message - From: David Barker To: declude.junkmail@declude.com Sent: Wednesday, June 27, 2007 11:24 AM Subject: RE: [Declude.JunkMail] New PDF worm? Yes I am seeing the same thing although when I run the pdf through a viru

Re: [Declude.JunkMail] New PDF worm?

Yep. Darin. - Original Message - From: SJ.Stanaitis To: declude.junkmail@declude.com Sent: Wednesday, June 27, 2007 11:17 AM Subject: [Declude.JunkMail] New PDF worm? I'm getting gobs of PDF's snagged in my antispam filter, they're not triggering any AV yet, anyone else seeing this

Re: Re[2]: [Declude.JunkMail] Using Footer32 in per domain configuration

AIL PROTECTED]> To: "Darin Cox" Sent: Tuesday, June 26, 2007 11:03 PM Subject: Re[2]: [Declude.JunkMail] Using Footer32 in per domain configuration > I found the problem. It seems there is an additional undocumented > command line switch that needs to be added to the

Re: [Declude.JunkMail] Using Footer32 in per domain configuration

use this ADDFOOTER external nonzero "f:\imail\declude\footer32.exe -oo %INOROUT% -yf f:\imail\declude\footer_%LOCALHOST%.txt -f" 0 0 and it works fine, where footer_example.com.txt is the text file containing the footer for the domain example.com. Darin. - Original Message --

Re: [Declude.JunkMail] Using Footer32 in per domain configuration

e.JunkMail] Using Footer32 in per domain configuration Darin- I had to #DOMAINWHITELISTSOFF # turned off prewhitelist for footer32 5/12/7 #PREWHITELIST ON Maybe a couple of other Global settings as well I can't quite remember. Jay -Original Message----- From: &quo

[Declude.JunkMail] Using Footer32 in per domain configuration

Anyone using Sandy's footer32 in a per domain configuration? I tried a few variations and haven't been able to get it to work. Here's the GLOBAL.CFG line I'm using: ADDFOOTER external nonzero "f:\imail\declude\footer32.exe -oo %INOROUT% -yf f:\imail\declude\footer_%LOCALHOST%.txt" 0 0 Howeve

Re: [Declude.JunkMail] PCRE and REVDNS

How about adding it to the downloads section? That seems easier than dealing with a lot of individual requests. Darin. - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Tuesday, June 19, 2007 10:42 AM Subject: RE: [Declude.JunkMail] PCRE and REVDNS Email me di

Re: [Declude.JunkMail] More accidental whitelisting

There is a conversion tool that comes with IMail 2006 to convert address books. The new address books are stored in an access database. Darin. - Original Message - From: J Porter To: declude.junkmail@declude.com Sent: Tuesday, June 05, 2007 10:46 AM Subject: Re: [Declude.JunkMail] M

Re: [Declude.JunkMail] More accidental whitelisting

Hi Ben, I agree that Declude should detect the IMail version, but I can imagine an argument for continuing to process the aliases.txt, where a recent conversion has taken place, and address book conversion has not fully been completed. So, I guess I see this as more of an IMail conversion issue

Re: [Declude.JunkMail] accidental whitelisting

ver see or know about BCC recipients. The headers just show the message addressed to me, with the from line from me, but with someone else's IP address. It's probably the oldest spam trick in the book to just forge the >From line. Ben - Original Message - From: Darin

Re: [Declude.JunkMail] accidental whitelisting

Anyone on the BCC line? If there's an address there that is being whitelisted, then the entire email gets whitelisted to all recipients. Darin. - Original Message - From: Imail Admin To: declude.junkmail@declude.com Sent: Friday, May 25, 2007 9:01 AM Subject: Re: [Declude.JunkMail]

Re: [Declude.JunkMail] accidental whitelisting

I've always thought that was silly. I would think your own address should always be excluded from whitelisting. When would email from yourself to yourself be filtered such that it would need whitelisting? Darin. - Original Message - From: Scott Fisher To: declude.junkmail@declude.c

Re: [Declude.JunkMail] OT: server monitoring

We monitor from multiple locations... from within the datacenter and from the office. While we get double the notifications in the event of a failure, the complete redundancy avoids any common failure points. As a side benefit, monitoring from the office tells us when our office internet conne

Re: [Declude.JunkMail] all_list.dat ?

This is too tempting... Darin. - Original Message - From: "John T (lists)" <[EMAIL PROTECTED]> To: Sent: Thursday, May 17, 2007 3:31 PM Subject: RE: [Declude.JunkMail] all_list.dat ? I think we all fully understand that now Andrew. John T > -Original Message- > From: [EMAIL

Re: [Declude.JunkMail] Header Information Util...

. I want to bypass this, and pull the data directly. Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, May 14, 2007 8:15 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Header Information Util... Lo

Re: [Declude.JunkMail] Header Information Util...

are from a range of times/dates, and they're on an Exchange server. I'd have to know what SMTP ID's I was looking for in the logs, which I'd need from the email header information, etc etc... Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

Re: [Declude.JunkMail] Header Information Util...

Why don't you use the mail server log files instead. Much easier to parse, and tools like Grep and Sawmill can be used to do it. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 5:45 PM Subject: [Declude.JunkMail] H

Re: [Declude.JunkMail] PCRE

e only software company in the world to have issues and then make customers wait a year and a half for a solution, I guess one consolation is we don't charge you as much to do so :) David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Co

Re: [Declude.JunkMail] PCRE

For those on IMail, the focus right now is probably on getting a stable and fully functional mail server again. IMail 2006.21 preview 1 was just released to hopefully address most, if not all, of the problems with 2006, but it was just posted that those with virtual domains should wait for preview

Re: [Declude.JunkMail] lot's of legit mailservsr in spamdatabases

Yeah, UCEPROTECT in particular seems to have added a lot of major ISPs recently. We started counterweighting ISPs by REVDNS, but we were spending too much time doing that, so we reduced the weight of the UCEPROTECT1 and UCEPROTECT2 tests. Darin. - Original Message - From: Bonno Bloksm

Re: [Declude.JunkMail] hotmail mailservers in several spamdatabases

We have counterweight filter files for all of our higher weight tests. For example, if hotmail ifs failing SORBS-SPAM across the board and we decide to exempt them from that test, then we'll add a REVDNS test to the counterweight file for SORBS-SPAM. This way we can effectively turn tests on o

Re: [Declude.JunkMail] AUTOWHITELIST Question....

Just the individual's account. One thing that does sometimes happen, though, is that the user puts their own address in their webmail address book. So, anything that forges that person's address when sending to them gets through. Something for the user FAQ... Darin. - Original Message ---

Re: [Declude.JunkMail] Whitelist weirdness

We see that a lot... where the user has their own email address in their webmail contacts, which results in any spam sent to them that forges their email address coming through. Darin. - Original Message - From: "Robert Grosshandler" <[EMAIL PROTECTED]> To: Sent: Friday, March 09, 2007

Re: [Declude.JunkMail] OT: SPF record question

an that SPF is impractical for anyone not strictly using webmail? To me it implies that to cover all bases you would have to have in your SPF string "?all" and there would be no way to make it stricter than that, other than to force all your users to use webmail and not Outlook. Gary --

Re: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question

t; > will be their home connection. That being the case, unless > > your users are strictly using webmail, your SPF record should > > show no enforcement otherwise all the non-webmail messages > > will get blocked. To me this indicates that SPF doesn't help > >

Re: [Declude.JunkMail] disable subject line warning on one email account

Not a rule, but either a domain-level or user-level config to change the WARN action to IGNORE. Darin. - Original Message - From: Craig Edmonds To: declude.junkmail@declude.com Sent: Friday, February 16, 2007 6:33 AM Subject: [Declude.JunkMail] disable subject line warning on one ema

Re: [Declude.JunkMail] Re: Documentation

itmask 1 "ESPAM" 8 0 ESPAM-PHISH bitmask 2 "ESPAM" 4 0 ESPAM-BULK bitmask 4 "ESPAM" 6 0 Darin. - Original Message - From: Darin Cox To: Darin Cox ; [EMAIL PROTECTED] ; Declude.JunkMail@declude.com Sent: Thursday, February 15, 2007 4:37 PM

[Declude.JunkMail] Re: Documentation

Hi David, Any progress on the documentation? Darin. - Original Message - From: Darin Cox To: [EMAIL PROTECTED] ; Declude.JunkMail@declude.com Sent: Tuesday, February 13, 2007 2:54 PM Subject: Re: Documentation Hi David, Any progress on revising the documentation? I noticed I

Re: [Declude.JunkMail] dns attacks today

DNSStuff, > just not in a PR role. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Darin Cox > Sent: Wednesday, February 07, 2007 5:59 PM > To: declude.junkmail@declude.com > Subject: Re: [Declude.JunkMail] dns attacks tod

Re: [Declude.JunkMail] Manuals

for now - -Nick Darin Cox wrote: > Ugh. David B., can we get manuals back ASAP? PDFs that we can download and > save would be great so we can keep a reference in case something like this > happens again, our internet connection is down, etc. > > Darin. > > > - Origin

Re: [Declude.JunkMail] Manuals

Ugh. David B., can we get manuals back ASAP? PDFs that we can download and save would be great so we can keep a reference in case something like this happens again, our internet connection is down, etc. Darin. - Original Message - From: "Dean Lawrence" <[EMAIL PROTECTED]> To: Sent: F

Re: [Declude.JunkMail] Whitelist questions

Whitelist questionsI would suggest negative/counter weights instead of whitelists, but yes, you can have several lists for whitelisting or counterweighting purposes. Here's the general syntax for ip-based or from-address counterweighting. Adjust the file paths from these generic examples IPBL

Re: [Declude.JunkMail] dns attacks today

ott is still involved with DNSStuff, just not in a PR role. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, February 07, 2007 5:59 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] dns attacks today So where

  1   2   3   4   5   6   7   8   9   >