is on to the next domain.
--------
From: Darin Cox [mailto:dc...@4cweb.com]
Sent: Wednesday, April 17, 2013 12:23 PM
To: Declude.JunkMail@declude.com
Subject: [SPAM]- Score (19)Re: [Declude.JunkMail] No one at Declude?
Not many IPs in that range in use yet according to SenderBase, but th
Not many IPs in that range in use yet according to SenderBase, but those
that are are very bad.
We’ve been seeing a lot of spam traffic where SenderBase didn’t have any
measurements on the IP yet that we were seeing, but had a number of others
in the same subnet... all bad.
Darin.
From: Katie
)541-9338
From: Darin Cox [mailto:dc...@4cweb.com]
Sent: Wednesday, April 17, 2013 10:52 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] No one at Declude?
There are a lot of new spam nets that have just been turned up over the past
few days. Volumes more than doubled for
There are a lot of new spam nets that have just been turned up over the past
few days. Volumes more than doubled for us, with a lot slipping through.
We’ve added quite a few class Cs to our firewall blocks this week as we see
new ones light up that are entirely owned by a spammer. That’s helped c
eded.
So for now, I'm still stuck.
-Original Message-
From: Darin Cox
Sent: Friday, March 15, 2013 11:11 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] why have spam scores jumped?
Hi Ben,
You'll want to set up at least two DNS servers for that. One recursive f
Hi Ben,
You'll want to set up at least two DNS servers for that. One recursive for
mail server lookups, most likely on the mail server. The DNS service on the
mail server should not be publicly accessible. The other non-recursive DNS
server can be used as your nameserver and, of course, publicl
Appreciate the heads up, Andy!
Darin.
From: Andy Schmidt
Sent: Tuesday, March 05, 2013 11:09 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] NJABL Shut Down
March 1, 2013: NJABL is in the process of being shut down. The DNSBL zones
have been emptied. After "the Internet" has ha
Hi Ben,
Spam only to a server that no longer has MX records pointing to it isn’t
really a surprise. Spammers have been known to cache MX records and
continue to spam them long after an MX record is changed.
The rationale behind that may be to bypass spam filtering gateways that have
placed in fr
Hi Dave,
A firm SPF policy generally does help, but it depends on the receiving
servers implementing SPF in order to block messages that violate your SPF
policy.
Aside from that and filtering that blocks any original included message
content, there's nothing I know of that can stop bounces and re
Hi Andy,
He sent it to the Declude Junkmail list, of which you are a member.
However, the list is pretty much defunct. Declude switched to online forums
years ago, which effectively killed the list.
Darin.
-Original Message-
From: andyb@thumpernet
Sent: Monday, October 22, 2012 6:03 PM
uot;no such user here" response and disconnects. No mail is actually
delivered. At least that is my interpretation (from the log files) as to
what's happening.
I suspect this has been going on for months with the one domain.
-Original Message-
From: Darin Cox [mailto:dc...@4cweb.com
Hi Dave,
We see this occasionally, and SPF does help a little, but SPF is often not
enforced, so it's more valuable for self-addressed spam than anything
else... and many senders violate their own SPF policy.
Deleting your MX doesn't help since the bounces are coming from all over,
not from the s
No, that's typical. We have a script scheduled to delete them every day. It
seems the sniffer script doesn't always delete them... probably Declude still
has a lock on the file, so it can be read, but not changed or deleted.
We monitor our spool and overflow directories, and when thresholds (b
We've seen this a lot with Inv-URIBL. You can patch it somewhat by putting in
a counterweight for Inv-URIBL when it crashes. There is a small set of scores
to adjust for.
Darin.
- Original Message -
From: IMail Admin
To: Declude.JunkMail@declude.com
Sent: Friday, April 08, 2011 1:35
I agree. We see forging attacks like this periodically. While not every
day, there's usually one every week, and when they hit, they hit hard. If
we whitelisted or even negative-weighted addresses people sent to, when
these attacks hit we would let through a ton of spam.
We would _never_ consid
This is about 1/3 of the process to sync the servers. Then there's the
processing of the file on the gateway to add/delete accounts as needed, and the
minor Exchange config changes to accept mail from a subdomain.
In our implementations, and due to often insufficient access/knowledge on the
pa
Sorry guys, I meant to send this directly to Michael. Got distracted with
other email and phone calls, and didn't check the address before sending.
My apologies.
Darin.
- Original Message -
From: Darin Cox
To: declude.junkmail@declude.com
Sent: Wednesday, May 12, 2010 10:
change so it is
automatically added when an account is created.
Anyway, if you have any interest, let me know. I know we wouldn't be able to
survive if we were accepting email for any address in a domain, so I feel your
pain.
Best,
Darin Cox
4C Web
A division of 4C Design Technology Corp.
Hi Bonno,
You can alter the InvURIBL and Sniffer test definitions in your config to use
Pete McNeil's WeightGate utility to conditionally run those tests.
An example InvURIBL line is
INV-URIBL external weight "C:\IMail\Declude\WeightGate\WeightGate.exe -100
%WEIGHT% 500 F:\IMail\Declude\INVURI
Hi Michael,
I'm using Windows 2003 DNS server as well, and have had no trouble with it
at all. There are some advantages to Simple DNS when it comes to
integration and replication of an entire server, but I've made up those
deficiencies with scripting around the DNSCMD utility in the Windows S
Hi Mark,
Are you certain the user does not have their own address in their webmail
address book?
This looks like a typical problem where users have their own email address
in the address book. Removing their email address and explaining to them
why they should avoid putting in their own addre
Setting and SPF policy will do what you want.
If you set up the SPF TEXT record in DNS for your domain to specify that
mail sent from your domain should only come from your servers, and set the
weight of SPFFAIL in Declude to at least your hold weight, then you should
be able to filter.
The on
p...@declude.com] On Behalf Of Darin Cox
Sent: Saturday, May 16, 2009 7:33 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] BackScatter
Todd, you might want to check SenderBase. We had a similar issue a month ago.
SenderBase had recorded a number of backscatter messages fr
Todd, you might want to check SenderBase. We had a similar issue a month ago.
SenderBase had recorded a number of backscatter messages from a private list we
host that often gets attacked by spammers. The unauthorized access notices
that were sent back were seen as backscatter by SenderBase a
Sample headers would help in determining a way to filter these. Also, do
you use Message Sniffer?
Darin.
- Original Message -
From: "Craig Edmonds"
To:
Sent: Thursday, February 19, 2009 3:16 AM
Subject: [Declude.JunkMail] website design service spam emails
Okay.
I am starting to
It's possible to accomplish this now using per address configs, though that
would be configured in the $default$.junkmail instead of a separate test
definition as you would normally do.
To outline this process:
- Add a redirect line to the $default$.junkmail for each address you want to
handle
Hi Craig,
While it's not a whitelist, you could use the fromfile test with a high
negative weight to achieve your goal. We have a tiered set of tests that work
similar to this:
FROMWHITELIST_LOWfromfile\fromwhitelist_low.txt-100
0
FROMWHITELIST_MEDfromfile\fromwhitelist
check. WHITELIST AUTH is used for
user authentication.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin
Cox
Sent: Wednesday, December 03, 2008 2:58 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Spam
WHITELIST AUTH can whitelist
WHITELIST AUTH can whitelist such spam if the user has their own address in
their webmail address book. This is the one drawback with WHITELIST AUTH.
It would be nice to be able to use this but exempt the user's address from
the whitelist.
Darin.
- Original Message -
From: "Todd Ric
\.doc\.exe)
William Stillwell
Systems Architect
Professional Staffing-ABTS,Inc
d/b/a Able Body Labor
ph. 727.724.2610
fx. 727.724.2680
cl. 727.638.6208
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin
Cox
Sent: Thursday, October 30, 2008 9:4
Instead of blacklisting, why not just create a TO/SUBJECT filter that adds a
large weight. That would serve the same purpose as blacklisting.
Darin.
- Original Message -
From: "David Barker" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 30, 2008 9:02 AM
Subject: RE: [Declude.JunkMa
Any server sending mail should have REVDNS.
Darin.
- Original Message -
From: "Todd Richards" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 23, 2008 3:30 PM
Subject: RE: [Declude.JunkMail] Negative Weight an IP
Sandy, I guess that was a question that was on my mind. We've never ha
You can either fix your DNS so the web server doesn't fail the REVDNS check,
or add
WHITELIST IP
without the <> to your Declude config, or both.
Darin.
- Original Message -
From: "Todd Richards" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 23, 2008 1:49 PM
Subject: [Declude.Jun
I have to say I also agree with Sandy. While recommending a free external
DNS solution like OpenDNS is an easy fix for many less technical customers,
as Sandy has pointed out it is not the best solution.
1. The customer has no control over its availability. With a free external
DNS solution t
m: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Tuesday, September 09, 2008 2:03 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Re:Declude vs Perry (ES)
Did he keep a copy of the code, or did he just use libraries he developed
through the years,
Did he keep a copy of the code, or did he just use libraries he developed
through the years, as all programmers do, that he used for all of his
programming? It's not possible to tell that without an in-depth review of
source code for both products.
Also, bear in mind that programmers tend to d
Hi Kathy,
Here is what I posted a week ago. Works for us...with no excessive CPU load.
However, it sounds like your problems are a deeper configuration issue since
you mention multiple scanners allowing viruses through.
Assuming the default locati
ion program to get right. CAPTCHA's on the other hand are
a burden for legitimate users, and their utility will likely disappear in time,
whereas these other methods are neither a burden, nor are they likely to cease
being effective.
That's my take on it.
Matt
Darin Cox wrote:
s
assumes that a person would take significantly more time to fill a form than a
program, even if it is a keystroke generator
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday, April 09, 2008 11:54 AM
To: declude.junkmail@declude.com
Subject: Re: [Decl
Matt,
I did understand. What I'm saying is that it doesn't always work. To clarify,
in addition to less sophisticated automated form fillers that would fill out
all fields, there are also more sophisticated ones that use keystroke
generators to fill out forms. I just saw one in the public do
;t hinder your visitors with CAPTCHAs. It's not like
there isn't code being used by spammers elsewhere that read CAPTCHA's anyway,
though I suspect that the current form spammers are not doing that right now.
Matt
Darin Cox wrote:
Hi Matt,
Some do, some don
d by spammers elsewhere that read CAPTCHA's anyway,
though I suspect that the current form spammers are not doing that right now.
Matt
Darin Cox wrote:
Hi Matt,
Some do, some don't. I've seen both methods used on some customer sites.
Setting session variables on the for
indest Regards
Craig Edmonds
123 Marbella Web Design in Spain
W: www.123marbella.net
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: 09 April 2008 15:09
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] form spam filter
Hi Matt,
Some do, some do
script silently reject a submission that has a URL in
it. RegEx would be required in both JavaScript and the ASP or whatever code to
do the URL checking.
As far as I know, this seems to work perfectly, but setting session variables
on the form page doesn't do a damn thing.
Matt
Darin Cox wro
Since forms all use different emailers, and the form content is different as
well, your only hope is content filtering based on what the spammer
submitted... like SURBL filtering or REGEX on the spammer submission.
These days, web-based form processing pages should minimally check that the
refe
Hi Kevin,
This doesn't have anything to do with incoming mail servers, only outgoing.
Also, there should be just one SPF record per domain.
So assuming you send mail for myriadnetwork.com as well, and either domain
can send outbound mail through any of the servers listed in the MX records
for bot
l messages.
Thanks,
Ben
- Original Message -
From: Darin Cox
To: declude.junkmail@declude.com
Sent: Tuesday, February 26, 2008 1:19 PM
Subject: Re: [Declude.JunkMail] why isn't this message deleted
I don't believe it will work that way for you. Forwarded messa
are coming from.
Thanks,
Ben
- Original Message -
From: Darin Cox
To: declude.junkmail@declude.com
Sent: Monday, February 25, 2008 3:34 PM
Subject: Re: [Declude.JunkMail] why isn't this message deleted
Yes, it will work. However, I think you'll want the delete
Yes, it will work. However, I think you'll want the delete setting put on
inbound messages rather than outbound. In other words, do the scanning and
actions on the inbound message to that account, before it is forwarded to the
other account. You'll also want to be careful that you're not dele
Hmmm... well, if externals do run, then a message rewriter (to insert the
header line) could be launched an a Declude test.
Darin.
- Original Message -
From: "John T (lists)" <[EMAIL PROTECTED]>
To:
Sent: Thursday, January 24, 2008 12:58 PM
Subject: RE: [Declude.JunkMail] Indicate msg
Slammed...
I did have your message saved to reply, just hadn't had time.
Since Declude's whitelisting bypasses any tests, an external test won't work.
So, it appears you would need to write a plug-in that is called by IMail, and
then chains to Declude after rewriting the message.
It might als
Hi Dean,
We do limited per domain configs (from a set of choices, so it is not
completely custom per domain), but not per user, and have never seen a need
to go to the user level. Maintenance of that would be a nightmare as any
change to the master list of tests run or weights involved would r
l] Postmaster Spoofed Returns
I suppose the detection of "any remnants of the original spam" is going to
be a manual process...correct?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin
Cox
Sent: Thursday, September 27, 2007 9:08 AM
To: declu
SPF can help a bit, if the receiver of the spoofed emails uses SPF for
filtering and does not bounce on SPF violation.
We've been able to limit the bounces that get through so far to just a few,
mostly through detection of any remnants of the original spam in the bounce.
Darin.
- Original
Hi Bill,
No gotchas that I can think of. We've been using that kind of config for a
couple of years now.
You can redirect for an email address by specifying the email address on the
REDIRECT line
You can redirect for a domain by specifying "@example.com" (replace example.com
with your domain
Only SPFFAIL is recommended, as spammers may have SPF records. Also, since
many organizations are not using SPF, SPFUNKNOWN is not useful.
Here's how you declare it in your GLOBAL.CFG
SPFFAILspffailx0
I find that SPF is very useful, if for no other reason than to block spam
I use a command line tool from www.whoisview.com that works well for both
domains and IP blocks.
Occasionally I run into a domain that doesn't resolve, but when that happens
I also have trouble from registrar sites like netsol and godaddy.
www.freewho.com generally works well, though.
Darin.
I whipped this up mid afternoon, and it's catching them for us. An earlier
version this morning didn't catch the entire campaign.
-
MINWEIGHTTOFAIL 23
SKIPIFWEIGHT 250
REVDNS END ENDSWITH .smarsh.com
HEADERS 10 CONTAINS X-Mailer: Microsoft Outlook Expres
9.4% of the Storm botnet messages are reaching our DELETE weight and
not needing to be virus scanned. I attribute the relative 10% increase over
last week to the change in volume. The following chart shows the effect on an
8 core server:
Matt
Darin Cox wrote:
We've saw about
I think we started seeing it last Saturday... pretty constant since then.
Fortunately it's almost entirely being caught so our customers are not
seeing it.
Darin.
- Original Message -
From: "John T (lists)" <[EMAIL PROTECTED]>
To:
Sent: Friday, August 03, 2007 6:19 PM
Subject: RE: [D
We've saw about a 15% increase a few days ago, and it has stayed there.
Bandwidth increase was significantly more than that, though. Took our
primary mail server from 20-40% cpu to 50-80%. We just upgraded last night
to deal with it.
Darin.
- Original Message -
From: "Pete McNeil"
Sure. You could create a Declude combo filter like that. Put a size test
before the custom filter in your global.cfg, add the tests the message fails
to incoming message headers, and in the custom combo filter look for the
size test failure warning in the headers, and look for the zip file in
We had one that was definitely an FP last week. Submitted and received a
response that the rule had already been removed.
Darin.
- Original Message -
From: "John T (lists)" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, July 18, 2007 9:03 PM
Subject: [Declude.JunkMail] Fidelity Independent
We're running pretty well... catching somewhere between 99.7% and 99.9% of
incoming spam. Declude 2.0.6 (waiting on Imail 2006 to stabilize before
upgrading to the latest version) on IMail 8.22, along with Sniffer and
invURIBL.
Darin.
- Original Message -
From: "Uwe Degenhardt" <[E
n)*Content-Type: application/pdf;
Note that I have not tested this, but the code is in fact fairly simple and it
should work.
Matt
Darin Cox wrote:
So far all that I've seen have a blank body with the pdf attachment.
Anyone have any ideas as to how to test for a blank body, or one w
So far all that I've seen have a blank body with the pdf attachment.
Anyone have any ideas as to how to test for a blank body, or one with only
whitespace characters? The new PCRE function can do it, but we're still on
2.0.6 at the moment, waiting until IMail 2006.21 comes out and passes testin
Excellent practice. I should have thought to look.
Appreciate it, Sandy!
Darin.
- Original Message -
From: "Sanford Whiteman" <[EMAIL PROTECTED]>
To: "Darin Cox"
Sent: Wednesday, June 27, 2007 4:29 PM
Subject: Re[4]: [Declude.JunkMail] Using Footer32 in
Hi David,
What's the CB-ATTACH.txt filter?
Darin.
- Original Message -
From: David Barker
To: declude.junkmail@declude.com
Sent: Wednesday, June 27, 2007 11:24 AM
Subject: RE: [Declude.JunkMail] New PDF worm?
Yes I am seeing the same thing although when I run the pdf through a viru
Yep.
Darin.
- Original Message -
From: SJ.Stanaitis
To: declude.junkmail@declude.com
Sent: Wednesday, June 27, 2007 11:17 AM
Subject: [Declude.JunkMail] New PDF worm?
I'm getting gobs of PDF's snagged in my antispam filter, they're not triggering
any AV yet, anyone else seeing this
AIL PROTECTED]>
To: "Darin Cox"
Sent: Tuesday, June 26, 2007 11:03 PM
Subject: Re[2]: [Declude.JunkMail] Using Footer32 in per domain
configuration
> I found the problem. It seems there is an additional undocumented
> command line switch that needs to be added to the
use this
ADDFOOTER external nonzero "f:\imail\declude\footer32.exe -oo %INOROUT% -yf
f:\imail\declude\footer_%LOCALHOST%.txt -f" 0 0
and it works fine, where footer_example.com.txt is the text file containing the
footer for the domain example.com.
Darin.
- Original Message --
e.JunkMail] Using Footer32 in per domain configuration
Darin-
I had to
#DOMAINWHITELISTSOFF
# turned off prewhitelist for footer32 5/12/7
#PREWHITELIST ON
Maybe a couple of other Global settings as well I can't quite remember.
Jay
-Original Message-----
From: &quo
Anyone using Sandy's footer32 in a per domain configuration? I tried a few
variations and haven't been able to get it to work. Here's the GLOBAL.CFG line
I'm using:
ADDFOOTER external nonzero "f:\imail\declude\footer32.exe -oo %INOROUT% -yf
f:\imail\declude\footer_%LOCALHOST%.txt" 0 0
Howeve
How about adding it to the downloads section? That seems easier than
dealing with a lot of individual requests.
Darin.
- Original Message -
From: "David Barker" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, June 19, 2007 10:42 AM
Subject: RE: [Declude.JunkMail] PCRE and REVDNS
Email me di
There is a conversion tool that comes with IMail 2006 to convert address books.
The new address books are stored in an access database.
Darin.
- Original Message -
From: J Porter
To: declude.junkmail@declude.com
Sent: Tuesday, June 05, 2007 10:46 AM
Subject: Re: [Declude.JunkMail] M
Hi Ben,
I agree that Declude should detect the IMail version, but I can imagine an
argument for continuing to process the aliases.txt, where a recent conversion
has taken place, and address book conversion has not fully been completed.
So, I guess I see this as more of an IMail conversion issue
ver see or know
about BCC recipients. The headers just show the message addressed to me, with
the from line from me, but with someone else's IP address. It's probably the
oldest spam trick in the book to just forge the >From line.
Ben
- Original Message -
From: Darin
Anyone on the BCC line? If there's an address there that is being whitelisted,
then the entire email gets whitelisted to all recipients.
Darin.
- Original Message -
From: Imail Admin
To: declude.junkmail@declude.com
Sent: Friday, May 25, 2007 9:01 AM
Subject: Re: [Declude.JunkMail]
I've always thought that was silly. I would think your own address should
always be excluded from whitelisting. When would email from yourself to
yourself be filtered such that it would need whitelisting?
Darin.
- Original Message -
From: Scott Fisher
To: declude.junkmail@declude.c
We monitor from multiple locations... from within the datacenter and from the
office. While we get double the notifications in the event of a failure, the
complete redundancy avoids any common failure points. As a side benefit,
monitoring from the office tells us when our office internet conne
This is too tempting...
Darin.
- Original Message -
From: "John T (lists)" <[EMAIL PROTECTED]>
To:
Sent: Thursday, May 17, 2007 3:31 PM
Subject: RE: [Declude.JunkMail] all_list.dat ?
I think we all fully understand that now Andrew.
John T
> -Original Message-
> From: [EMAIL
. I
want to bypass this, and pull the data directly.
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Darin Cox
Sent: Monday, May 14, 2007 8:15 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Header Information Util...
Lo
are from a range of times/dates, and
they're on an Exchange server.
I'd have to know what SMTP ID's I was looking for in the logs, which I'd
need from the email header information, etc etc...
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Why don't you use the mail server log files instead. Much easier to parse,
and tools like Grep and Sawmill can be used to do it.
Darin.
- Original Message -
From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]>
To:
Sent: Monday, May 14, 2007 5:45 PM
Subject: [Declude.JunkMail] H
e only software company in
the world to have issues and then make customers wait a year and a half for
a solution, I guess one consolation is we don't charge you as much to do so
:)
David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin
Co
For those on IMail, the focus right now is probably on getting a stable and
fully functional mail server again. IMail 2006.21 preview 1 was just
released to hopefully address most, if not all, of the problems with 2006,
but it was just posted that those with virtual domains should wait for
preview
Yeah, UCEPROTECT in particular seems to have added a lot of major ISPs recently.
We started counterweighting ISPs by REVDNS, but we were spending too much time
doing that, so we reduced the weight of the UCEPROTECT1 and UCEPROTECT2 tests.
Darin.
- Original Message -
From: Bonno Bloksm
We have counterweight filter files for all of our higher weight tests. For
example, if hotmail ifs failing SORBS-SPAM across the board and we decide to
exempt them from that test, then we'll add a REVDNS test to the counterweight
file for SORBS-SPAM. This way we can effectively turn tests on o
Just the individual's account. One thing that does sometimes happen,
though, is that the user puts their own address in their webmail address
book. So, anything that forges that person's address when sending to them
gets through. Something for the user FAQ...
Darin.
- Original Message ---
We see that a lot... where the user has their own email address in their
webmail contacts, which results in any spam sent to them that forges their
email address coming through.
Darin.
- Original Message -
From: "Robert Grosshandler" <[EMAIL PROTECTED]>
To:
Sent: Friday, March 09, 2007
an that SPF is impractical for anyone not strictly using
webmail? To me it implies that to cover all bases you would have to have in
your SPF string "?all" and there would be no way to make it stricter than
that, other than to force all your users to use webmail and not Outlook.
Gary
--
t; > will be their home connection. That being the case, unless
> > your users are strictly using webmail, your SPF record should
> > show no enforcement otherwise all the non-webmail messages
> > will get blocked. To me this indicates that SPF doesn't help
> >
Not a rule, but either a domain-level or user-level config to change the WARN
action to IGNORE.
Darin.
- Original Message -
From: Craig Edmonds
To: declude.junkmail@declude.com
Sent: Friday, February 16, 2007 6:33 AM
Subject: [Declude.JunkMail] disable subject line warning on one ema
itmask 1 "ESPAM" 8 0
ESPAM-PHISH bitmask 2 "ESPAM" 4 0
ESPAM-BULK bitmask 4 "ESPAM" 6 0
Darin.
- Original Message -
From: Darin Cox
To: Darin Cox ; [EMAIL PROTECTED] ; Declude.JunkMail@declude.com
Sent: Thursday, February 15, 2007 4:37 PM
Hi David,
Any progress on the documentation?
Darin.
- Original Message -
From: Darin Cox
To: [EMAIL PROTECTED] ; Declude.JunkMail@declude.com
Sent: Tuesday, February 13, 2007 2:54 PM
Subject: Re: Documentation
Hi David,
Any progress on revising the documentation? I noticed I
DNSStuff,
> just not in a PR role.
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Darin Cox
> Sent: Wednesday, February 07, 2007 5:59 PM
> To: declude.junkmail@declude.com
> Subject: Re: [Declude.JunkMail] dns attacks tod
for now -
-Nick
Darin Cox wrote:
> Ugh. David B., can we get manuals back ASAP? PDFs that we can download
and
> save would be great so we can keep a reference in case something like this
> happens again, our internet connection is down, etc.
>
> Darin.
>
>
> - Origin
Ugh. David B., can we get manuals back ASAP? PDFs that we can download and
save would be great so we can keep a reference in case something like this
happens again, our internet connection is down, etc.
Darin.
- Original Message -
From: "Dean Lawrence" <[EMAIL PROTECTED]>
To:
Sent: F
Whitelist questionsI would suggest negative/counter weights instead of
whitelists, but yes, you can have several lists for whitelisting or
counterweighting purposes.
Here's the general syntax for ip-based or from-address counterweighting.
Adjust the file paths from these generic examples
IPBL
ott is still involved with DNSStuff, just not in a PR
role.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin
Cox
Sent: Wednesday, February 07, 2007 5:59 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] dns attacks today
So where
1 - 100 of 805 matches
Mail list logo