Dan,
The best practice is to advertise generic addresses, and don't subscribe
such addresses to anything. Then you know that harvested addresses will
likely be those on your site, and you can weight them higher, or fail on
a lower score, whichever. At least that's what I do. I also
Scott,
Is there a limit to how far down a file the text filters will search?
I've come across a few examples where a text filter of:
BODY 0 CONTAINS base64
...didn't hit when it was actually in the message as text. In the most
recent example, this was 72,486 characters into the
Thanks for the answers. I would imagine that it makes a lot of sense to
limit it at 32 K. The root of my issue then becomes Microsoft Word's
unbelievably bloated code. If they can't construct a simple E-mail
without 500% overhead in their tagging, I can see why Linux people laugh
about
They're still a work in progress of course, but most of the major
sources of FP's seem to have been fixed.
The major changes are that the tests have both been split into two
files, on for positives, and one for counterbalancing false positives.
This reduces the possibility of crediting too
Keith, you have good stories. BTW, I was one of those folks working in
Corporate CYA America was a webmaster. I didn't last long. Couldn't
stand the way things worked. Our firewall administrator didn't even
know the basics of TCP/IP, and it took several weeks and meetings to
get him to stop
Good call Keith. I don't know what the proper address would be, but
the following article says that it can be blocked:
http://biz.yahoo.com/ap/030915/internet_typos_1.html
If you were correct, you would probably have to do this in your DNS
server. Maybe set up reverse DNS for that block.
Ignore my earlier reverse DNS thoughts, that doesn't make any sense :)
I certainly have my moments.
I think the article is also wrong by saying that DNS could be used to
defeat this. I'm betting that providers like AOL are just simply
configuring that block of addresses to point to their own
I think a better filter might be:
BODY 100 CONTAINS verisign
HEADERS 100 CONTAINS verisign
HELO 100 CONTAINS verisign
MAILFROM 100 CONTAINS verisign
REMOTEIP 100 CONTAINS verisign
REVDNS 100 CONTAINS verisign
ALLRECIPS 100 CONTAINS verisign
SUBJECT 100
- Original Message -
From: "Matthew Bramble" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 15, 2003 4:29 PM
Subject: [Declude.JunkMail] GIBBERISH and GIBBERISHSUB filters updated
They're still a work in progress of course, but most of the major
sources of
Mark,
Such E-mail should be tagged in the message header. Even your message
got sent in charset=koi8-r, though I have seen at least one other
Cyrillic characterset. Here's a page full of them:
http://czyborra.com/charsets/cyrillic.html
I would imagine that if you have no customers speaking
I think that I've stumbled onto a large source of false positives in
legitimate bulk mail. Instead of listing individual mailers that offend
in many cases, it turns out that these are often customers of one of a
few companies, CheetahMail and SilverPOP. Each of these companies uses
URL's in
Dan,
That would be a valuable test IMO, however I think there might be issues
with load since I am not aware of a standard method of caching whois
lookups. Because whois output also comes in many forms (as opposed to
DNS) it would be process intensive to grab the registration date. Then
;#1086;#1085;#1082;#1080;
#1079;#1072;#1088;#1091;#1073;#1077;#1078;!
Mike
- Original Message -
From: Matthew Bramble [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 15, 2003 12:40 PM
Subject: Re: [Declude.JunkMail] OBFUSCATION filter
Pete,
It's not redundant because
1074;#1086;#1085;#1082;#1080;
#1079;#1072;#1088;#1091;#1073;#1077;#1078;!
Mike
- Original Message -----
From: "Matthew Bramble" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 15, 2003 12:40 PM
Subject: Re: [Declude.JunkMail] OBFUSCATION filter
Pete,
It's n
I'm using IMail 7.13 at the moment and this is what I get for a message
that I AUTHed:
QC:\IMail\spool\D94de0163018e1cda.SMD
Higaia.com
We:\mail.igaia.com
E0,
S[EMAIL PROTECTED]
NRCPT TO:hidden
Rhidden
Doesn't look to be in there. Maybe I should upgrade my version and try
again? I see
False positives will come from users that misspell their domain name in
their mail client. I have had that happen. There are also lots of
forms being used on Web sites that take the user's input and construct a
message using their address as the From in order to facilitate replies,
and I can
seen many issues with devices or software that manage
their own SMTP.
Hope this helps.
Matt
Joshua Levitsky wrote:
On Sep 17, 2003, at 2:59 PM, Matthew Bramble wrote:
False positives will come from users that misspell their domain name
in their mail client. I have had that happen
Ok, I've been testing this one for about a week with very positive
results. It's still a work in progress as far as exclusions go
(candidates welcome), but I have been using it with a good deal of
success as is for the past week. The filter is called DYNAMIC and it
can be downloaded at the
New versions of GIBBERISH and ANTIGIBBERISH have been posted after
someone pointed out a false positive coming from the Outlook mail
client for read receipts that have a marker filled with gibberish-ish
text.
The new filter files can be downloaded at the following locations:
GIBBERISH and
Any thoughts?
Todd
Holt
Xidix
Technologies, Inc
Las
Vegas, NV USA
www.xidix.com
-Original
Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matthew Bramble
Sent: Wednesday,
September 17,
2003 3:54 PM
To:
[EMAIL PROTECTED]
It was purposeful because I wanted to protect from false positives. If
there are enough of those, we could of course add tests or maybe even
mark the domain in some cases. It's helpful to also know their policy
on outbound SMTP and mail server hosting if available.
I think that the following
Thanks for the pointer on Charter. If I wasn't whitelisting you for
this listserv, you would still only score a -1 for most any message
because of negative weighting on your mx and legit content after failing
DYNAMIC.
Matt
R. Scott Perry wrote:
One thing that I'm looking into right now is
with the DYNAMIC filter. Legit mail
should also pass even if it fails all three filters because of negative
weighting.
Matt
Joshua Levitsky wrote:
On Sep 17, 2003, at 8:21 PM, Matthew Bramble wrote:
I think that the following is a candidate for exclusion:
rrcs-nys
It would probably be safe to negative score on the following:
REVDNS-10ENDSWITH1.comcast.net
REVDNS-10ENDSWITH2.comcast.net
REVDNS-10ENDSWITH3.comcast.net
REVDNS-10ENDSWITH4.comcast.net
REVDNS-10
Actually, you don't get scored with this filter. You would need to
have dashes or dots on both sides of a number. Even if you did, you
would have a real tough time scoring anything over 1 coming to my
machine. Your mileage may vary of course.
Also, I can't see why it would be even workable to
Oops, my bad, the 224 is a reference to your class B. That is dumb,
but at least they didn't make it look like a dial-up IP. You still
wouldn't score though :)
Matt
Matthew Bramble wrote:
Actually, you don't get scored with this filter. You would need to
have dashes or dots on both
Josh is right. Declude doesn't like seeing IP addresses in Message ID
headers. I see FP's from BADHEADERS for the same. There's another
issue though...SPAMHEADERS get's triggered for exactly the same
reason. I found something buried in the release notes though that
allows you to make this only
Thanks a bunch for the clarification. It's just unfortunate that
programs that make the mistake of using an IP as a hostname and not
including a message ID end up failing so many important tests. I
recently been seeing about 2 different senders each week that will FP
for this reason (but no
30, but why 30? And finally, what about those that pad
with zero's? i.e. 192-168-054-003.dynamic.isp.tld.
Thanks,
Chuck Frolick
ArgoNet, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Wednesday, September 17, 2003 8:25 PM
It might be easier to get them to act as a secondary for your reverse
DNS. ISP's don't typically like to delegate control of such things.
It works just as effectively and DNS's auto notification features allow
my changes for instance to be published immediately to the ISP's
authoritative DNS
I get more valid E-mail's faking the from to look like it's from one of
my users than I get in actual spam that is doing this. In a recent
test of 5,530 unique incoming messages, only 6 spammers tried to look
as if it was coming from my server, that's only 0.1%. It all failed as
well.
I
I have an attachment filter that adds score when something is received
attached but not inline. The problem with this is that it also helps
viruses get through spam blocking (I plan on improving this). The
filter is simple:
BODY-5CONTAINScontent-disposition: attachment
I have
Just to follow-up in case it helps Andy in the event he is unfamiliar
with the setting. I used to get a lot of calls when Microsoft started
blocking all executable attachments by default with Outlook Express 6.
In Microsoft Outlook Express:
Tools Security Uncheck: Do not allow attachments
rarely. Are you not seeing the same very
low incidence of this type of thing? or is that unique to my own
customer base?
Matt
Bill Landry wrote:
- Original Message -
From: Matthew Bramble
I highly recommend not filtering the fake MAILFROM for your local domains.
Why
Airline Tickets + $100 Cash Back
1 Subject: 3 months of FREE Satellite TV
1 Subject: 0% Auto Loans!
1 Subject: you are *approved already. No credit check
Looks like a very effective test to
me.
Bill
-
Original Message -
From:
Matthew
Bramble
To:
[EMAIL
suggested, but
some of the FP's produced would be problematic with a few regular
senders that fail multiple technical tests.
Matt
Matthew Bramble wrote:
Bill,
It depends on your customer makup. My FP rate with a MAILFROM filter
would be close to 90% if not more because of several sites
ets + $100 Cash Back
1 Subject: 3 months of FREE Satellite TV
1 Subject: 0% Auto Loans!
1 Subject: you are *approved already. No credit check
Looks like a very effective test to
me.
Bill
-
Original Message -
From:
Matthew
Bramble
To:
[EMAIL PROTECTED]
David Dodell wrote:
How to you list multiple countries?
COUNTRIES CONTAINS 5 kr,cn
??
Just one string per line and make sure there are no characters following
the country code.
COUNTRIESCONTAINS5kr
COUNTRIESCONTAINS5cn
---
[This E-mail was scanned for viruses by
do not want.
Anyway, what works for me in my
battle to fight spam may not work for you, and vise versa. BTW, the
search string I used to output this file is shown at the top of the
attached file.
Bill
-
Original Message -
From:
Matthew
Bram
Just in case you didn't notice and used my example over Scott's (which
is generally not recommended), I had the points out of place in my
example (yours did also).
Matt
Matthew Bramble wrote:
David Dodell wrote:
How to you list multiple countries?
COUNTRIES CONTAINS 5 kr,cn
??
Just one
There are two different classes though of TLD's in question though,
gTLD's and ccTLD's. The only other offending gTLD is the .museum
domain, and efforts to wildcard .biz was stopped by ICANN. Some of the
ccTLD's are being used generically, however it seems that ICANN is
going about this as an
are found unacceptable for gTLD's then .museum should also
stop, countries should also stop. The accaptable rules for DNS should
not change due to the fact you are a country.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matthew
I didn't realize this until a second ago, but VeriCorrupt is stealing
traffic from every domain name out there on the Internet, regardless of
the extension, and regardless of whether or not it is registered. Want
to see something else that's quite strange?
:
- Original Message -
From: Matthew Bramble
Let's keep in mind that the discussion has changed from the original topic
of MAILFROM Forged to VERP + Forged.
Yep, my bad.
Is that a fair enough presentation?
Yes, very nice analysis! Based
PROTECTED] On Behalf Of Matthew Bramble
Sent: Monday, September 22, 2003 01:34 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] VeriSteal is stealing traffic from your domain.
I didn't realize this until a second ago, but VeriCorrupt is stealing
traffic from every domain name out
] [mailto:[EMAIL PROTECTED]] On Behalf Of Matthew Bramble
Sent: 22. september 2003 08:05
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] VeriSteal is stealing traffic from your domain.
Very strange. I just confirmed that it happens from both Netscape and
IE on both local computers
among others). I already have some issues
with this stuff FP'ing and bounces aren't useful in the second instance.
Matt
Bill Landry wrote:
- Original Message -
From: Matthew Bramble
Thanks for the link to the GNU stuff. I might be asking for some help
writing useful strings
this is proof of why you shouldn't wildcard from
the root servers?
Matt
ISPhuset Nordic AS wrote:
what dns are u using ?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matthew Bramble
Sent: 22. september 2003 08:05
t;DNS Client" service disabled. We setup all
machines with it off by default now, because it has caused nothing but
problems for us in the past by caching bogus info.
Good luck!
Bill
-
Original Message -
From:
Matthew
Bramble
To:
[EMAIL PROTECTED]
AD going to get this?
AD must be configured correctly or else problems will come up when you least
expect it.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matthew
weeks cost them
big money to fix this
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matthew
Bramble
Sent: 22. september 2003 20:19
To: [EMAIL PROTECTED]
ISPhuset Nordic / Benny Samuelsen wrote:
Thats why you are supposed to use fex .loc
afe, but by no means assured at this point.
Matt
Joshua Levitsky wrote:
On Sep 22, 2003, at 3:05 PM, Matthew Bramble wrote:
do see the reasoning in either owning the domain or
using a
fake TLD. Eventually the fake TLDs though could come back and haunt
users if they are ever allo
Bill,
This looks to be more promising than filtering for forged MAILFROM's
(because of the FP's that exist there). The spam that has gotten
through which forged the MAILFROM also forged the HELO, while the legit
stuff had appropriate HELO's listed.
I have one issue though that others might
Bill,
One other very important note. You need to be using IMail 8, WHITELIST
AUTH with Declude 1.76b and make sure that all the mail clients are
configured to use SMTP AUTH, otherwise intra-server E-mail is going to
get tagged. I can't use this in it's present form because I'm using
IMail 7
lto:[EMAIL PROTECTED]]On Behalf Of Matthew Bramble
Sent: Tuesday, September 23, 2003 2:36 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Another very effective filter test
Here's an example of what I'm talking about:
Received: from nycars.com [24.92.238.169] by igaia.com with ESMTP
I
Keith,
I believe that the asterisk means that any IP returned is a match. I
have several of these configured in my Global.cfg file and they're at
least working :)
DSBLip4rlist.dsbl.org
*70
ORDBip4rrelays.ordb.org
*7
-
From: "Matthew Bramble" [EMAIL PROTECTED]
Maybe other "unlisted" entries reflect similar circumstances
(not available under normal circumstances)?
All of the DNSBLs (ip4r) and RHSBLs listed on the Declude spam databases
site (http://www.declude.
Is it me, or did SpamCop suddenly become awful when it comes to false
positives with almost anything that is sent in bulk? I've recently seen
them tag PayPal, ActivePDF newsletters, Match.com and even the local
chamber of commerce (which only sends to members w/opt-out). If they
ever start
to work with.
Andrew
8)
-Original Message-
From: Matthew Bramble [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 23, 2003 9:23 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Understanding Return Codes
Maybe it was just down on the day I
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Matthew Bramble
Sent: Wednesday, September 24, 2003 8:12 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] What's wrong with SpamCop?
Is it me, or did SpamCop suddenly become awful when it comes to false
positives with almost anything that is sent
found that they've gotten much better
at containing spam; they still host reply mailboxes, but are sending out
very little to us, so I've increased my counterweight for mail coming from
their mail servers.
Andrew 8)
-Original Message-
From: Matthew Bramble [mailto:[EMAIL PROTECTED]
Sent
I just found an(other) example of legit E-mail using base64 encoding
for text segments. I would like to create an anti-filter for this
(along with OWA for Exchange violations), however I'm having trouble
identifying what piece of software or other identifying characteristic
appears in the
Scott, I've seen some FP's (or possibly rather just simply legit mail)
tagged for BASE64 coming from AOL 8 (maybe others) when there is an
attachment and no text in the body of the message. I'm wondering if
this is possibly a bug in the BASE64 test, and if so, could/should it
be fixed? An
.
Can you do that? This example was redundantly encoded though.
Matt
-Original
Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matthew Bramble
Sent: Wednesday,
September 24, 2003 8:46
PM
To:
[EMAIL PROTECTED]
Subject:
[Declude.JunkMail
Actually, you want to apply the weight in the Global.cfg, 7 in this
case, and then all of your positives should be listed as 0 in the filter
file and the Mozilla exception should be scored as a -7. The way it is
now, it will credit 7 points to any message claiming to be Mozilla
generated, and
It might also be a good idea to remove my domains from your files :) I
thought my mail client would use the version saved at the time attached
instead of grabbing them when I sent the E-mail...
Matt
Matthew Bramble wrote:
Actually,
you want to apply the weight in the Global.cfg, 7
It's a limitation in the filtering capabilities. I certainly don't
want to do that, but there is no way around it. You just have to keep
that in mind when scanning the headers after seeing this test tripped.
The way you had it written, it would be tripped just as often, but it
would have
John,
I assume that if someone is going to spoof part of my domain, they
won't add fake stuff to the front of it. If they started, I would
change my methods to yours possibly, but I would then need to provide
exceptions for where my domains are validly used on other servers, such
as my MS
Bill,
The first example is what I did. BTW, I have found from monitoring
that most (all so far) spammers just simply use what appears after the
@ symbol instead of having something lookup the MX every time.
Matt
Bill Landry wrote:
Matt, what the spammers do is use
the names
John,
I think you might be confusing what HELO really is, and what the HELO
filter searches. The HELO filter only searches the hostname that is
sending and not the IP address that it is sending from unless it is
configured to use the IP as the hostname (which is rare and will trigger
other
You should exclude your backup MX servers. This follows along the
lines of using IS instead of CONTAINS or ENDSWITH. It's better IMO to
have the test not score known exclusions along with spoofers of those
known exclusions rather than just applying a score to anything. I'm
scoring at 70% of my
I think I referenced that :)
Bill Landry wrote:
Not necessarily. The [xxx.xxx.xxx.xxx] format is a valid and legit hostname
syntax.
Bill
- Original Message -
From: Matthew Bramble [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 25, 2003 12:24 PM
Subject: Re
Just an idea. In addition to negative scoring in NOLEGITCONTENT and
IPNOTINMX not failing (and crediting points in many configurations),
could it be possible that you have some negative weight tests in your
WORDFILTER file? Declude will only mark one instance of a filter line
in the logs even
Scott MacLean wrote:
*sigh* you're right again, Scott. Still doesn't
explain why it's not
catching my previous wordfilter lines. I'm going to watch this one some
more.
Keep checking your math for the other message :)
NOLEGITCONTENT nolegitcontent x x 0 -5
Subtract that from 9 and it falls
John,
Just to clarify, the division is related to circumstance and experiences
rather than what is best globally. There is no global answer that is
the best answer in every circumstance. I use IS because it is more
conservative and I have already seen about 4 such violators in the last
year
Mike,
That issue with PayPal is a scripting error on their part, and it is an
invalid link in HTML. I have only seen one semi-legit outfit using
obfuscation in URL's, but this was a contest opt-in site that would then
turn around and sell your address (that was their business) so I don't
And something else that formerly confused me and you pointed out...Roger
should make sure that the subject line wasn't base64 encoded by checking
out the source of the E-mail since the subject (and the rest of the
headers) isn't decoded for filtering..
Matt
R. Scott Perry wrote:
R You
Jonathan wrote:
If this is the case, then the second part of Scott's explanation
doesn't make sense. Why didn't he just say, Yes, once it's in
someone's address book, then it's whitelisted for everyone on all the
domains on that server. Also, this seems like a pretty good way to
circumvent
My God, did the programmers of that software actually opt to base64
encode US-ASCII in the subject line???
Sorry, I just has to point that out in case anyone missed it :)
Matt
R. Scott Perry wrote:
Here are the headers from a message that was blocked. I had to
whitelist the address so that
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matthew Bramble
Sent: Thursday, September 25, 2003 7:14 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Percent symbols in the beginning of a
URL
Mike,
That issue with PayPal is a scripting error on their part
I don't see why you (or rather anyone) would want to add any weight for
such a thing. While spam constitutes about 95% of my late-night
traffic, my FP's are already spread through the hours fairly evenly
since most of those are from automated mailers of some sort, and adding
points to
This is likely a configuration on in Outlook or Outlook Express. With
the latest versions, they block the ability to open certain types of
attachments, but the attachments are actually delivered with the messages.
On the client computer's mail program, go into Tools Options
Security and
You could write a filter that searches the headers for your backup
server's IP address.
HEADERS 3 CONTAINS x.x.x.x
Matt
Robert Grosshandler wrote:
We do that already and it works fine. However, I know that there is a much
higher probability that any mail that passes through the backup
I was just suggesting a method of doing what he wanted to try :)
I'm not generally a big proponent of indiscriminately adding points to
E-mail, and this one falls in the gray area. If your backup in located
at the same site, I would imagine that very few E-mails will get tagged
improperly
Rob,
I have recently discovered that the pro version's filter capabilities
are a very important tool for tagging spam that otherwise passes
through. I would recommend the upgrade highly, though not specifically
for this purpose. I've been able to add points to low scoring spam with
a very
Separate lines for any filter is what works.
Be careful about whitelisting addresses of local users or popular
domains because spammers do forge these addresses. You are probably
safe whitelisting problematic addresses from non-local, non-popular
domains, just not from places like aol.com.
I recommended searching the headers for your backup server because I
believe that the REVDNS test is moved to a different hop when you get a
hit on IPBYPASS, otherwise that would be the way to go. The ANYWHERE
search only works with whitelisting from the Global.cfg file. In filter
files you
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED]] On Behalf Of Matthew Bramble
Sent: Friday, October 03, 2003 2:54 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Happy days are here again...
Todd Holt wrote
Todd Holt wrote:
So, ICANN
comes up with a figure that is
equal to the cost of maintaining the internet for a year and each
registrar
pays a percentage of that figure based on the percentage of all
registrations
that they manage?
Exactly.
If
I'll add these to the list that I maintain as well for both the
ANTIGIBBERISHSUB and ANTIGIBBERISH filters. You shouldn't need to add
these to the base filters though since the two letter string will trip
it without any assistance.
I took note of your parts suggestion as well, but haven't yet
John Tolmachoff (Lists) wrote:
I'll add these to the list that I maintain as well for both the
ANTIGIBBERISHSUB and ANTIGIBBERISH filters. You shouldn't need to add
these to the base filters though since the two letter string will trip
it without any assistance.
I did not
.
If anyone has any more counterbalances to suggest, now would be a
wonderful time so that I can get them into the file.
Thanks,
Matt
Frederick Samarelli wrote:
Matt can I take a look at an updated version of you files.
Fred
- Original Message -
From: "Matthew Bramble" [EMAIL
and expertise. Thanks from all of us!!!
JR
-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matthew
Bramble
Sent: Wednesday, October 08, 2003 1:16 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] GIBBERISH test adjustment
I know this has been discussed before, and I think that I have it
correct, however I just wanted to verify the setup required for this to
work properly with Declude.
I have an external domain soon to be configured with two MX records:
mx1.external-domain.com
mx2.external-domain.com
I
Dan,
Check your DNS settings. Your outgoing E-mail probably can't be
resolved for external mail server addresses.
Matt
Dan Cummings wrote:
Hi,
Have about 800 users on a decently powered Imail box running Declude 1.75. The system has been running great for months, but today I received
I do pretty much the same thing, though I use Killer Web Mail for this
purpose.
I think you are talking about the list of messages, in which case you
might have to re-code your Web Mail templates to get that to work. You
can though do things like add the weight to the subject and probably
.
- Original Message -
From: "Matthew Bramble" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 3:36 PM
Subject: Re: [Declude.JunkMail] Imail/Web mail
I do pretty much the same thing, though I use Killer Web Mail for this
purpose.
I think you are tal
:
Thanks. Looked at the code. Beyond
me
-
Original Message -
From:
Matthew
Bramble
To:
[EMAIL PROTECTED]
Sent:
Thursday, October 16, 2003 4:36 PM
Subject:
Re: [Declude.JunkMail] Imail/Web mail
Fred, you can't by default. If you
know
where they keep the Column Title"From" I would liketo change it to
"TO".
If you every figure out how to add a
column to have both To and From that would be best.
I really appreciate this.
Thanks.
Fred
-
Original Message -
From:
Is it me, or is this the third or fourth such message in a day or so?
That's quite strange. It's making me think that maybe a recent
Microsoft, Ipswitch or Declude patch/upgrade might be the root of the
problem (likely the first of course).
Another list member said that rebooting his server
101 - 200 of 466 matches
Mail list logo
