RE: [Declude.JunkMail] Ok, what did I do wrong?
Sorry, but just a quick question - How do I unsubscribe to this forum? Thanks. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [sniffer] OT - exchange 5.5 help
Title: Re: [sniffer] OT - exchange 5.5 help Configure the IMS (internet mail service/connector in echange manager) You have to disable the microsoft smtp server (iis5 smtp) exchange 55 has its own smtp -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: 'declude.junkmail@declude.com' declude.junkmail@declude.com CC: 'sniffer@SortMonster.com' sniffer@SortMonster.com Sent: Fri Jan 07 07:13:01 2005 Subject: [sniffer] OT - exchange 5.5 help I know this is off topic, but I need a little Exchange 5.5 help. Recently upgraded a client from NT4 with Exchange to Windows 2000 Server SP4 with Exchange 5.5. I am having one problem though. The local server name is server.example.com, which is fine and dandy for the internal network. I need to add a domain suffix for the server for the outside world for sending email. I need the domain suffix to be something like example1.com, where example1.com is a real registered domain. Any help is appreciated and you can email me off list. Daniel === Daniel Ivey GCR Company / GCR Online Voice: 434 - 570 - 1765 Fax: 434 - 572 - 1981 [EMAIL PROTECTED] This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
RE: [Declude.JunkMail] Delog and new logging
Couldn't find this in the archives. I'm noticing that Delog apparently has problems reading my Declude logs now that there have been format changes. I thought of using search/replace in a good text editor to make my logs readable, but I wonder if there's a specific syntax Delog expects? Yes Delog expects the LOG to be as it was. Delog may not work with the latest version of Declude due to the significant changes made in the log format and since I have not upgraded I have no idea what those changes are. Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 'Do Not Spam' List Will Not Work - FTC
Title: Message News Listed Below: Regards, Tom Image`fx - 'Do Not Spam' List Will Not Work - FTC 2:23 p.m.06/15/2004 Provided by WASHINGTON (Reuters) - A government-run "Do Not Spam" registry would only generate more unwanted e-mail because unscrupulous marketers would simply treat it as a source of leads, the U.S. Federal Trade Commission said on Tuesday. The FTC declined to endorse a no-spam registry patterned after its tremendously popular Do Not Call list that allows consumers to prevent most telemarketing calls. While telemarketers have largely complied with the new list, e-mail marketers that are already breaking a number of laws would simply ignore it, or use it to send more spam, FTC Chairman Timothy Muris said. "A national registry was a great solution to unwanted telemarketing calls. At this time it's not the solution to unwanted e-mail," Muris said. Muris said proposed authentication standards that promise to make it harder for spammers to cover their tracks showed promise as a way to cut down spam. FTC officials said on several occasions last year that they did not think a no-spam list would work, but Congress directed the consumer-protection agency to look into it when it passed a national anti-spam law last December. Unsolicited bulk messages now account for roughly 83 percent of all e-mail traffic, according to filtering company Postini Inc. Copyright Reuters 2003. All rights reserved. Republication or redistribution of Reuters content, including by caching, framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world.
RE: [Declude.JunkMail] OT IMail Backup/Restore
When you export the imail registry hive Look at the resulting file... If there are hard references to C: Then run a search/replace all to update to D If you use SQL for user databases then you'll have to write a small sql script to update the mailbox path's for every mailbox. The physcal path is stored in each row. Other than that, its exactly what I've done many times. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, June 11, 2004 11:01 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT IMail Backup/Restore Hi, I think this is going to work I need to backup IMail from the C Drive, reformat the server, create D drive and then put IMail back on D Drive. I figure the way to do this is Old Server Stop all IMail services Backup IMail and all directories Make new server Install IMail on new server D Drive Patch it to same level Restore the IMail directories to D Drive Check all drive references Start Services This should move all the mail and users etc etc Obviously fix all the Declude filter paths etc. Will this work? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT IMail Backup/Restore
That's all that you need -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, June 11, 2004 4:21 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OT IMail Backup/Restore Tom, Is there more in the registry than under HKLM\Software\Ipswitch\. Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Tom Baker | Netsmith Inc Sent: Friday, June 11, 2004 12:07 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OT IMail Backup/Restore When you export the imail registry hive Look at the resulting file... If there are hard references to C: Then run a search/replace all to update to D If you use SQL for user databases then you'll have to write a small sql script to update the mailbox path's for every mailbox. The physcal path is stored in each row. Other than that, its exactly what I've done many times. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, June 11, 2004 11:01 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT IMail Backup/Restore Hi, I think this is going to work I need to backup IMail from the C Drive, reformat the server, create D drive and then put IMail back on D Drive. I figure the way to do this is Old Server Stop all IMail services Backup IMail and all directories Make new server Install IMail on new server D Drive Patch it to same level Restore the IMail directories to D Drive Check all drive references Start Services This should move all the mail and users etc etc Obviously fix all the Declude filter paths etc. Will this work? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] MS SMTP store and forward
Win 2000: Right click SMTP service - Properties - Access - Relay - [x] Only the list below: ( enter your allowed-to-relay IP ranges ) OK - OK - SMTP Service - Domains Right click Domains New.. - Domain - (repeat for each...) Domain Type = remote - name=commarts.com - right click the new domain, properties - [x] allow incoming mail to be relayed to this domain route domain: [x] forward all mail to smart host = imail.server ok - Similar process for Win2003, I think the relay might be under a different tab though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Hoyt Sent: Wednesday, May 05, 2004 3:56 PM To: Declude.JunkMail Subject: [Declude.JunkMail] MS SMTP store and forward I would like to set up an SMTP mail store and forward server using Microsoft's SMTP server that can accept email for my domains in the event that my primary iMail server is temporarily down. I would also like to be able to send outbound email through this secondary server because we occasionally do an emailing to our customers and when this emailing occurs my iMail outbound queue fills and my iMail users can experience a performance hit using IMAP. I have MX records for the three domains (commarts.com, designinteract.com, and creativehotlist.com) that point to mail.commarts.com as the primary mail server and direct.commarts.com as secondary mail server (higher preference number) and have RDNS records for these two mail servers. The setup seems simple enough: Run MS SMTP on the IP address for my secondary email MX record and this should take care of the store and forward part (if my primary email server is unreachable the secondary will take the mail and should attempt delivery to the primary mail server for the number and timing of attempts configured in SMTP properties). I want to be able to send outbound mail through this secondary email server without running an open relay. So in short: 1) I want to be able to receive email addressed to my domains through my secondary server that is then passed on to my iMail primary server. 2) I want to specify an internal IP address that is allowed to send through the secondary mail server's SMTP service. 3) I want to make sure that no email not originating from the IP address specified in 2 above is relayed to any domains that are not one of my three domains. iMail server always accepts email with an internal destination-is this also true of MS SMTP? If no, how does one set up MS SMTP to accept mail to internal domains and deny relaying of mail from external to external domains. Thank you in advance, Michael Hoyt Communication Arts 110 Constitution Drive Menlo Park, CA 94025 (650) 326-6040 fax:(650) 326-1648 e-mail: [EMAIL PROTECTED] Web Site: http://www.commarts.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamreview
Scott, We have switched email systems and will no longer be supporting SpamReview. It is written in VB6.0. You have any suggestions of someone that we can turn it over to? Have a Great Day, Tom -- Where Online Shopping Is Fun http://www.shopping-headquarters.com -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] The Latest from Earthlink ??
Below is a copy of a message we received: --- This is an automatic reply to your email message to [EMAIL PROTECTED] This email address is protected by EarthLink spamBlocker. Your email message has been redirected to a suspect email folder for [EMAIL PROTECTED] In order for your message to be moved to this recipient's Inbox, he or she must add your email address to a list of allowed senders. Click the link below to request that [EMAIL PROTECTED] add you to this list. https://webmail.atl.earthlink.net/wam/[EMAIL PROTECTED]id =1b7HJs31X3Nl3qW0 --- I guess they are trying to stop spam, but it may be a pain in the arse. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tom's Kill List
Question, Tom, is .georgewbush.comID-20040121-001584 an oversight? Just had to ask this... ;) I'd rather not say. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tom's Kill List (another erroneous entry)
Another incorrect entry is this one: @ltgsys.com ID-20040121-000433 This is a company called Lighting Systems and is one of our business partners. Please fix. That's a matter of opinion, however, I will remove it for now. If I see more from them again, then I will place them back into the list. This usually means that they were compromised or someone is abusing their domain name. Either way it would have to be dealt with one way or another. Keep in mind the list is not a public list. We do allow others (in the Declude forum) to use it. We strongly recommend you use it with a weighing system (such as Declude Pro) and one that does not delete solely based on our fromfile. With all that said, please use the list at your own risk. PS: An update has been posted and can be downloaded from the following URLs: http://www.imagefxonline.net/apps/delog/daily.txt http://www.imagefxonline.net/apps/delog/fromfile.txt Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tom's Kill List
Your blacklist includes @Optonline.com @optonline.net ID-20040211-002132 Please be advised: This was an oversight and was removed. A new list was generated, sorted and re-formatted. Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Server-Level Rules File?
I can't create a rules.ima and use the copy routine to copy Just exclude the user from the rule. That is, write a rule for that user. In other words First let me address the batch file: IF EXISTS or Not then do this or that. Then let me address the rule: if addressed to [EMAIL PROTECTED] SEND to the users mail box then write all the rules below this line. If you need more info, let me know. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Server-Level Rules File?
First let me address the batch file: To be more specific: if not exist x:\imail\domain\users\username\rules.ima goto ok2do goto getanother Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Server-Level Rules File?
that would be overwritten in the copy-down process. You can append to the rules instead. Copy a.txt b.txt c.txt The contents of a.txt and b.txt will now be in c.txt you would have to rename the file before you do the copy. Remember the Rule Files work in line of order not randomly. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Any chance we can seperate fail unknown into two different tests? via spf we have ?all or -all which are supposed to be treated differently from what I understand. I would rather seriously penalize any domain that is configured with a -all and the sending IP is fails and would NOT want to penazlize unconfigured or ?all transitional domains. Ideally I would like something like this: SPFPASS spf pass x -5 0 SPFUNKN spf unknown x 4 0 SPFFAIL spf fail x 8 0 -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 1:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPF support to be added to next beta We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. For those that are interested, we now have an interim release with SPF support in it. It can be downloaded from http://www.declude.com/interim (a new URL that we are going to be using for interim releases, that explains a bit more about them). To use the new SPF test, you can add lines such as: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 to your global.cfg file. SPF returns PASS for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to be coming from), FAIL for E-mail that fails SPF (that does not come from an acceptable IP for the domain), or UNKNOWN (for E-mail from domains that do not use SPF yet, or for some other reason should return UNKNOWN). This will help reduce false positives (for domains that have SPF support), and help capture more spam (as spam comes in from domains that have SPF support, but the spammer isn't using an acceptable IP). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Gotcha, all 3 are already setup :) I don't really want to penalize for unknown, was just making an example. ( I just setup spf on my postfix box yesterday as well to help get past some restrictions for pass) Sounds like you are setting the the spf-guess (which defaults to mx/24 a/24 right?) -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 2:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF support to be added to next beta Any chance we can seperate fail unknown into two different tests? via spf we have ?all or -all which are supposed to be treated differently from what I understand. They are treated differently. An SPF lookup can result in PASS, FAIL, or UNKNOWN. So: Ideally I would like something like this: SPFPASS spf pass x -5 0 SPFUNKN spf unknown x 4 0 SPFFAIL spf fail x 8 0 This will work fine. At this time, though, I would not recommend penalizing for the UNKNOWN response, as most domains do not yet have an SPF record. However, we plan to soon add a way of letting you force SPF records for domains that don't have them, as well as having a default SPF record. This would allow the UNKNOWN result to be more useful. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks and Postfix
Little OT for this list, but anyone using postfix as a gateway should have this setup by now! http://www.smartbusiness.net/imail/ Use the above utility to export your userlist from IMAIL to a test file every few minutes. I have attached (Imailexport.zip) an example of what I use to export my userlist and FTP it up to my postfix box. I have the .cmd file scheduled to run every 3 minutes to keep it up to date. On the postfix box I have a script in crontab that runs every minute.. ( attached as postfix-import.sh.txt). On postfix box I created a user 'imail' which the 'imailusers.ftp' file contains the login info for. *Note: the postfix script calls /usr/bin/win2unix which probably doesn't exist. It's a quick script I wrote to remove the cr/lf whatever windows has that unix doesn't use. There are lots of examples out there on how to do it also. Once you have the above in place you end up with /etc/postfix/to_relay_recipients.map Which hash's to to_relay_recipients.map.db And postfix now has an up-to-date list (within 5 minutes) of all the users and aliases that IMAIL has. Then edit your /etc/main.cf with relay_recipient_maps = hash:/etc/postfix/to_relay_recipients.map And enjoy the saved BW CPU cycles of not having to deal with all those annoying bounces. Then if you want to help against dictionary attacks write a script to watch /var/log/maillog and once a treshhold is crossed of 'unknown user in relay recipient table' from a single IP blacklist it. (either via another .map or an ipfw rule) -Original Message- From: Scot Desort [mailto:[EMAIL PROTECTED] Sent: Saturday, November 15, 2003 3:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Dictionary attacks and Postfix Over the last week, as we moved one of our larger email domains over to our Declude server. I have been doing ad-hoc research of our IMAIL and Declude logs looking for patterns in email coming in. When we first started to investigate anti-spam solutions, I was leaning towards a gateway server sitting in front of Imail, similar to IMGATE. I built my own Postfix box and basically configured it very similarly to imgate. Initially, we listed many RBL's in Postfix. But it became clear that Postfix (without the use of an external scanner like SpamAssassin) was becoming a problem because a message would be rejected if it failed only ONE RBL test, since there is no native method to use cumulative scoring with RBL's without using something like SpamAssassin. As we all know, rejecting on the basis of a single RBL failure yields a very high FP rate. As time progressed, we removed many of the RBL's from Postfix. We still have Postfix sitting in front of Imail, but it's primary purpose is to do some attachment filtering (.exe, .pif, .scr etc), as well as the equivalent of Declude's REVDNS, MAILFROM and IPNOTINMX tests. Now that we have Declude running, the usefulness of the Postfix gateway seems limited. And in actuality, it might be increasing our total email volume entering Imail. This is because Postfix acts as a front end gateway/relay server for a domain. Since Postfix does not have access to the Imail user database, it accepts ALL incoming email to a domain that it handles relay for. Now, if I understand spammers (or more specifically, email address harvesters), they are in the business of selling email addresses. The cleaner their databases are, the more money they make. So, one of these harvesters sends a dictionary attack to one of the domains that our Postfix server relays for. Postfix sees the domain as a relay domain, and accepts EVERY single incoming email address for that domain. As far as the harvester is concerned, Postfix has now validated every single email address in the attack. Now, Postfix does it's thing, and forwards the email to Imail. Now Imail processes each message and rejects those addressed to invalid mailboxes. But at this point, it's too late. The harvester has closed his SMTP connection to Postfix and as far as he is concerned, every single one of the addresses is valid. Imail simply bounces the bad messages, which is obviously a waste of time since the bounce address is most likey invalid also. While Postfix may be reducing a small percentage of email from reaching Imail when it fails some of it's own tests, it is my belief that Postfix is actually increasing the amount of email being sent to Imail by validating every email address coming into it as part of a dictionary attack. I think Ipswitch needs to add dictionary attack prevention to Imail. MerakMail does this, and the control they give you over the process looks pretty good (http://www.merakmail.com/Knowledgebase/261.htm). I was shocked to find out that Ipswitch did not include this functionality when version 8 was released. For us, dictionary attacks represent the highest volume of incoming email to our servers. To combat the lack of this functionality, one could do some cumulative analysis on your Imail logs, identifying the IP
RE: [Declude.JunkMail] Who Is This Spammer?
Add the RDNSBL test to your Declude config file: RDNSBL dnsbl %REVDNS%.rdns.yourdomain.com* 8 0 This is very interesting. How does this work if the DNS record has the following .rdns at the tail end? Does Declude call the server and add it to the tail? And is the * is a valid DNS record entry? Reverse DNS Record - *.somename.net.rdns A 127.0.0.2 Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Who Is This Spammer?
Got it, thank you. I created a separate zone file for it called rdns.mydomain.com and removed the rdns from the tail end and it worked. Instead of this: *.somename.net.rdns A 127.0.0.2 I did this: *.somename.net A127.0.0.2 In a separate zone file to keep my master zone file clean. Thanks... Regards, Tom --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WANTED: your kill lists
anyone willing to send me a copy of their kill list? I am far behind in the filtering spam war, and would appreciate a 'cheat sheet' to update our kill list here at Primate. I'm tired of sifting through held emails via Spam Review. Your welcome to use ours: http://www.imagefxonline.net/apps/delog/daily.txt (bi-weekly updates) http://www.imagefxonline.net/apps/delog/fromfile.txt(full fromfile) PS: use it at your own risk... Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] maybe its just one of AOL's servers???
http://postmaster.info.aol.com/servers.html -Original Message- From: Joshua Levitsky [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2003 7:26 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] maybe its just one of AOL's servers??? The reason for the above is that our customers use ptr.aol.com and well there's just a bunch of other prefixes before .aol.com and only MX is used for our mail servers. (Nobody here has seen actual email from aol.com coming from something other than *.mx.aol.com right?) -Josh -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ImageFX Kill List
I just checked mine. No entries dated after 8/25. It still caught almost 1 spams between the two lists in September so far. I'm glad it's working for you... I know this was sorta mentioned briefly a few weeks ago but I don't think we ever heard from Tom. I replied about this before (see the archives.) Is this file not being updated anymore? Yes it will be, however, it will no longer be a daily update. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How do I block this...what is best way?
Is the ImageFX file still being updated? When I check their code next to an entry, looks like the last time anything was added was 8/25. It's still being updated, just not as often. Because our spam has been way down and under control we have not needed to do daily updates. So we now update depending on the collection of spam we get in our spam box. We have also created an Interface that allows users to control their own spam so we don't have to do it anymore. It makes life a lot easier and eliminates the complaints from those users that want all the mail they can handle. Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Auto-unsubscribe
Scott: Curious on how you have your auto-unsubscribe set. I have been unsubscribed twice now and each time I usually figure out when the list seems unusually quiet. This time is probably because of a filter that was a little too aggressive yesterday that I quickly caught and removed... I rejected two messages from the list but was still receiving messages for a little while after that point so didn't think it had triggered an auto-unsub. Just curious so I can watch out for it in the future. ( do/can you send a notice to a recipient when you auto-un subscribe them? ) Thanks Tom --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Multi Server Configs
Dan, Declude does not have that kind of power as it is the IMAIL SMTP Daemon which accepts the mail and places it into the spool. After it is in the spool declude queue moves it to the overflow for faster processing if there are more messages in the spool than imail can run smtp-delivery processes for (MaxQueProc). See http://www.declude.com/dq.htm for more information on how exactly the overflow works. If you want to reject messages before the SMTP envelope is over let me suggest you take a look at 'IMGate' http://imgate.meiway.com/ IMGate is basically a set of configurations for a free Unix OS(Linux or FreeBSD www.freebsd.org) with the (free) Postfix MTA (www.postfix.org). Postfix does have the ability for its SMTP Daemon to reject messages during the first SMTP session based on header and body rules. Many of the people running declude also have one of these servers running in front of our Imail/Declude server to reject such floods. During the start of the SoBig flood I modified my body checks to reject any message with a .pif attachment, and modified my header checks to reject any message containing subject lines of those that the sobig worm uses. Yesterday I rejected over 10,000 messages based on these rules.. Thats 10,000 messages declude never had to process because they were rejected with a 550 code at the SMTP level. There may be some other suggestions on this list, but I think this is something worth at least taking a look at. -Tom -Original Message- From: Dan Patnode [mailto:[EMAIL PROTECTED] Sent: Thursday, August 21, 2003 2:30 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Multi Server Configs I'm running twin dual Xeon 2.4s and was nearly wiped out today by all the extra virus/worm activity. Its midnight and I'm still clearing out the overflow, to the tune of 2 dozen Declude processes. Rather than running them in parallel as we had before (setting them up with the same MX weight), we are running these in series (every message hits the first server until it says uncle, then the second server gets some). Trouble is, the 1st server didn't refuse incoming mail, it just kept piling up in overflow - to the tune of about 10,000 message in the course of a single morning. Is there a way to configure Imail/Declude so as not to use overflow, instead refusing additional connections so they are passed to secondary servers? Thanks Dan PS, more on CPU load itself later --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spoolviewer.exe - bug?
Scott: Does spoolviewer.exe look at the registry to determine the actual spool location? We just moved our spool to a different physical volume to improve performance... D:\imail\spool - e:\imail\spool everything else remained on D except the spool. Everything is functioning great (doubled our performance too!) except now spoolviewer.exe reports all 0's Thanks Tom --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Cox SMTP
Cox ( as well as most ISPs) only block specific ports as needed, and allow everything else. ( vs a corporate organization or ISP servers which block all, and allow whats needed ). To the best of my knowledge cox only blocks Out: 25 In: 25,80 The cox filters only apply to Residential customers, business customers who are using their assigned IP addresses are not effected by any filters. This is no different than earthlink who has long blocked outbound 25 to anywhere except their own servers. This is a good move I wish all residential high speed providers would do. Cable Modems/DSL are known for their high abuse and since this block I have seen the number of viruses/etc trying to come into my network cut down considerably. -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 1:22 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Cox SMTP So, you are saying they are not blocking port 26 outbound, only port 25 in and out. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Cox SMTP
(1)no SPAM or Anti-Virus checking How does using a different SMTP server effect your inbound spam filtering? Cox subscribers are forced to use the cox SMTP so what? The only way this should effect your declude is that auto-whitelist may not work. If you still want to scan on the senders IP, adjust your HOPHIGH accordingly. (2)5Meg email attachment size limit. Real bummer. customers have to convert those bitmaps to jpg's from now on. Now I have two SMTP servers on the same server Imail ver 8.0 and Declude Junkmail and Virus using the standard ports so not to effect all my other emails and domains and the second SMTP using port 26 so I can send emails to my server from home over the COX cable modem. This allows me to still have SPAM and virus checking for my cable modem customers and over come the COX imposed 5Meg limit. I'm confused, how does moving the extra HOP from the COX smtp to a second SMTP inside your building effect your inbound spam checking? Attachment limitations can be a PITA. As an administrator I'm surprised you don't have an inbound VPN connection to your office anyways which would bypass their filters and allow you to tunnel to your own SMTP. ( that's what we do ). I understand this wouldn't work for customers... We infact do something similar running secondary SMTP services on port 125 (we find its easier to teach stupid people to add a digit in front of the port number rather than changing one). If your reasoning is for something like auto-whitelist you will also need to set that secondary SMTP server to smarthost via IMAIL (sending ALL outbound mail via IMAIL and not using MX/DNS to deliver). Also hopefully you are using SMTPAUTH or have allowed individual Ips into the MS-SMTP service, open relays on odd ports can also be bad. -Original Message- From: William Baumbach [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 12:58 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Cox SMTP If you did not know Cox the High Speed Internet provider of cable modems. Beginning Wednesday, June 25 2003 has filter access to all 3rd party outgoing (SMTP) mail servers. Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Does Declude Work With IMail Relaying?
There is a way you can get your imail/declude-exchange-relay box to treat the mail as inbound mail, but there is more administrative overhead (ie not a good choice for most people). Our organization does not make changes to our exchange mailbox's often so this works great for us, and has the added benefit of letting imail reject 'unknown' users rather than accepting everything and bouncing them. -Leave IMAIL configured as it was (nexustechgroup.com primary with host aliases). -Leave all your POP accounts... -Setup exchange with @nexustechgroup.com AND @internal.nexustechgroup.com (make sure the mailbox's can accept mail to @internal.nexustechgroup.com, but their primary address is @nexustechgroup.com so outgoing mail reflects the proper address) -if you would like the users to be able to create IMAIL rules (to block stuff before it gets to exchange) then create a main.fwd in each POP folder forwarding to @internal.nexustechgroup.com Ex: [EMAIL PROTECTED] file: \imail\nexustechgroup.com\users\support\main.fwd contains: [EMAIL PROTECTED] -if you just want it treated as local then just create an imail alias for each username forwarding to [EMAIL PROTECTED] This results in IMAIL thinking nexustechgroup.com (and all host aliases) are local. You can let your users create spam filters by logging into their MAIL account and using the IMAIL processing rules if they like (to filter on their own headers) or manage your USERNAME.junkmail or however your organization prefers. When mail would be delivered, it will be 'forwarded' to their internal address (DO NOT EVER give it out) and make it to exchange (translated to [EMAIL PROTECTED] ). All users would be able to receive mail at xxx@(any host alias). The administrative headache is keeping your POP/forwards and aliases up to date every time you make a change in exchange, but it works well for us. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 6:15 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Does Declude Work With IMail Relaying? Well, the domain names for the mail which we are going to be relaying mail over to our Exchange Server are NEXUSTECHGROUP.COM, NEXUSTECHLTD.COM and NEXUSTECHNOLOGYGROUP.COM. Currently, NEXUSTECHGROUP.COM is set up in IMail as the primary domain name and NEXUSTECHLTD.COM and NEXUSTECHNOLOGYGROUP.COM are host aliases off of the site. We do use per-domain filtering currently for NEXUSTECHGROUP.COM, which, since they are host aliases, also includes the other 2 domains. Does that mean we can still manage any spam filtering for that domain as we have been, i.e. with the \declude\nexustechgroup.com\$default$.junkmail? Actually, just to make things more confusing, IMail won't perform the domain translation for gateway E-mail, so you would need separate config files for each domain. If per-domain configuration allows me to treat relayed domains as if they are local domains do I now have to setup \declude\nexustechltd.com\$default$.junkmail and \declude\nexustechnologygroup.com\$default$.junkamil for the other 2 domain names, where before I was depending on the NEXUSTECHGROUP.COM to do the work for all three of them because 2 were host aliases? Correct. However, you could use the REDIRECT command to get around this, by having the following lines in the \IMail\Declude\global.cfg file: REDIRECT@nexustechltd.com C:\IMail\Declude\nexustechgroup.com\$default$.JunkMail REDIRECT@nexustechnologygroup.com C:\IMail\Declude\nexustechgroup.com\$default$.JunkMail -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Processing Declude and Imail
Weight20 Subject SPAM-2[%weight%] #Weight20a MAILBOX SPAM Weight30 Subject SPAM-3[%weight%] #Weight30a MAILBOX SPAM Do not use the mailbox action, rather copy a rules.ima into each users folder that does not already have one. The contents of the 'default' rules.ima should be like S~SPAM:SPAM Declude does its magic well before rules.ima comes into play. If you were to use Domain level rules.ima, they execute before user level rules.ima, and your users would not be able to 'whitelist' via rules.ima The rule which moves the spam to the spam.mbx needs to be the very last line in each usres rules.ima What WE do is make a header entry rather than inserting into the subject. Then we don't get the compaints, why did you still mark it as spam when I told you not to since their rules.ima is what whitelisted the email. -Original Message- From: Earl Baumgardner [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 18, 2003 8:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Processing Declude and Imail That is what I thought as well. But. When you use the config I have below the rules.ima seemed to get ignored. I would like to the email tagged as Spam to automatically go to the SPAM folder. But I would also like my users to be able to use the IMAIL rules to further filter the email, such as whitelisting or deleting spam. Suggestions anyone? thanks Earl -- Original Message -- From: John Tolmachoff (Lists) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 18 Jun 2003 18:07:48 -0700 I believe rules.ima gets run last. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Earl Baumgardner Sent: Wednesday, June 18, 2003 5:57 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Processing Declude and Imail When using the MAILBOX feature on Declude, will Imail still apply rules.ima to that incoming email? Ex We have 2 actions on an email. Add SPAM to the subject line and send to SPAM folder. Based on weight we also include a Spam Level such as: SPAM-1 or SPAM-2 that gets added with the subject line. Weight20 Subject SPAM-2[%weight%] Weight20a MAILBOX SPAM Weight30 Subject SPAM-3[%weight%] Weight30a MAILBOX SPAM this will send to a users folder called SPAM. Now say that user wants to apply his own rules to that email. Such as SPAM-1 goes to Inbox or SPAM-3 gets deleted or just basic whitelisting. Can this be done or does the Send To Folder override the Rules.Ima for that user. thanks! ___ Earl Baumgardner WebShoppe [EMAIL PROTECTED] 256.329.2574 www.webshopppe.net WebShoppe WebMail DSL|Dialup|Web Design|Hosting|Frame-Relay|T-1 Protect your computer - Online Virus Scanning http://www.webshoppe.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Mozilla Adds Spam Filtering
Version 1.3 of the open source descendent of Netscape Mail adds anti-spam features based on Bayesian filtering. eWeek Labs has found Mozilla 1.3 to be very stable and fast. Click below to Read the story http://eletters1.ziffdavis.com/cgi-bin10/flo/y/hUSn0FguL50E4J0vba0AW Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] request?
How about a test to check if the e-mail address in the subject is the same as the person it was sent to? Or how about a test that checks for the following dupe names: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spamcheck
SPAMCHK takes already care of this. It give's some weight if there are repeated html-comments with the same content. Anyone know where can I download this app so I can try it out? Thanks, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spamcheck
http://www.riedmann.it/spamchk/ Been using it for a while and it works great. Thanks! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ISBLANK
ISBLANK Can anyone tell me how to set this one up? Regards, Tom --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail]
What about the flip side? If the header has that, add a negative weight in that it is most likely legit. That's usually the case with weights, and why are you up? Isn't it time for bed? I'm sorry I forgot a network administrators job is never done. That's why were here 24 hours a day Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spammers are Wise Guys Too!
We starting to see some new spam where the spammer knows what were doing and their messing with all of us who hate spam. Here is an example of what you might see: Assume HTML in this case: !--I'm the man--Buy this new car !--you can't catch me-- !--Who's the man--for a very low price!!--that's right I am-- You get the idea, it goes on and on from there. A typical reader would never see this, however, we would. Since we look deep into mail we would definitely see this. I guess we need to trigger on comments or something. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail]
My time has been so crazy lately I squeeze in work when I can. What about you? Touché. I always work the night shifts, I prefer them. One good reason to work at night is so no one will bother you. That's probably why you wont see many posts from me in the morning (I will be asleep unless something crashes while I'm here.) ; Crazy Hours are the Best Hours! Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going?
In our experience as an ISP, this was our INITIAL reaction (based on my personal mailbox), However SPAMCOP turned into about 50% accuracy system wide, and we had to move to at least 2 RBL tests failed to hold, or SNIFFER. It would be a good idea to run the sniffer (http://www.sortmonster.com/sniffer/) trial as well. What declude is currently passing through sniffer should catch most of. -Tom -Original Message- From: Darrell L. [mailto:[EMAIL PROTECTED] Sent: Friday, February 28, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going? In my experience SPAMCOP has been very good at weeding out SPAM and we hold/block using this test alone. We do occasionally get a false positive or two, but no more or less than any of RBL's that list known open relays. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, February 28, 2003 11:36 AM To: Declude JunkMail Subject: [Declude.JunkMail] Where I'm At Now and Where Should I Be Going? Hello, All, I am pushing hard to learn as much about Declude.JunkMail as my time allows during the trial period. I think I installed on February 11th so I'm about 17 days into the trial. I was hoping to get some feedback from the list as far as things I might have looked over and might want to consider looking into next. Just to bring things up to speed... I am currently testing Declude.JunkMail Beta v1.67. I have isolated 2 in-house hosts (out of the 90 we have on our IMail server) for testing purposes. For each host I did some pre-analysis to find out what an ideal hold weight would be for each. For the first host, with the domain name NEXUSTECHGROUP.COM, I came up with WEIGHT13 as my hold weight. For the second host, with the domain name PAGEROVER.COM, I came up with WEIGHT12 as my hold weight. NEXUSTECHGROUP.COM probably gets about 90% legitimate e-mail and PAGEROVER.COM probably gets about 95% (or higher) spam e-mail. Once I set up the hold weight most spam immediately started being caught by Declude. Those who receive e-mail at those domains were very impressed. But there are still the occasional spam e-mail which make it under the threshold of the hold weight. To further fine tune Declude.JunkMail I have done 2 things, one which was my idea (and I'm comfortable with) and another which was done to please my boss, which I don't necessarily agree with: Fine Tuning #1: This is the one I am comfortable with... In addition to the hold weight I also hold e-mail for a test that I created called SENDERBLOCK. SENDERBLOCK is defined in GLOBAL.CFG as SENDERBLOCK fromfile D:\iMail\declude\senderblock.txt x 0 0. This is based upon the test described in the Your own sender blacklists section of the Declude.JunkMail. Whenever a spam e-mail slips under my hold weight I add the sender's domain (provided it's an obvious spamming domain) to this list. That test has helped to filter a few more spam e-mails out of my user's inboxes. Fine Tuning #2: This one I'm less comfortable with... My boss noticed that a number of the spam e-mails that were still slipping in underneath the hold weight were failing the test SPAMCOP. He wanted to know how come I wasn't filtering out all e-mails that failed that test as, from his estimation, the SPAMCOP test was using a list of known spammers. I explained in detail the information I gleamed from the Declude.JunkMail web site and the SPAMCOP web site about the accuracy of the SPAMCOP test. I know that the SPAMCOP test finds mail server which have a high incidence of spam to legitimate e-mail but that real e-mail can pass through those servers. I told him I'd rather continue to filter on spam domains (via SENDERBLOCK) and that I was trying to avoid catching any legitimate e-mail altogether. I'm trying to set the bar low enough so that a) most spam is caught, b) no legitimate e-mail is caught and then c) filtering further for actual identified spam e-mails. He thinks it's too much overhead to add each domain name whereas I think over time as I add more and more domains to the list the number of domains I have to add will go down considerably. Needless to say I gave in and just started holding for the SPAMCOP test because I really didn't feel like taking the time to turn him over to my spam blocking philosophy. So that's basically where I'm at right now and from this I've come up with a number of questions and/or comments I am looking for feedback on. Mostly I'm looking for best practices sorts of answers from the community as a whole... #1) Are there are any other tests, which I am missing, like the SENDERBLOCK test which I might want to consider adding to my bag of tricks to continue to filter out spam e-mail which slide in under my hold weight and also fall in line with my philosophy, i.e. catching legit e-mail is a bad thing? #2) Am I correct in my assumption that holding for SPAMCOP is a bad
RE: [Declude.JunkMail] Spam Kill.lst
Quick question, the list of spam address's at http://www.imagefxonline.net/apps/delog/fromfile.txt have an id number at the end of them. Will this affect the kill list by leaving them in? No these are allowed with Declude and are no more than a comment. The comments, however, have a special meaning to them allowing a log analyzer to review and update your fromfile. Take a look at http://www.imagefxonline.net/apps/readid it's free. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Idea for a test...
Right, as has been the concnsus when the regexp idea's has been discussed before. Declude is clean small and straightforward. Regexp support adds complexiy which add's to CPU load. We run a postfix gateway as well (that's where we actually run message sniffer, to keep the CPU load on IMAIL as low as possible, we do a good volume). Simple checking to watch for this specific pattern might be a good idea, but IMO full blown regexp support is an overkill for what declude is designed for. There are people developing external tests to accomplish this, which I believe is the best win win solution for the broad customer base declude is targeted at. -Original Message- From: Bill Landry [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 1:01 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Idea for a test... I run regexp for header check on my Postfix gateways, but not for body checks because of the CPU usage it takes to scan message bodies. I like the fact the Declude JunkMail is fast and efficient and would be opposed to adding code that would substantially slow it down. Just my 2 cents... Bill - Original Message - From: Mike K [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, February 24, 2003 10:22 AM Subject: Re: [Declude.JunkMail] Idea for a test... Scott: You may just want to build support for unix style regular expressions. Complicated, but they can do this and much more. Note: Len's IMGate solution can do this also but with half the cpu horsepower that NT/2K require. I use IMGATE as a front end to IMAIL/Declude do exactly this. Expression matching does get cpu intensive if you don't limit it to say the first 5K bytes (scanning a 5 meg attachment for ex.) or so and make sure it runs after less resource intensive tests (rbls). Mike - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, February 24, 2003 10:36 AM Subject: Re: [Declude.JunkMail] Idea for a test... As we all know the spammers insert special characters in the middle of subject words to bypass the filters, e.g. P/O/R/N, or all sort of other variations. Can a test we devised, similar to the COMMENT test that counts the number of special characters or detect similar characters appearing in the middle of words. I guess one way to approach this is to first count if there are more than 1 or 2 special characters and if yes then determine if they are followed by text. This could be a weight test. This does sound like a good idea. Our spamtraps don't seem to get much spam like that, but a test looking for non-alphanumeric characters that are surrounded by alphanumeric characters might make some sense (which would catch P/O/R/N). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Idea for a test...
But it is a good idea. I'd be happy just catching special characters that are not normally used. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How To Get Spam
Unsubscribe from a spammer. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log Question
Has anyone else noticed bad log lines in the JM log? I will get a short spurt of partial log entries, usually without a newline to separate them, occasionally just the end of an entry on a line by itself. Never seems to last more than a minute. It can really mess with log analysis. Yes, I have seen this before and I made sure that Delog was able to handle it. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] PostfixGate removal ... ?
Title: Message Anyone know how the heck to submit a removal for postfixgate? is there even a way? The link on their website (www.postfixgate.com) is a js popup, which when I pulled the js page it refers to http://www.liswireless.net/postfixgate/dispute/default.htm When you go there, its a redirect to http://www.brandxwireless.com/ Which gives no links for submitting a removal. Thanks in advance if anyone has any info -Tom
RE: [Declude.JunkMail] PostfixGate removal ... ?
Scott, I seem to remember this coming up maybe a few months ago? Hell I have a bad memory. The first link in postfixgate says you shalt not be listed on any other spam lists to be removed, and links to www.dnstuff.com Maybe you guys could throw a note on http://www.dnsstuff.com/tools/ip4r.ch making note that its dead to help guys out like me that have no memory, or people that don't have access to this mailing list to get help from others ? Just a thought, Thanks for the replies everyone.. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] PostfixGate removal ... ? Anyone know how the heck to submit a removal for postfixgate? is there even a way? This may help: We're listed in there, but don't care. It seems that they died about a year ago, not adding/removing any entries since then. However, since people had paid them money, I'm guessing they are leaving everything online until all the subscriptions have ended. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Select Email
I do it by using plain old IMAIL Rules... [rules.ima] F~[EMAIL PROTECTED]:main F~[EMAIL PROTECTED]:main F~[EMAIL PROTECTED]:main H!~abc123def123ghi123jkl123:NUL The first 3 lines check the from-address, if there is a match, the message is places in the 'main' mailbox/folder and rules processing completes. The last line says if that long string is NOT found in the headers anywhere, then move to NUL (erase the message). Basically make the last line a catch all delete, so you have to build exceptions above it. -Tom -Original Message- From: Richard Farris [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 8:39 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Select Email Is there a way to set up an account that receives email from only a select few addresses... Richard Farris Ethixs Online 1.800.548.3877 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Reject Msg based on Size
It has been a feature of every version of IMAIL I remmeber using thus far. Currently I have 6.x and it is located in both The web-administration tools Imail Admin In IMAdmin, Its on the first tab when clicking on a virtual host. Defatult Max mailbox size, Single message max size, default max messages (count). These are just the defaults for creating new users, The limits themselves are actually set on the userlevel. Tree down to a username, and click on the directory tab, here you can set these limits. For those of you using a SQL db like me, its easy to enforce the limits (My host admin users sometimes get smart and will reset their limits themselves beyond what I allow). I run a daily (CF) script to reset all limits to my settings. # this SQL call will get all of your IMAIL table # names stored in the same db, all of mine start with 'mail.' # remove the last and name... select name from sysobjects where xtype='U' and name like 'mail%' # Then loop through the results... # note: maxsize is maximum mailbox size, not message size cfloop query=gettable cfquery name=setsize datasource=imail UPDATE #name# set maxsize = 1024 /cfquery /cfloop -Original Message- From: Roger Heath [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 8:14 AM To: Andy Schmidt Subject: Re[2]: [Declude.JunkMail] Reject Msg based on Size Reply to: Andy Schmidt Re: [Declude.JunkMail] Reject Msg based on Size on Monday 8:07:22 AM This is not in my earlier version of Imail... Does this do this on an account basis or domain basis? It must be in later versions unless I am missing something. -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com - Copy of Original Message(s): - A Why not control the message size in Imail - you can set it per domain A and, I believe, per user. A If the message exceeds the max message size, Imail will reject it - A and it will result in a bounce from the SENDING server. A In fact, Imail's ESMTP will announce the max message size to the A sending server so that it can be rejected BEFORE it is transmitted A (at EHLO time!) A Best Regards A Andy A --- A [This E-mail was scanned for viruses by Declude Virus A (http://www.declude.com)] A --- A This E-mail came from the Declude.JunkMail mailing list. To A unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type A unsubscribe Declude.JunkMail. The archives can be found at A http://www.mail-archive.com. A -- A ActivatorMail(tm) ver.122102 Scanned for all viruses by A www.activatormail.com intelligent anti-virus anti-spam service -- ActivatorMail(tm) ver.122102 Scanned for all viruses by www.activatormail.com intelligent anti-virus anti-spam service --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude JunkMail v1.67 (beta) released
Does the comments test require non-whitespace beforeafter the comments in order to trigger? So that most legit messages will not trigger it? -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 5:36 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Declude JunkMail v1.67 (beta) released We have just released Declude JunkMail v1.67 (beta). See http://www.declude.com/junkmail/manual.htm . Notable changes since the last beta include: o Adds an AUTOWHITELIST ON option, to automatically whitelist addresses in recipient's address book o Adds a comments test type, to detect anti-filter HTML comments (such as unsub!-- user --cribe) Other additions and fixes can be found in the release notes, at http://www.declude.com/relnotes.htm . --- Quick Resource Reference: Tech Support: [EMAIL PROTECTED] Mailing List: Send E-mail to [EMAIL PROTECTED] with subscribe declude.virus your name or subscribe declude.junkmail your name in the body New Releases List: Send E-mail to [EMAIL PROTECTED] with subscribe declude.releases your name in the body Troubleshooting: See manual URL above; look at Troubleshooting section Emergency Uninstall: See manual URL above; look at Emergency Uninstall section Urgent Support: urgent @declude.com (for urgent/time-sensitive issues only) Declude Addons/Tools URL: http://www.declude.com/tools Manuals: http://www.declude.com/virus/manual.htm , http://www.declude.com/junkmail/manual.htm , http://www.declude.com/hijack/manual.htm . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows API call to WINSOCK.DLL
GetHostByName() usage is pretty straightforward--there must be hundreds of howtos for VB (though you'll probably need to build/buy COM object for ASP). Again, what's the project exactly? You are going to need a DLL to do this, ASP with VB does not provide any of these functions by default. I believe if you use Simple DNS + you will be able to interact with it via ASP and VB. The link to the web site is http://www.jhsoft.com/ if you prefer a stand alone DLL instead I'm sure you will be able to find one for free. They are usually pretty easy to install and work fine on IIS 4 and IIS 5. Good Luck. Regards, Tom ExecNet Internet Services an Image`fx Company --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DeLog Config File
I wanted to see what is the limited amount of information that I need to include in the config file to get it to work (Delog). I noticed that the information says some are OFF by Default (i.e. t_clk, t_cpu), does that mean it needs to be listed in the config. Thanks for the aid. If you do not include it, it will be whatever the default setting is. You don't need anything in the Configuration un-less you want to automate the process or use Delog interactively with some settings already defined. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] free or popular domains
Any one have a fairly up to date list? I have a list of servers that are considered ISPs, Mail Services and services that may be significant. Let me know off the list if this is what you are looking for. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outblaze is not happy with our fromfile - Image`fx (part1)
This is the first letter that started it all: (I cut it short for your convinence) Dear Suresh Ramasubramanian As long as the Domain outblaze.com is listed up in our blacklist service provider, we block all emails from this domain. You can find the provided Blacklist on the following link: http://www.imagefxonline.net/apps/delog/fromfile.txt Für weitere Fragen stehen wir Ihnen gerne zur Verfügung. Freundliche Grüsse Lenggenhager D. Domain Support SwissWeb GmbH Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outblaze is not happy with our fromfile - Image`fx (part2)
This is the letter sent to us: (I cut it short for your convinence) From: Suresh Ramasubramanian Hello You appear to be blocking mail from outblaze.com Outblaze is a freemail service with several million users, hosting domains like mail.com, iname.com, operamail.com etc. Both our clients and us have strict, zero tolerance antispam policies, which we enforce rigorously. Our AUP can be found at http://www.outblaze.com/antispam/index.html I would respectfully request you to remove the block on outblaze and contact me with any issues that led to this block being imposed. A sample bounce is below my signature. Our netblocks are 205.158.62.0/24 202.77.181.0/24 202.77.223.0/25 Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] oops! - Image`fx
Sorry about the misspelling, the line should read (I cut it short for your convenience) Damned keyboard virus! Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outblaze is not happy with our fromfile - Image`fx (part3)
Our Simple Reply: See attached ZIP file. PS: Because Delude may have caught the previous message, I re-sent the message and placed the text inside a zip file. Regards, Tom Image`fx reply.zip Description: Zip compressed data
FW: [Declude.JunkMail] If Outblaze is not happy with spam, then why do they send it?
To Read the full story click on the link below: http://www.businessweek.com/technology/content/oct2002/tc2002101_2645.htm PS: Because some things may get caught in Declude's spamtrap I have re-sent this message with only a link. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] If Outblaze is not happy with spam, then why do they send it?
Read the story or click on the link below: Regards, Tom Image`fx --- Link: http://www.businessweek.com/technology/content/oct2002/tc2002101_2645.htm OCTOBER 1, 2002 SPECIAL REPORT: THE 2002 E.BIZ 25 Suresh Ramasubramanian: Anti-Spam Man Position: Chief junk-mail zapper for Hong-Kong based Outblaze Contribution: Founded the Indian chapter of the Coalition Against Unsolicited Commercial E-Mail (CAUSE) Challenge: I saw my mailbox being overrun by junk. I wanted to do something about it --- Anyone on the Internet has seen the e-mail touting low-cost mortgages, Nigerian money-laundering schemes, penis-enlargement drugs. Suresh Ramasubramanian's job is to zap them all. He's the anti-spam expert at Hong Kong-based Outblaze, which filters more than 65 million e-mail messages on a daily basis for customers in the U.S. and worldwide. The vast majority of them are junk -- but the problem is just growing worse. It has gotten more entrenched, says Ramasubramanian grimly. He says that from 80% to 90% of e-mail is junk. In Asia, home to some of the world's most dedicated spammers, this young Indian is in the forefront of the effort to control the problem. The 26-year-old native of Madras is the founder of the Indian chapter of the global anti-spam organization, the Coalition Against Unsolicited Commercial E-mail (CAUSE), which he launched in 1998. I saw my mailbox being overrun by junk, he explains. I wanted to do something about it. He and other junk fighters have their work cut out for them. The enemy is getting more sophisticated. Ramasubramanian says many spammers are now using high-speed connections to start spam factories run by big-time mailers who process huge volumes of junk. And while Internet service providers (ISPs) in the West are doing their best to limit the spammers' activity, the junk mailers often just move their business to data centers in Asia or other parts of the world where awareness isn't as great and regulations are not as strong. You get just as good hosting in Hong Kong or China as you do in the States, he explains. HIDDEN COSTS. While some people might argue that junk e-mail is a victimless crime, Ramasubramanian obviously disagrees. Spam is basically transference of cost. It transfers the costs to others who haven't asked for it: the spammers' ISPs, the recipients' ISPs, the recipients. You can't really quantify the cost of spam. There are lots of costs hidden all over the place. Ramasubramanian has devised a host of techniques to deter spammers. One favorite way to identify and then eliminate spam is to create bogus e-mail addresses and wait for the spammers to send messages to it. Once these traps identify the spammer, he can block any more e-mail from that source. If you want to catch flies, you lay out fly paper, he says. If you want to catch spammers, you lay out spam traps. The flies are circling, and Ramasubramanian is determined to swat them. By Bruce Einhorn in Hong Kong --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outblaze is not happy with our fromfile - Image`fx (part4)
This was our replay to their next message. (both messages are included in this one) At least one ISP - swiss-web.com - is using your blocklist wholesale, and said that you were their blocklist provider. I don't know why they would say that, we are not their provider nor do they pay us for any services. As we mentioned before, the list is free, anyone can use it anyway they like. We have no control over them and how they choose to use it or abuse it. So, I had to contact you ... I understand. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outblaze is not happy with our fromfile - Image`fx (part5)
In any event outblaze has not been active since 2002/11/24 so it was not really a problem removing them, however, when I viewed their web site I got the impression that they do some sort of bulk mailing or campaign. I don't know what to make of them. They don't describe their services clear enough for us simple folk. ;) Sorry if this wasted your time, I figured it may be of interest. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] I can't believe this would even work.
Some spammer is soliciting for dedicated hosting of spam servers. I received the same message, it was placed on hold by Declude. I thought it was pretty funny, I also thought of sending them a very outrageous proposal, however, I figured it was probably a scam to capture a legitimate address, so I did not send them anything. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Holiday Cheers!
Happy Holidays and Season's Greetings to All! From, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] readid
Is there any special setup instructions for this file. Looks like it's a good monitoring tool. It requires Declude and some changes to your Declude fromfile. If you look through the mail archives you will find my last post on how to use it with a remove file. ReadID can be download here http://www.imagefxonline.net/apps/readid/ a complete (use it at your own risk) fromfile is also available using the same link. Here is the link for the ReadID remove function http://www.mail-archive.com/declude.junkmail%40declude.com/msg05851.html ReadID can be and should be used on a separate JOB machine which can be automated. There is no special instructions except those found on the web site. If you have any further questions and/or suggestion please feel free to e-mail me direct. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Shared Kill File Stats
Does t_key: still need to be defined, as it says on the web site - otherwise it runs in demo mode? You can leave it out if you wish. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] An optional web interface for Declude JunkMail?
Nobody seems to have acknowledged my message about REDIRECTing to PLAN.IMA for per-user actions, but I am using the method with great success to provide user self-management from *within* IMail Web Messaging. If I, no JavaScript guru, can do it, surely others could go this or similar routes and leave you free for developing Junkmail Ultra. :) I'm curious about this, would you send me a sample? Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Shared Kill File Stats
Tom and other Kill List folks. Thought I would share as I usually do not get to run stats at end of day before clock strikes 12am. Amazing that at least 58% of email processed for the day was garbage. If I were to include the manual deletes and emails that got through our lenient filters, it would probably be something more like 75%. I have similar findings. Report ID Version 1.04b Detailed Report for: 12/16/2002 00:07:48 You should upgrade to 1.05b, it seems to be a bit faster. I sometimes copy the log file over to the same machine running ReadID and I don't run it ReadID on the Mail server, it has enough to do. Total Percentage of fromfile effectiveness: 58% This is good and approximately the same percentage I get. Total amount of addresses now in the fromfile: 2365 Total percentage of the fromfiles actual usage: 8% This is bad, this means you are harvesting allot of old useless addresses. It should be around 20% of the actual usage. There is another feature built into ReadID that will allow you to keep the old addresses in another file. This file can be used to make sure you are not cleaning the fromfile to early. I will send out another e-mail to describe this feature and its usage. PS: Thanks for sharing. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Shared Kill File Stats (partial report)
Partial report by Image'fx Report ID Version 1.05b Detailed Report for: 12/15/2002 02:54:21 Declude Log file information: --- Total amount of unique messages found in log: 3646 Total amount of fromfile IDs found in log: 318 Total amount of fromfile ID failures found in log: 2061 Total Percentage of fromfile effectiveness: 57% --- Fromfile and Merge file Information: --- Total amount of addresses in the original fromfile: 1723 Total amount of addresses updated from usage: 318 Total amount of addresses added from merge: 10 Total amount of addresses that were removed: 0 Total amount of addresses in the merge file: 11 Total amount of duplicate addresses in merge file: 1 Total amount of addresses now in the fromfile: 1733 Total percentage of the fromfiles actual usage: 18% --- Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Remove Function in ReadID - Image`fx
Sample set up and usage of the remove function for ReadID. To be used with Declude only. ReadID.cfg - # Location and/or filename of the removed addresses t_rem: x:\imail\declude\ # Remove the unused addresses after X days t_day: 30 # Yes, save the removed addresses t_old: yes # No, do not save them with an ID (description) t_wid: no # No, do not re-format the fromefile t_ref: no - FromFile.txt - .01o.comID-20021215-01 .123winners.com ID-20021215-02 - Removed.txt - .1premio.com .3kserver2.com - Global.cfg - KILLFROMfromfile x:\imail\declude\fromfile.txt x 45 0 REMOVED fromfile x:\imail\declude\removed.txt x 44 0 - $default$.junkmail - KILLFROMWARN REMOVED WARN - It's like having a dual kill file, except you have to remember when to clean the removed file out. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Comments in filters
Attached is a zip screen shot. If it can be made to look like this, would SpamReview still work?: Here is a sample screenshot from our system. Regards, Tom Image`fx spamshot.zip Description: Zip compressed data
RE: [Declude.JunkMail] Junkmail/iMail domain names.
You can give them their own IP in your gateway, and assign it a hostname of theirs. I have about 20 Ips in my Imail machine. The official name is mx01.web4less.net But this is what appears in one of my headers (on the way to exchange) Received: from fw2.netsmith.net [204.49.154.3] by mail.cfi.net with ESMTP (SMTPD32-6.06) id A9D623630206; Tue, 10 Dec 2002 15:17:13 -0600 (mail.cfi.net is the hostname in imail for my 204.49.154.3 ip). Mxfilter.THEIRNAME.COM might suit their needs. (and not mess up your gateway process) Just don't give it any users, and do NOT give it a host alias of 'theirname.com', or it will treat the mail local. -Tom -Original Message- From: Mark Smith [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 10, 2002 3:14 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Junkmail/iMail domain names. Now that I think about it, changing that would probably screw up my Junkmail license key. :) No biggie... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, December 10, 2002 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Junkmail/iMail domain names. After checking with my customers, I think that what they're referring to is the SMTP header. I don't think that I can change this but I'll try... In the SMTP header they see: Received: from popmail.netrends.com ([65.196.89.161]) by outboundsmtp.domain.com Hmmm... I don't think that there is any way to change that. However, you might want to ask on the IMail Forum, as someone there will likely know if there is a way to change that (searching the IMail Knowledge Base for HELO and EHLO -- the two SMTP commands where the domain name would be sent by IMail -- didn't turn up anything). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Populardomains test
Assuming the big guys spool OUT from their INBOUND MX records I think that would hold true But for example here at my office, we have (2) MX records, which are our inbound filter gateways. However outbound mail spools through DIFFERENT gateways, so all mail leaving my organization should actually fail that test... Most likely the big guys also separate inbound and outbound mail to different IP/servers.. (but I could be wrong) -Tom -Original Message- From: Cris Porter [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 9:49 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Populardomains test What if you set the positive weight of the popular domains equal to the negative weight of the IPNOTINMX test? Won't only invalid mail from these domains add to the accumulated weight? Cris Porter JVC America -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Monday, December 09, 2002 9:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Populardomains test I'm missing something that could trigger false positives? What if I send you a note from my yahoo.com account that just happens to trigger one of your filters because I am telling you about a new spam technique? With the way you have it set, just me sending a mail to you from my yahoo.com account is now at 55% (or is that 70% if abuse is 15% and postmaster is 15%) of your hold weight. While I am also testing for those domains, I have that combination (total if it fails domain, abuse and postmaster) at 50% of subject modification and 40% of hold. Just my .02. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Delog
It's a cool tool but I don't understand the interface. Please visit http://www.imagefxonline.net/apps/delog then click on INTERFACE on the left side. Can anyone help with a couple of questions? Ok... 1) The meter-Does this show how much spam is sent to the domain as a percentage of the total amount of email sent to the domain? Delog is not Domain specific it reports the Total amount of messages that Declude processed. The percentage of spam is really the amount of failed messages reported by Declude dividing the total processed. For Example: Lets say there that were 32000 messages processed by Declude and 1000 of them failed 1 or more tests according to Declude then Delog would use the following mathematical calculation: 1000/32000 = 0.03 * 100 giving you a total percentage of: 3% 2) Interactive mode doesn't seem to work that well Interactive mode allows you to interact with the program, thus allowing you to select the Log file or answer whatever question it needs an answer for. This mode will also work in conjunction with the configuration file. Interaction does not mean you can select or do whatever you want. Delog was originally designed to work with a config file and run without any intervention. 3) Failed counter- failed what? The Failed counter is what Declude reports as the Total amount of failed messages regardless of the user selected tests. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Hop
We just added another mail server outside of our network in-case of a system outage. The mail server was designed to hold the mail and then forward it once our system is back up and running, however, since it is listed in our DNS MX records some mail is sent to this server thus defeating some of Declude's features. So, I was wondering what would be the best way to resolve this using Declude? HOP and/or HOPHIGH? If not what then what? If so what's the best way to do it? Thanks in advance, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hop
In this case, you can add a line like IPBYPASS 192.0.2.220 to the \IMail\Declude\global.cfg file, to let Declude JunkMail know not to scan E-mail from that IP. You can keep your HOP and HOPHIGH settings as they currently are. Sorry, perhaps I stated it wrong. I want the mail to be scanned, however, I want to make sure my fromfile and HELO lists work. Regards, Tom --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hop
The IPBYPASS line should do that. If you have IPBYPASS 192.0.2.220, and an E-mail arrives from 192.0.2.220, Declude JunkMail should scan the E-mail based on the IP address that connected to 192.0.2.220, and use the HELO information from the connection to 192.0.2.220. Gotcha. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail Web Based Interface
I do store all of my user databases in SQL, but it doesn't really matter, the CF side never see's the username/password. It's just a little trick I did to verify the identity of the user. My whitelist/blacklists are so very simple... I'm actually not using declude's whitelists/blacklists... Those work via IMAIL's rules.ima Any approved senders first. [rules.ima] F~[EMAIL PROTECTED]:MAIN ( sends any mail from approved-sender to main mailbox, stop's processing rules on that message ) Then any black lists F~[EMAIL PROTECTED]:NUL ( just deletes mail without any trace ) Then my weight-rule based on what level the client chose (header check) H~X-SpamLevel-Low:SPAM And of course in $default$.junkmail LOW WARN X-SpamLevel-Low: This message triggered the low spam test MEDIUM WARN X-SpamLevel-Medium: This message triggered the medium spam test HIGH WARN X-SpamLevel-High: This message triggered the high spam test And [global.cfg] HIGHweightrange x x 1 15 MEDIUM weightrange x x 16 25 LOW weight x x 26 0 I am actually finishing up a revision that gives my users a way of syncronizing their approved senders lists to their IMAIL address book, and lets them upload/download their IMAIL address book so they can syncronize it with Outlook Express. When I first started this concept I posted my source to the list, but have not updated that source in quite some time. Some of the source is specific to my system (because of the billing system integaration), but most of what you need is contained within just a couple of .cfm's. I will send you them off list this afternoon. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 9:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Tom, This is exactly what I am talking about. I noticed that you used Cold Fusion and that is what our developers use. The idea that I have is extremely close to what you have done. I will search the archive to find your documentation. For the approved and black list did you use a table SQL database. I am assuming that you are not saving your Imail user database in the registry. The reason I ask is I am leaving our Imail user database just as it is (the default) but yet we created a SQL table for whitelist/blacklist information. It is very much a table that holds the rules for per domain or per user email address. This way the users can very much populate this database using interfaces very similar and almost identical to your interface. In addition I wrote a external program in Visual Basic that is call by Declude. queries this table for each incoming email and makes decision and contributes to Decludes weighting system based on the rules stated in the database . That is mainly why I love the design and ideas behind Declude. I was wondering if it is possible to get a copy of your .cfm files and modify them? Best Regards, Mishi - Original Message - From: Tom Baker | Netsmith Inc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 10:23 PM Subject: RE: [Declude.JunkMail] Imail Web Based Interface The session string can be helpful for kicking a user between iwebmsg and your own web server with only a single authentication point. I have already accomplished this with my system, and have integrated my online billing / spam filters with the web templates. You can see an example of what I'm talking about at http://mail.bsc.net/ Email= [EMAIL PROTECTED] Pass = declude Notice whenever your URL begins with http://mail.; you are in IMAIL's Web messeging server, but whenever your URL begins with http://signup.; you have followed a link which kicked you to my other web server, and verified your login information from IMAIL. (preventing you from having to login twice). ( for a specific example, click the spam filters button ) Search the mail archives at http://www.mail-archive.com/declude.junkmail%40declude.com/ to find my older post which explains how I accomplish this, or ask if you are curious. I think this might be along the lines of what you are asking. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 4:35 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Terry, You have been a great help today. I think the links that you sent me would be a good start. Many Thanks Mishi - Original Message - From: Smart Business Lists [EMAIL PROTECTED] To: Cxan [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface Mishi Sunday, December 1, 2002 you wrote: The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called
RE: [Declude.JunkMail] Imail Web Based Interface
The session string can be helpful for kicking a user between iwebmsg and your own web server with only a single authentication point. I have already accomplished this with my system, and have integrated my online billing / spam filters with the web templates. You can see an example of what I'm talking about at http://mail.bsc.net/ Email= [EMAIL PROTECTED] Pass = declude Notice whenever your URL begins with http://mail.; you are in IMAIL's Web messeging server, but whenever your URL begins with http://signup.; you have followed a link which kicked you to my other web server, and verified your login information from IMAIL. (preventing you from having to login twice). ( for a specific example, click the spam filters button ) Search the mail archives at http://www.mail-archive.com/declude.junkmail%40declude.com/ to find my older post which explains how I accomplish this, or ask if you are curious. I think this might be along the lines of what you are asking. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 4:35 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Terry, You have been a great help today. I think the links that you sent me would be a good start. Many Thanks Mishi - Original Message - From: Smart Business Lists [EMAIL PROTECTED] To: Cxan [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface Mishi Sunday, December 1, 2002 you wrote: The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 Oh, I did misunderstand. I do not believe that the session id is well known. It is certainly not documented in so far as I know and I've never seen a hack described. There have been vulnerabilities described to acquire someone's session id but all I know presuppose the existence of the id. Since the IMAIL password has been hacked and described I suspect the session id has not been or it would also be described somewhere. Therefore, I suspect your most promising path of exploration is to attempt to modify the templates after the session is created. See these links for aid on customizing web messaging templates and the special tags you can use: http://support.ipswitch.com/kb/IM-2615-DM01.htm http://support.ipswitch.com/kb/IM-20010928-DM01.htm http://www.ipswitch.com/support/IMail/guide/imailug7.1/Appendix%20H%20cal_te mplates5.html I know this is not answering your question but maybe it will help. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
ORDB is not going to put a server on the blacklist unless they have tested successfully for an open relay. BTW: I was only making a comment about the abuse account and just stating that it could benefit some poor soul that was hacked or had an open relay without knowing it. But, this is entirely up to the SysOp. In any-case depending on what service you use it is possible they may add some one to their blacklist without investigating it and without allowing the offender to respond. What it comes down to is we should consider the fact that no one is perfect and we should not react on a message that one of these companies decided to claim it as spam. I have seem allot of legitimate mailings listed with some of these companies and because of this I can not trust them. However, because of Declude I can take advantage of different tests to validate their findings. I have created my own blacklist as some of you might already know, but not every one agrees with my list, though it has been very similar to Spamcop's findings. Because of this I strongly suggest using weight values to declare spam or junk mail. My post is not meant to be an argument and/or agreement, just another opinion for those reading it to consider. PS: Happy Thanks Giving! Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Greeting Card EULA Abusers
In More Scumware-By-EULA ( http://www.langa.com/newsletters/2002/2002-11-21.htm#2 ) we discussed how Friendgreetings abuses its End-User-License-Agreement by embedding deep within it a clause that says, in effect, that you're allowing them to place scumware on your PC. Alas, they're not the only one doing this, and other, similar vendors keep shifting their domain name to try to stay one step ahead of anti-scumware tools: Below is a list of who is sending that Emailer Hack they legally trick people into. To get around the Anti Spam tools they use new names. I don't see how they can afford to do this. Each of the names are real and do have that so called non- virus ready for a sucker [to download]. The list grows every day...---Jim Cooke [Note: to make these links unclickable, Jim has replaced the punctuation with the word DOT.} surprise-card DOT net surprise-cards DOT net surprise-greeting DOT net surprise-greetings DOT net surprisecard DOT net surprisecards DOT net surprisegreeting DOT net surprisegreetings DOT net cool-download DOT com cool-download DOT net cool-downloads DOT com cool-downloads DOT net friend-card DOT com friend-card DOT net friend-cards DOT com friend-cards DOT net friend-greeting DOT com friend-greeting DOT net friend-greetings DOT com friend-greetings DOT net friendcard DOT com friendcard DOT net friendcards DOT com friendcards DOT net friendgreeting DOT com friendgreeting DOT net friendgreetings DOT com friendgreetings DOT net surprise-card DOT net surprise-cards DOT net surprise-greeting DOT net surprise-greetings DOT net surprisecard DOT net surprisecards DOT net surprisegreeting DOT net surprisegreetings DOT net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] commenting in a filter test
I was wondering you can put comments in one of the text files for a 'fromfile' test?? Fromfile.txt -- @ihatespam.net This guy sends me junk! -- Yes, that is supported with Declude's fromfile. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Adult test
Scott, I was just wondering if the Adult test had been disabled in JunkMail? I was getting some pretty good results from the test, but have noticed lately that my reports are consistently showing the Adult test at 0. Just wondering if I should remove the test from my Global.cfg. I was wondering the same thing. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting
I would suggest using a weight system and create a negative weight for your whitelist so those on the whitelist will not be able to get away with too much. For example: if you have @123.com whitelisted and someone sends spam, it will not fail, however, if you gave them a -15 and the massage failed enough tests it would more than likely be held by Declude. I have not seen any legitimate mail (in my opinion) from DartMail.com Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting
One thing I am considering is using a greylist, where known solid domains that need it will go on a weighted whitelist of say -100 and the weighted greylist will get say -15, and I would put those domains they needed the help but not wanting to actually whitelist. I actually use multiple lists for Declude. If you want to take a look at our setup e-mail me off the list and I will send you all the filters and files in a zip file. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] whitelisting
I'd like to do this. Will negative weights work for this list? I don't see why not, it's working for us. You would probably want to calculate out the total failed weight and use that for your negative weight. For example: Spamcop = 15 OSSCR = 15 OTHERS = 20 Hold weight is 30 Delete weight is 50 So it would be safe to use a -30, but you will need to play around with this more. Each system is different and each system may receive more spam from one address than another's. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Variables?
Can variables be used in filter files? For example: SUBJECT 2 CONTAINSmembership for %variable% Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: RE: [Declude.JunkMail] Whitelisting To address
Having Declude Standard, I can only WHITELIST TO abuse or postmaster, correct? That is correct. Would it be to much to ask for another possible address that could be whitelisted to the list, such as refused@? This is an address that is used to delete any mail that is sent to it. Because of the restrictions and/or limitations with Imail we had to create a special account to just accept and DELETE mail. When a spam message comes in to Imail it is held and if it was designated for oblivion it has to wait for our intervention. We tried to pick out the best name to use for mail that will be sent to the can, however, this can be changed if necessary to work with what ever you feel would be appropriate. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Are spammers idiots??
Well, if you haven't seen it here is an article about a spammer in Florida. http://online.wsj.com/article_email/0,,SB1037138679220447148,00.html Thanks for posting the link, it eliminated the need for me to find it. The page was too long to post here for it is a long read. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fromfile Status 11/12/02- Image`fx
Well I just wanted to see what the reason was. I assumed since all the entries have a catalogue number that the reason was recorded. In addition I do believe outpost does have removal instructions at the bottom of the emails. Our List: Our list is a private list, however, we do share it with the Declude community. Image`fx is not in the business to stop spam, we are a local ISP/Developer not SpamCop. We don't have the time and/or resources to become one. The idea behind the list was suppose to be for all of us to share or contribute to. Not many people have contributed to our list, but that's ok, we don't need the extra work. We have also indicated to those who use the list to use it at their own risk and to consider using it with a weight value. IDs: The ID's were added to work with our program ReadID to help identify the address inside Declude's log file without using a separate database. The ID's contain a date and unique number as a description. This description only works with Declude's fromfile not Imail's kill list. This unique ID will indicate to ReadID the last time of usage so it can clean out addresses that spammers no longer use after X number of days. Removal: While this may be true for most services I don't feel that we should have to do this, we did not sign up for it, so why the heck should we sign out from it. Why would I or you want to tell them that we actually exist? Why should I have to tell them I don't want their stupid little news letters or pornographic garbage? I did not ask for it in the first place, not only that, it's MY server that they are using to advertise from. Well, guess what, they can kiss my royal spam a$$. They did not pay for my system. I did, my blood, my sweat, my hard earned money. What right do they have? A loop whole the law? Either way I don't care. ok I will calm down now The problem with those so called removal options is that you never know what their intentions actually are. I did try this method and guess what, I got even MORE SPAM. So a word to the wise, don't believe everything you see. It's just as bad a an ANTI SPAM company sending us spam to stop their spam, what the heck do they think they sent us in the first place? Best Regard, Tom Image`fx Productions, Inc. Provider of ExecNet Internet Services --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fromfile Status 11/12/02- Image`fx
I am only human and un-like a computer I do make mistakes and unlike a computer I try to rectify them. I hope Spews is listening... Sorry i just could not resist... LOL, I know what you mean. I was once listed on SpamCop. Thank goodness they are reasonable and handle these things better than others. Some spam organizations are child like and should not be used at all. Think about this, if your address was forged and used someplace else to send some mass mailing then your domain just might be blocked for no good reason. This is why I think Declude is a great asset to us in combating spam. It allows you to use weight values instead of a one time actions such as DELETE or BOUNCE. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Something better than Declude
I appreciate the offer. I put it forth to my Boss and the other Tech on this project. I don't think that they should give up on this yet...but they think otherwise. If I can manage to convince them to go forward, I will take you up on your offer. If, in fact, they do choose to give it another shot, I'll probably jump in and help to get it going this time. (If we do..Mr. Perry, I will let you know, and we can start over again) Thanks, Tom, Dennis T. Kemp II (Tom) Program Manager MCSE/CNA/A+ Control Concepts, Inc. [EMAIL PROTECTED] 703-876-6418 Fax#: 703-876-6416 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-owner;declude.com]On Behalf Of Tom Sent: Tuesday, November 12, 2002 7:07 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Something better than Declude I've had two engineers here spending alot of time with this product. They are both considerably intelligent and experienced, yet they have had nothing but trouble. We've played with a per-user package called IHateSpam before we tried the declude solution. It wass very User friendly and worked right out of the box. The down side was that it only worked with Outlook (not even Outlook Express), and was configured for each individual on their systems...no centralized database. We would prefer something that was more centralized... giving more control to the engineers. Declude gave me the features that Imail never had. - Tom, Image`fx Spam is a never ending battle and there is no program and/or person that can guarantee a spam free system without compromising legitimate mail. With that said, if you or any one else on this list is in need of some filters and/or other cfg files for declude let me know off of this list and I will send them to you. Don't forget you are always welcome to use my updated blacklist and daily list of spammers. The download links are: http://www.imagefxonline.net/apps/delog/fromfile.txt http://www.imagefxonline.net/apps/delog/daily.txt Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fromfile Status 11/12/02- Image`fx
@boing.azoogle.com curious, but would having .azoogle be better than boing.azoogle? if they change boing to boing2 the mail would get through correct? I also have .azoogle.com listed. This will catch almost anything from them except for @azoogle.com - Using both these methods will allow you to catch everything from azoogle.com - as in *.*azoogle.com That's the problem I have on deciding this stuff, if you say .azoogle alone, ANYTHING from azoogle will be blocked correct? I haven't seen one legit azoogle mail, but others may be legit. Obviously you don't want to block @yahoo but maybe @something.yahoo. This depends on you and your users. If .azoogle.com is a legitimate source for mass mailings and junk mail and you want to receive the legitimate mail from them then you will need to allow the .azoogle.com address while blocking only the nogood.azoogle.com addresses. argh my head. =) I know what you mean. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fromfile Status 11/12/02- Image`fx
Any particular reason you are blocking o u t p o s t.com? Although I am blocking it, does not mean you have to. I don't remember every reason for each site added to the list, however, more than likely they were sending us junk mail without permission. If you feel that for some reason I am wrong for placing them into the list then I would like to here it. I am only human and un-like a computer I do make mistakes and unlike a computer I try to rectify them. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fromfile Status 11/12/02- Image`fx
LOL You know what is even more laughable is that I am the one who posted the list and it got caught by my own spam traps. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Something better than Declude..transferred from Imail forum
I'm moving this discussion into the Declude forum, where it belongs... Markus Gufler stated: I'm not sure if this is per-user-.self-config-frontend is really needed for declude. Our users are very happy when we try to find a good and reliable configuration and keep them up to date. (spammers don't sleep) None of our clients know what are DNS-Tests, Open-Relay-Databases and so on. Wich normal internet user should be able to configure his own weight system or actions for different tests? If you download all files from the declude homepage and read the manual page it works fine in 20 minutes. However an admin can spend hours of work to test different settings, analyzing logfiles and adapt the config file for his special needs. Hours that at least our customers don't have. They want all the same: recieve a minimum of spam. We was able to increase the mail_send/spam_detected ratio from the default config-file to over 50% and I'm absolutely sure that no normal user can configure his settings better. If yes I will ask him to work for us. I mean that centralized systems like declude should be administered from admins that know what a powerfull tool they have in hands. Markus Unfortunately, we'd like to all work in an environment where there are real policies in place, and IT actually can properly protect end users against things like SPAM, Porno, etc., but we don't, and they won't. It's a sore subject that we won't get into right now. If we filter what we know is junk, somebody in upper management will get upset because they missed their latest 'junk' mail. That is why we wanted a per-user type of interface...so that those people can manage their own junk. It might actually be better that we give those select few software such as IHateSpam and let them completely manage their own, while we do, in fact, control all of the rest of us...I get over 200 emails a day, and mostly of junkby myself. What a major waste of time it is! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Something better than Declude..transferred from Imail forum
Thanks, that is actually the avenue that they were taking. They got the messages to appear with the changed headers and subject fields, but they apparently were having issues where those filters were affecting either people's email accounts that weren't on the list yet, they were getting each others messages for point values...i.e., a rule set for person 'A' would affect person 'B'. You're going to force me into looking into this situation closer, aren't you? I've been tempted...just trying to finish up a couple of other things before I do that. Dennis T. Kemp II (Tom) Program Manager MCSE/CNA/A+ Control Concepts, Inc. [EMAIL PROTECTED] 703-876-6418 Fax#: 703-876-6416 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-owner;declude.com]On Behalf Of John Tolmachoff Sent: Tuesday, November 12, 2002 4:07 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Something better than Declude..transferred from Imail forum If we filter what we know is junk, somebody in upper management will get upset because they missed their latest 'junk' mail. That is why we wanted a per-user type of interface...so that those people can manage their own junk. Actually, what you may want to try is the attach function, which attaches the Spam message to a clean message so the user can review if they want, or filter in their mail client on that subject line. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Something better than Declude..transferred from Imail forum
From what I overheard 'A' telling 'B' this morning, he sent the message from his account, so it went fro 'A' to 'B'. He purposely added text to the email body that he knew would have been caught by his rules, but not those of person 'B'. Do messages sent also go through the filter? Of course, I got this info heresayI heard 'A' say to 'B' that this happened. What I don't know is whether or not 'A' had sent the message to 'B' only, or if he had CC'd or BCC'd it to himself as well. Based on what you say here, if he did CC or BCC'd it to himself, then the rule would happen. I'll check into it... Dennis T. Kemp II (Tom) Program Manager MCSE/CNA/A+ Control Concepts, Inc. [EMAIL PROTECTED] 703-876-6418 Fax#: 703-876-6416 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-owner;declude.com]On Behalf Of R. Scott Perry Sent: Tuesday, November 12, 2002 4:18 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Something better than Declude..transferred from Imail forum ... they apparently were having issues where those filters were affecting either people's email accounts that weren't on the list yet, they were getting each others messages for point values...i.e., a rule set for person 'A' would affect person 'B'. What is really happening here isn't that one person's rules are being used on someone else's E-mail (which would certainly be a serious problem). The problem here is that one copy of an E-mail is being sent to two separate users. In this case, both E-mails are expected to be treated identically (IMail can only handle one copy of the E-mail if only one is sent). So if one E-mail is sent to person 'A' and to person 'B' (not one copy to each, but the same identical E-mail is sent to both, so IMail has only one copy), then if the ATTACH action is used by either person 'A' or person 'B', the ATTACH action will be used on the E-mail. Since the ATTACH action is used on the E-mail, both recipients will see the E-mail as an attachment. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Something better than Declude
I've had two engineers here spending alot of time with this product. They are both considerably intelligent and experienced, yet they have had nothing but trouble. We've played with a per-user package called IHateSpam before we tried the declude solution. It wass very User friendly and worked right out of the box. The down side was that it only worked with Outlook (not even Outlook Express), and was configured for each individual on their systems...no centralized database. We would prefer something that was more centralized... giving more control to the engineers. Declude gave me the features that Imail never had. - Tom, Image`fx Spam is a never ending battle and there is no program and/or person that can guarantee a spam free system without compromising legitimate mail. With that said, if you or any one else on this list is in need of some filters and/or other cfg files for declude let me know off of this list and I will send them to you. Don't forget you are always welcome to use my updated blacklist and daily list of spammers. The download links are: http://www.imagefxonline.net/apps/delog/fromfile.txt http://www.imagefxonline.net/apps/delog/daily.txt Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Per User/Domain help
I'm not asking for help, just offering an opinion... Using Declude with one CFG file and multiple Domains one could set up a default JNK/Action file with weight tests as follows: CFG: WEIGHT1 weightrange x x 10 19 WEIGHT2 weightrange x x 20 29 WEIGHT3 weightrange x x 30 39 WEIGHT4 weight x x 40 0 JNK: WEIGHT1 WARN WEIGHT2 WARN WEIGHT3 WARN WEIGHT4 WARN These weights are based on the tests that you have defined in your cfg file. When a message fails a test and triggers a weight value Declude will write a warning message in the header. Imail is capable of reading headers using the Rules. Anyone using Imail can send the message wherever they want to based on the Rule. Each Weight (1-4) would represent the level of Spam they wish to trigger on. You may just want to use a Weight setting instead of a Weight range in the CFG file. A simple web interface or Imail web page setting can easily manipulate a text file that contains the rules for that domain and/or user. The person can either select option you added on or create rules for these weights. Use your imagination. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Yahoo gets caught with some tests
In an earlier thread there was a mention about Yahoo and OSSOFT. I have found OSSOFT to be unreliable and now I only use the following companies to help stop spam. OSSRC ip4rrelays.osirusoft.com127.0.0.4 16 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 16 0 JAPAN ip4rjapan.blackholes.us 127.0.0.2 18 0 MONKEYFORMMAIL ip4rformmail.relays.monkeys.com * 16 0 MONKEYPROXIES ip4rproxies.relays.monkeys.com * 16 0 A message must fail more than one test before it is held for review. If you set the hold weight value to 19 then a message would have to fail one major and one or two minor tests before it is held. For example: message fails: OSSRC = 16 REVDNS = 4 Weight = less than 20 Message ok (may even mark the header if suspect) Hold Weight = 20 Message is held for review. Delete Weight = 100 Message is Deleted (use with caution) Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
