RE: [Declude.JunkMail] No one at Declude?

2013-04-18 Thread Andy Schmidt
@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Not that I can think of, the real advantage is it shuts off all internal validations, AVG which has already stopped, SNF and CT which will stop anytime soon. -Original Message- From: Andy Schmidt [mailto:andy_schm...@hm-software.com

RE: [Declude.JunkMail] IS INVALID KEY

2013-04-17 Thread Andy Schmidt
Phew - thanks for posting this. This WAS scary. Within a few minutes I had hundreds of spam emails in my inbox... Stopped the SMTP service and Queue service. This CODE did seem to help! -Original Message- From: Stephan Chayer [mailto:scha...@intrasoft.net] Sent: Wednesday, April 17,

RE: [Declude.JunkMail] No one at Declude?

2013-04-17 Thread Andy Schmidt
Uh - but with that code, the internal SNF is turned off? So one has to configure Sniffer has an external test with a separate Sniffer license code? -Original Message- From: Stephan Chayer [mailto:scha...@intrasoft.net] Sent: Wednesday, April 17, 2013 5:37 AM To:

RE: [Declude.JunkMail] No one at Declude?

2013-04-17 Thread Andy Schmidt
[mailto:david.bar...@mailsbestfriend.com] Sent: Thursday, April 18, 2013 12:31 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Yes Internal Sniffer is no longer a valid option. Need to switch to external. -Original Message- From: Andy Schmidt [mailto:andy_schm...@hm

RE: [Declude.JunkMail] No one at Declude?

2013-04-17 Thread Andy Schmidt
] No one at Declude? Yes Internal Sniffer is no longer a valid option. Need to switch to external. -Original Message- From: Andy Schmidt [mailto:andy_schm...@hm-software.com] Sent: Thursday, April 18, 2013 12:06 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one

RE: Re[2]: [Declude.JunkMail] No one at Declude?

2013-04-08 Thread Andy Schmidt
Not to mention the grossly unethical, possibly illegal behavior of abandoning people with active maintenance I’m still prepaid until end of June… From: Sanford Whiteman [mailto:sa...@figureone.com] Sent: Monday, April 08, 2013 7:37 PM To: Declude.JunkMail@declude.com Subject: Re[2]:

RE: [Declude.JunkMail] why have spam scores jumped?

2013-03-16 Thread Andy Schmidt
If you're that small - how many PUBLIC domains do you have to be authoritative for? What is the change frequency in a year, that you need this to be on your local DNS. For redundancy and availability purposes, why not host your public DNS at your registry, block incoming DNS queries at your

[Declude.JunkMail] NJABL Shut Down

2013-03-05 Thread Andy Schmidt
March 1, 2013: NJABL is in the process of being shut down. The DNSBL zones have been emptied. After the Internet has had some time to remove NJABL from server configs, the NS's will be pointed off into unallocated space (192.0.2.0/24 TEST-NET-1) to hopefully make the shutdown obvious to those who

[Declude.JunkMail] OT - Message Body Line-Ends in PHP

2012-12-18 Thread Andy Schmidt
Hi, Recently, gateways have clamped down on malformed message bodies that contain single LF instead of the proper CF/LF mandated by RFCs: http://www.ietf.org/rfc/rfc2822.txt 2.1 A line is a series of characters that is delimited with the two characters carriage-return and line-feed;

[Declude.JunkMail] OT - need stand-by Hyper-V host

2012-12-18 Thread Andy Schmidt
Hi, I’m using this list, because I do know that some of you have small hosting operations and I have to come to value and respect your expertise over the years. I have a client who is hosting a few small Hyper-V virtual machines with me. After the recent Hurricane, they have asked if I

RE: [Declude.JunkMail] invisible attachments?

2012-03-13 Thread Andy Schmidt
Most likely a malformed header created by the sending application. Depending on how strict an application insists on CR/LF combinations (vs just CR or just LF) – the attachment is either recognized as a distinct MAPI element – or treated as excess junk in the headers or some previous MAPI

[Declude.JunkMail] Interim Download of CFG File

2011-11-03 Thread Andy Schmidt
. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http

RE: [Declude.JunkMail] error 0xC0000142 smtp.exe

2011-05-05 Thread Andy Schmidt
I had encountered the problem when I introduced another Declude add-on to the mix (e.g., another command line program that Declude was launching). Eventually there were too many command line processes using up too much heap… Some of us were using the old command-line sniffer and 2 or 3

RE: [Declude.JunkMail] error 0xC0000142 smtp.exe

2011-05-05 Thread Andy Schmidt
4:10 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] error 0xC142 smtp.exe That sounds like me. What’s the cure? Drop the number of threads in declude.cfg? I haven’t looked at it yet to see what I have. From: Andy Schmidt mailto:andy_schm...@hm-software.com Sent

RE: [Declude.JunkMail] error 0xC0000142 smtp.exe

2011-05-05 Thread Andy Schmidt
: Re: [Declude.JunkMail] error 0xC142 smtp.exe That sounds like me. What’s the cure? Drop the number of threads in declude.cfg? I haven’t looked at it yet to see what I have. From: Andy Schmidt mailto:andy_schm...@hm-software.com Sent: Thursday, May 05, 2011 1:05 PM To: Declude.JunkMail

RE: [Declude.JunkMail] JunkMail Bounce and Virus Notices

2011-03-27 Thread Andy Schmidt
Hi, It’s not just limited to HiJack, it seems that Declude Virus and Declude Junkmail are both hardcoded to use IMail1 for virus notifications, Bounce Messages. I can’t find any configuration option where you can either use BLAT or some other command line mailer and/or mailer script.

RE: [Declude.JunkMail] How to send notices about email held by HiJack

2011-03-27 Thread Andy Schmidt
PS: appears they removed it in v10 – not just v11 (or v11.03). I went back to version 11.02 installer, and after going through the entire activation sequence for a new/second trial install – I ended up with 11.02 – but no Imail1.exe. I don’t have a pre-version 10 installer laying around!

RE: [Declude.JunkMail] Blocking on no REV DNS?

2011-02-14 Thread Andy Schmidt
I suppose it depends on your clients. I host mostly small to medium business sites, bounce on reverse DNS at my gateway and only get a question once or twice a year, where I assist some clueless Email Admin about contacting his ISP to set up the proper reverse DNS. I explain to them that we

RE: [Declude.JunkMail] Blocking on no REV DNS?

2011-02-14 Thread Andy Schmidt
Not sure if you're asking how to trap items without reverse DNS? It would be a line like this in the GLOBAL.CFG: WHITELIST AUTH REVDNS revdnsexists x x 5 0 (which would add a weight of 5 if there is no reverse DNS - but whitelist

[Declude.JunkMail] Spam Routing and IP 6?

2010-10-18 Thread Andy Schmidt
Hi, I may be barking up the wrong tree. But since the following email only had a single IP v4 hop to our Imail, I can't see how this could possibly be caught by spamrouting - unless there is some confusion on how to treat the IP v6 address address: Received: from SDKENG01.dkeng.co.uk

[Declude.JunkMail] Spam Routing and IP 6?

2010-10-12 Thread Andy Schmidt
Hi, I may be barking up the wrong tree. But since the following email only had a single IP v4 hop to our Imail, I can't see how this could possibly be caught by spamrouting - unless there is some confusion on how to treat the IP v6 address address: Received: from SDKENG01.dkeng.co.uk

Re: [Declude.JunkMail] Imail vs. Smartermail

2010-08-28 Thread Andy Schmidt
spam checks (we'll see which ones they are starting with.) I've been asking for that for 10 years - so hopefully I'll be able to reject (some) spam outright during the SMTP conversation. Best Regards Andy Schmidt Tel. +1 201-934-9411, x20 Fax +1 201-934-9206 From: Eddie Sent: Saturday, August

Re: [Declude.JunkMail] Server AV Scanner

2010-08-12 Thread Andy Schmidt
Server AV ScannerDave, ClamAV works perfectly fine with Declude - runs as a service and thus is fast. A native Windows version has been available for quite a while. Best Regards Andy Schmidt Tel. +1 201-934-9411, x20 Fax +1 201-934-9206 From: Dave Beckstrom Sent: Thursday, August 12, 2010 9

[Declude.JunkMail] RE: A small Junkmail enhancement suggestion

2010-07-15 Thread Andy Schmidt
Hi, Yes - the From header is just for the mail client (such as Outlook). The real sender is typically provided in the Sender or X-Sender header. Here is an example using different versions of CDO: a) Up to Win 2000 Server and prior Reply-To:

RE: [Declude.JunkMail] Blocking domains by DNS server?

2010-07-01 Thread Andy Schmidt
Hi Dave, Unless that name server is listed in one of the RBLs already, you'd have to set up your own RBL zone on your name server and then check against that. Here's the appropriate section of the config file: !--Enables the checking of the URI's name servers against an RBL. -- !--If

[Declude.JunkMail] FTC Permanently Shuts Down Notorious Rogue Internet Service Provider

2010-06-01 Thread Andy Schmidt
http://www.ftc.gov/opa/2010/05/perm.shtm --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Andy Schmidt
Hi Michael: I have a Windows script that I use with a whole bunch of different Exchange customers to pull their email addresses from their servers and dump them into a small JET (.mdb = Access) Database. It does have a few input parameters where you configure the LDAP path to the mail domain

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Andy Schmidt
// --- // // Author: © 2005, Andy Schmidt // Email: a...@argos.net // Runtime: Windows Scripting Host 5.6 // // // --- // // CHANGE HISTORY // // 1.0.0 05-Apr-05 (AS) Initial Development

[Declude.JunkMail] SORBS Website Down?

2010-05-12 Thread Andy Schmidt
Hi, Does anyone have a URL that works? I haven't been able to get www.sorbs.net/lookup.shtml, or www.au.sorbs.net/lookup.shtml to come up? I remember reading something last year that they had trouble getting a hosting sponsor - but later they were acquired by GFI. Best Regards, Andy

RE: [Declude.JunkMail] Fine tuning Declude

2010-05-12 Thread Andy Schmidt
. Trying to get access to LDAP through firewalls for an external process would take a lot longer to coordinate on a per-customer basis. Darin. - Original Message - From: Andy Schmidt mailto:andy_schm...@hm-software.com To: declude.junkmail@declude.com Sent: Wednesday, May 12

RE: [Declude.JunkMail] SORBS Website Down?

2010-05-12 Thread Andy Schmidt
Down? It may have been down when you looked, Andy. It's up now. Also, I like to use this 3rd party for an instant second opinion: http://downforeveryoneorjustme.com Andrew 8) _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt

RE: [Declude.JunkMail] SORBS Website Down?

2010-05-12 Thread Andy Schmidt
up now. Also, I like to use this 3rd party for an instant second opinion: http://downforeveryoneorjustme.com Andrew 8) _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 12, 2010 1:15 PM To: declude.junkmail

[Declude.JunkMail] Sniffer Integration - Bad snf_engine.xml

2010-05-05 Thread Andy Schmidt
Dave, Pete has helped me figure out that your XML samples, e.g.: http://interim.declude.com/41048/Scanners/SNF/snf_engine.xml is NOT a valid XML file. Specifically, the closing tag for the node element is invalid. It MUST be: /node (Currently it is

RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme

2010-05-05 Thread Andy Schmidt
...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, May 03, 2010 4:52 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme Hi Dave, I'm breaking this into two discussions as they are two different topics. The REAL point

RE: [Declude.JunkMail] Sniffer Integration - Multiple Exit Codes

2010-05-05 Thread Andy Schmidt
SNFx 47 12 0 Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, April 30, 2010 10

RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme

2010-05-05 Thread Andy Schmidt
To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme On 5/5/2010 1:30 PM, Andy Schmidt wrote: Hi Dave, Hm - yes,I think if you added 21 lines (from -10 to 0 and to +10) to the config file, you would have could cover the reputation range from -1

RE: [Declude.JunkMail] Sniffer Integration - Multiple Exit Codes

2010-05-05 Thread Andy Schmidt
these are NOT multiple lines of the SAME command. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete McNeil Sent: Wednesday, May 05, 2010 3:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Sniffer Integration - Multiple Exit Codes On 5/5/2010 3:24 PM, Andy Schmidt

[Declude.JunkMail] Reporting of Tests Failed Incomplete?

2010-05-03 Thread Andy Schmidt
Hi Dave, I do have SOME tests suppressed from the SMTP headers: HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT WEIGHTKILL2 WEIGHT8 WEIGHT10 WEIGHTHDR WEIGHTFOOTER NJABL AHBL SORBS SENDERDB WEIGHTGATEWAY So the SMTP header looks correct - and the weight of 9 is accurate:

RE: [Declude.JunkMail] Reporting of Tests Failed Incomplete?

2010-05-03 Thread Andy Schmidt
Hi Dave, I agree with you that the total weight of 9 is correct (I had already piecemealed that arithmetic together in my msg). As Commtouch Zerohour was implemented differently that regular tests (because it runs as part of the AV code) it is not listed in this log line. Agreed it

RE: [Declude.JunkMail] Sniffer Integration - Multiple Exit Codes

2010-05-03 Thread Andy Schmidt
Hi Dave (just in case this one got lost), Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. I know that all 18 SNF rule lines only require one invocation of Sniffer - which are then evaluated 18 different way. Fair enough. I

RE: [Declude.JunkMail] Reporting of Tests Failed Incomplete?

2010-05-03 Thread Andy Schmidt
: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, May 03, 2010 1:10 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Reporting of Tests Failed Incomplete? Hi Dave, I agree with you that the total weight of 9 is correct (I had already

RE: [Declude.JunkMail] SNFIP option for WHITE?

2010-05-03 Thread Andy Schmidt
Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Saturday, May 01, 2010 2:19 PM To: declude.junkmail@declude.com Subject: FW: [Declude.JunkMail

RE: [Declude.JunkMail] Sniffer BasePoint

2010-05-03 Thread Andy Schmidt
. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Saturday, May 01, 2010 1:51 PM

RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme

2010-05-03 Thread Andy Schmidt
Hi Dave, I'm breaking this into two discussions as they are two different topics. The REAL point of Pete's input (and my suggestion) for SNFIPREP is that the reputation scale of -1 through +1 should NOT just result in either ONE positive or ONE negative weight option. Your example:

RE: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate -- SUGGESTION

2010-05-01 Thread Andy Schmidt
agree with you that it could be made more clear, but to advise the list NOT to use the current declude settings is your opinion. What would be helpful is making a suggestion to what settings you use based on your results. David _ From: Andy Schmidt andy_schm...@hm-software.com Sent

RE: [Declude.JunkMail] Statistic programs for Junkmail

2010-05-01 Thread Andy Schmidt
I happen to run Invariant Software's Declude Analyzer (for Declude Virus and Declude Spam). -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Dodell Sent: Saturday, May 01, 2010 12:39 PM To: declude.junkmail@declude.com Subject:

RE: [Declude.JunkMail] Sniffer IP Reputation for white listing

2010-05-01 Thread Andy Schmidt
] Sniffer IP Reputation for white listing On 4/30/2010 9:32 PM, Andy Schmidt wrote: snip/ But your documentation of the reputation system has a graph that shows that there is yet another category: WHITE. I don't know the details of Declude's impelementation. Presumably

FW: [Declude.JunkMail] SNFIP option for WHITE?

2010-05-01 Thread Andy Schmidt
Dave, Pete confirmed that in addition to the Caution, Black and Truncate categories, there is a WHITE category (which was also mentioned in the Sniffer documentation). So, I seems as if besides the existing three SNFIP options: SNFIPCAUTION SNFIP x 4 5 0 SNFIPBLACK SNFIP x 5 10 0

RE: [Declude.JunkMail] We have opened up truncate.gbudb.net

2010-04-30 Thread Andy Schmidt
...@declude.com] On Behalf Of Pete McNeil Sent: Friday, April 30, 2010 4:49 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] We have opened up truncate.gbudb.net On 4/29/2010 10:06 PM, Andy Schmidt wrote: Thanks - I activated it in my gateway and will report back after a day or so

RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero?

2010-04-30 Thread Andy Schmidt
Hi Dave, Thanks for taking the time to explain it. I see that the sample on your web site has already been corrected to read IPREPUTATIONSNFIPREP and I was simply working off an earlier copy. For the SNF test type, is there a way to have a global match (e.g., NONZERO), instead of

RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero?

2010-04-30 Thread Andy Schmidt
Thanks for clearing up that it doesn't work for the 2nd variable (I'm aware that it is an internal and not and external test, and that it is the SECOND variable, and that it only executes once, etc.) As a suggestion, you might consider enabling the nonzero option for the second variable as

RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero?

2010-04-30 Thread Andy Schmidt
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, April 30, 2010 10:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero? Hi Dave, Thanks for taking the time to explain it. I see

RE: [Declude.JunkMail] We have opened up truncate.gbudb.net

2010-04-30 Thread Andy Schmidt
It is - and I agree with you! From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Matt Sent: Friday, April 30, 2010 12:53 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] We have opened up truncate.gbudb.net Is the result code really 127.0.0.1? That is

RE: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate

2010-04-30 Thread Andy Schmidt
Hi Pete, I'm look over Decludes recommended Sniffer configuration and trying to understand how much overlap there is between these options: IPREPUTATIONSNFIPREPx 0 10 -5 SNFIPCAUTIONSNFIP x 4 5 0

RE: [Declude.JunkMail] Sniffer Integration - Multiple Exit Codes

2010-04-30 Thread Andy Schmidt
Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, April 30, 2010 10:31 AM To: declude.junkmail@declude.com Subject: RE

RE: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate

2010-04-30 Thread Andy Schmidt
Sent: Friday, April 30, 2010 7:07 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate On 4/30/2010 5:16 PM, Andy Schmidt wrote: Hi Pete, I'm look over Decludes recommended Sniffer configuration and trying to understand

RE: [Declude.JunkMail] Sniffer IP Reputation for white listing

2010-04-30 Thread Andy Schmidt
: Friday, April 30, 2010 7:07 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate On 4/30/2010 5:16 PM, Andy Schmidt wrote: Hi Pete, I'm look over Decludes recommended Sniffer configuration and trying to understand how much

RE: [Declude.JunkMail] We have opened up truncate.gbudb.net

2010-04-29 Thread Andy Schmidt
Thanks - I activated it in my gateway and will report back after a day or so. Question: a) Does it have TXT records that holds additional info that can be returned in the 5.7.1 message to the sender? b) Is there a lookup URL that can be included in the 5.7.1 message that people can

RE: [Declude.JunkMail] Sniffer Integration

2010-04-29 Thread Andy Schmidt
Hi, 1. I'm confused about the Sniffer integration sample: SNFIPBLACK SNFIP x 5 10 0 IPREPUTATIONSNFIP x 5 10 -5 It seems to me as if BOTH lines test the SAME Sniffer return code of 5 -

[Declude.JunkMail] CommTouch False Positive

2010-02-19 Thread Andy Schmidt
Hi, How do I go about reporting ZeroHour false positives? For the past few days, one of my cliens has been trying to email a (legitimate) ZIP file with a DLL that keeps getting blocked by CommTouch. How do I submit these D/Q files to get this problem fixed? Best Regards, Andy

[Declude.JunkMail] AllLists.DAT in RAR Format?

2010-02-19 Thread Andy Schmidt
Hi, Obviously, I know that I can download third party tools to “unrar” the file – but I REALLY hate nothing more, but than cluttering up production systems with unnecessary shareware/freeware. Windows has built-in ZIP support (“compressed folders”). Is there any justification to pick a

RE: [Declude.JunkMail] CommTouch False Positive

2010-02-19 Thread Andy Schmidt
: and we can report it to Commtouch. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday

RE: [Declude.JunkMail] AllLists.DAT in RAR Format?

2010-02-19 Thread Andy Schmidt
...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, February 19, 2010 11:22 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] AllLists.DAT in RAR Format? Importance: High Hi, Obviously, I know that I can download third party tools to “unrar” the file – but I REALLY hate nothing

[Declude.JunkMail] Conditional Whitelist - Good Use of SPF!

2010-01-20 Thread Andy Schmidt
Hi, Despite all the shortcomings of SPF, there may be one GOOD use: Every once in a while I receive requests to whitelist certain sender email addresses or domains - then I explain that we don't like to do that because it would allow any spam that PRETENDS to come from that domain to pass.

RE: [Declude.JunkMail] Conditional Whitelist - Good Use of SPF!

2010-01-20 Thread Andy Schmidt
, couldn't you just create a rule that if the sender passes SPF that you apply a large negative point value? Then you could apply that rule to only the domains that you want to whitelist. Dean On Wed, Jan 20, 2010 at 8:47 AM, Andy Schmidt andy_schm...@hm-software.com wrote: Hi, Despite all

RE: [Declude.JunkMail] Release 4.10.42

2010-01-04 Thread Andy Schmidt
Happy New Year: Can you elaborate on the Sniffer implementation please? a) Is the annual cost of Sniffer now included with Declude? b) If we have no custom rule-base, there would be no reason not to use the Declude rule-base? c) What's the technical implementation of

RE: [Declude.JunkMail] Release 4.10.42

2010-01-04 Thread Andy Schmidt
978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, January 04, 2010 11:18 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Release 4.10.42

RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes

2009-11-05 Thread Andy Schmidt
business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, November 05, 2009 10:50 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail

RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes

2009-11-05 Thread Andy Schmidt
guess that this would take a programmer maybe an hour to code up and test. Matt Andy Schmidt wrote: Hi Dave, just sent you a zip file - hope it made it past your virus check. It has a few interesting cases to see if your new code picks up the CORRECT IP address. Always picking the first

RE: [Declude.JunkMail] How to Correctly Parse RECEIVED Headers for IP Address

2009-11-05 Thread Andy Schmidt
with parenthesis, but it does happen. Matt Andy Schmidt wrote: Hi Matt, Sorry - but some of these are actually headers inserted by my OWN server. So they are NOT forged. Most of them are spam, but some of them were even false positives. Best Regards, Andy From: supp

RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes

2009-11-04 Thread Andy Schmidt
Hi David: I'm interested to better understand this feature. The line you posted looks like a legit received header that Postini indeed should add to the top of the headers when it receives the message from the source? Received: from source ([209.85.221.110]) by

RE: [Declude.JunkMail] Declude 4.9.39 Postini Received Header Fix

2009-11-04 Thread Andy Schmidt
fax dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, November 04, 2009 3:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes Hi David: I'm interested

[Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files

2009-08-26 Thread Andy Schmidt
Hi, Doesn't make much sense to ask a user to submit debug logs AFTER a GP fault that only happens sporadically. How about Declude quarantining the Q/D files in question whenever the C:/Declude.GP* files are written? This way, the customer can attempt to reproduce the problem (using the

RE: [Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files

2009-08-26 Thread Andy Schmidt
[mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, August 26, 2009 11:04 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files Sensitivity: Personal Hi, Doesn't make much sense to ask a user

RE: [Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files

2009-08-26 Thread Andy Schmidt
external. I have our engineer looking to see what we can gather from the file. And will get back to you asap. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, August 26, 2009 11:59 AM To: declude.junkmail@declude.com Subject: RE

Re: [Declude.JunkMail] Imail 11

2009-08-11 Thread Andy Schmidt
Hi, been using Imail 11 since May. Several annoying bugs - bug fixes for each one within a few days. Looks good now - but it's not worth for anyone installing NOW because 11.0.1 is in technical preview and saves you the hassle of having to ask for 5 or 6 DLL updates (because they are not being

Re: [Declude.JunkMail] Imail 11

2009-08-11 Thread Andy Schmidt
Imail 11 supports ActiveSync (e.g., I'm using it from my regular cell phone) to synch contacts, emails, appointments, notes,... From: Nick Hayer Sent: Tuesday, August 11, 2009 6:43 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail 11 SmarterMail. Its the way to go.

[Declude.JunkMail] RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?

2009-07-08 Thread Andy Schmidt
cache and restart Declude to see if it resolves the problem. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy

[Declude.JunkMail] RE: Database error after upgrading Incorrect HELO in Received Header

2009-06-25 Thread Andy Schmidt
Hi, a) As far as the HELOBOGUS test - you likely are missing the various IMAIL 11 fixes that Ipswitch created but only gives out when you ask: http://kb.imailserver.com/cgi-bin/imail.cfg/php/enduser/std_adp.php?p_faqid= 691 With the latest fixed SMTP service and Imail_API DLL, my HELOBOGUS test

RE: [Declude.JunkMail] All_list.dat

2009-06-09 Thread Andy Schmidt
Hi Dave: Good to see that this is (apparently) now an automated procedure that keeps a current file online for us. Thank you! Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, June 08, 2009 4:56 PM To: declude.junkmail@declude.com

[Declude.JunkMail] ZEROHOUR vs. TESTSFAILED

2009-06-07 Thread Andy Schmidt
of “TESTSFAILED” filters) which groupings of tests might be testing/triggering on the same “aspect” of a message. Currently ZEROHOUR appears to negate all the other advantages of Declude! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail

RE: [Declude.JunkMail] CommTouch ZeroHour

2009-06-05 Thread Andy Schmidt
Uh - okay, that was the reason, why I wasn't able to purchase CommTouch back when. As a hosting provider (which includes providing mailboxes for the clients' domains), that would fall under the umbrella primary function is to provide Internet service. If they would define ISP as Internet

RE: [Declude.JunkMail] CommTouch ZeroHour

2009-06-05 Thread Andy Schmidt
: [Declude.JunkMail] CommTouch ZeroHour Yes Internet access provider is a better description of ISP and how it is understood by Commtouch. David -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, June 05, 2009 11:30 AM To: declude.junkmail

RE: [Declude.JunkMail] Upgrade 4.6.35 AVG not scanning - FIX

2009-06-02 Thread Andy Schmidt
That's semantics - either are Malicious emails (Phishing are the new Viruses - or sometimes just a precursor). Most malicious email scanners now include phishing in their realm of responsibility. Bottom line: You need to run a scanner, it will find malicious emails, whether you technically would

RE: [Declude.JunkMail] Declude 4.5.29 Released

2009-02-24 Thread Andy Schmidt
Hi, is the jump from 4.4.25 ( release 4.4 ) to 4.5.26 (release 4.5) intentional or a typo? If 4.5 is a new release, one would have expected it to start at 4.5.) - and thus this latest build be referred to as 4.5.3 ? -Original Message- From: supp...@declude.com

RE: [Declude.JunkMail] Errorlevel not working

2009-02-09 Thread Andy Schmidt
Because it does a = comparison, you need to start with the greatest value and work your way lower. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Serge Sent: Sunday, February 08, 2009 7:58 PM To: declude.junkmail@declude.com Subject: Re:

RE: [Declude.JunkMail] DNS lookup fail, yet e-mail passes spam tests

2009-02-03 Thread Andy Schmidt
Hi, I think there are two different issues: a) As stated by others, the mail SERVER is NOT required to have an MX record (seldomly will!) and is not required to be referenced in the domain's MX record (in case it's an outbound server only). b) However, I reject mails from

RE: [Declude.JunkMail] DNS lookup fail, yet e-mail passes spam tests

2009-02-03 Thread Andy Schmidt
I wouldn't add anything to the score because it's very common (specially for larger organizations) to have dedicated outbound servers, while all MX records point to their anti-spam/anti-virus gateways! The better approach would be to REDUCE the weight score if you receive mail from a mail

RE: [Declude.JunkMail] New Blacklist / Whitelist (Barracuda)

2008-12-06 Thread Andy Schmidt
Hi, I very much feel it's worth it - as long as you combine it with other tests. Other than Sniffer, it flags MORE emails (about 55 to 60%) than CBL Dyna, Spamcop, InvURIBL, Sorbs, SenderDB etc. Many times when I looked at NEW spam (or a Virus), then Barracuda (besides Sniffer) was the ONLY one

[Declude.JunkMail] No Reverse DNS in Header?

2008-11-03 Thread Andy Schmidt
Hi, I never noticed this scenario before, so I figured I ask: One of the emails I investigated was had a null string RevDNS in the XINHEADER: X-Declude: Version 4.4.20; Code 0xe from [38.108.41.55] The global config defines the following: XINHEADERX-Declude: Version

[Declude.JunkMail] URIBL vs. SURBL

2008-10-17 Thread Andy Schmidt
Hi, I checked two of my systems and noticed that apparently multi.uribl.com does not have any hits for its black and red lists EVER? I find that hard to believe. My systems DOES check SURBL first, and only would pass a good message to URIBL. Is it really possible that URIBL is fully redundant to

RE: [Declude.JunkMail] URIBL vs. SURBL

2008-10-17 Thread Andy Schmidt
://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Andy Schmidt wrote: Hi, I checked two of my systems and noticed that apparently multi.uribl.com does not have any

[Declude.JunkMail] New Blacklist / Whitelist

2008-10-15 Thread Andy Schmidt
a) Pay $20.00 for another flavor of SPF - or do I see this wrong? http://www.emailreg.org/ b) http://www.barracudacentral.org/rbl Hadn't seen this one mentioned? Any experiences? Effective? False Positives? --- This E-mail came from the Declude.JunkMail mailing list. To

[Declude.JunkMail] http://tools.declude.com/headercode.php?code=8000004e

2008-10-14 Thread Andy Schmidt
That really does NOT help. I know it failed the BADHEADERS test, otherwise I wouldn't use the BADHEADERS tool to look up the cause. The explanation doesn't need to tell me what's okay, I need to know what's NOT. After reading the explanation I'm just as smart as before: Results The E-mail

RE: [Declude.JunkMail] country chain

2008-10-08 Thread Andy Schmidt
I believe the routing test looks for emails hopping back and forth across major regions. So, if the email was sent from the U.S. to China and then back to the U.S., it should trigger. But, if a multinational company has I/T resources (or registered IP addresses) south or north of the border, or if

RE: [Declude.JunkMail] country chain

2008-10-08 Thread Andy Schmidt
Hi, I think that counting countries is not necessarily helpful - specially if you think of other continents. In Europe, many AOL IP blocks are registered to the U.K. Knowing that an email went through two or three countries before reaching you does not really imply anything, specially for

RE: [Declude.JunkMail] Re:Declude vs Perry (ES)

2008-09-09 Thread Andy Schmidt
, Andy Schmidt From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Tuesday, September 09, 2008 1:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Re:Declude vs Perry (ES) I am not a lawyer so dont understand 100%. So Scott Perry agreed

RE: [Declude.JunkMail] Re:Declude vs Perry (ES)

2008-09-09 Thread Andy Schmidt
Well, Darin - it may be relevant to look at the timeline. Example: 1. Declude is developed 2. Declude is purchased 3. Developer keeps source code and NOW starts to reuse it to develop DNSstuff.com vs. 1. Declude is developed 2. DNSstuff is developed

RE: [Declude.JunkMail] SPF Issue

2008-09-01 Thread Andy Schmidt
What is the issue? What error message? Was it bounced mail? What did the NDR say? I could be a recipient trying to forward mail to another server, or an end-user trying to send email from home using their local ISP... etc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Declude.JunkMail] Imail version 10

2008-08-29 Thread Andy Schmidt
Who isn't? g Yes, we've been running Imail 10 from the start, now 10.01 and are using it with Declude 4.4.16. Best Regards, Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Friday, August 29, 2008 12:24 PM To:

  1   2   3   4   5   6   7   8   9   >