[Declude.JunkMail] SPF Abuse Filter

Hi, A lot of spam comes with valid SPF pass configurations (but so does legitimate). However, if someone is sophisticated enough to set up SPF for their domain, they should also be sophisticated enough to have valid Reverse DNS and Hostnames configured. So I'm experimenting with this filter

RE: [Declude.JunkMail] No one at Declude?

@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Not that I can think of, the real advantage is it shuts off all internal validations, AVG which has already stopped, SNF and CT which will stop anytime soon. -Original Message- From: Andy Schmidt [mailto:andy_schm...@hm-software.com

RE: [Declude.JunkMail] No one at Declude?

ubject: RE: [Declude.JunkMail] No one at Declude? Yes Internal Sniffer is no longer a valid option. Need to switch to external. -Original Message----- From: Andy Schmidt [mailto:andy_schm...@hm-software.com] Sent: Thursday, April 18, 2013 12:06 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail]

RE: [Declude.JunkMail] No one at Declude?

vid Barker [mailto:david.bar...@mailsbestfriend.com] Sent: Thursday, April 18, 2013 12:31 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Yes Internal Sniffer is no longer a valid option. Need to switch to external. -Original Message----- From: Andy Schmidt [mailto

RE: [Declude.JunkMail] No one at Declude?

Uh - but with that code, the internal SNF is turned off? So one has to configure Sniffer has an external test with a separate Sniffer license code? -Original Message- From: Stephan Chayer [mailto:scha...@intrasoft.net] Sent: Wednesday, April 17, 2013 5:37 AM To: Declude.JunkMail@declude.

RE: [Declude.JunkMail] IS INVALID KEY

Phew - thanks for posting this. This WAS scary. Within a few minutes I had hundreds of spam emails in my inbox... Stopped the SMTP service and Queue service. This CODE did seem to help! -Original Message- From: Stephan Chayer [mailto:scha...@intrasoft.net] Sent: Wednesday, April 17, 2013

[Declude.JunkMail] Interim and Downloads sites still working

This may be your last shot to still get the files that were updated in the past month or so (as recent as last weekend!) So better drop everything before they wake up and shut those down too… http://interim.declude.com/ U: Interim P: decinterimv4 http://downloads.declude.com/ U:

RE: Re[2]: [Declude.JunkMail] No one at Declude?

>> Not to mention the grossly unethical, possibly illegal behavior of >> abandoning people with active maintenance << I’m still prepaid until end of June… From: Sanford Whiteman [mailto:sa...@figureone.com] Sent: Monday, April 08, 2013 7:37 PM To: Declude.JunkMail@declude.com Subject: Re[2]:

RE: [Declude.JunkMail] why have spam scores jumped?

If you're that small - how many PUBLIC domains do you have to be authoritative for? What is the change frequency in a year, that you need this to be on your local DNS. For redundancy and availability purposes, why not host your public DNS at your registry, block incoming DNS queries at your bor

[Declude.JunkMail] NJABL Shut Down

March 1, 2013: NJABL is in the process of being shut down. The DNSBL zones have been emptied. After "the Internet" has had some time to remove NJABL from server configs, the NS's will be pointed off into unallocated space (192.0.2.0/24 TEST-NET-1) to hopefully make the shutdown obvious to those who

[Declude.JunkMail] OT - need "stand-by" Hyper-V host

Hi, I’m using this list, because I do know that some of you have small hosting operations and I have to come to value and respect your expertise over the years. I have a client who is hosting a few small Hyper-V virtual machines with me. After the recent Hurricane, they have asked if I c

[Declude.JunkMail] OT - Message Body Line-Ends in PHP

Hi, Recently, gateways have clamped down on malformed message bodies that contain single LF instead of the proper CF/LF mandated by RFCs: http://www.ietf.org/rfc/rfc2822.txt 2.1 "A line is a series of characters that is delimited with the two characters carriage-return and line-feed; t

RE: [Declude.JunkMail] invisible attachments?

Most likely a malformed header created by the sending application. Depending on how strict an application insists on CR/LF combinations (vs just CR or just LF) – the attachment is either recognized as a distinct MAPI element – or treated as excess junk in the headers or some previous MAPI seg

[Declude.JunkMail] Interim Download of CFG File

. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be fou

RE: [Declude.JunkMail] error 0xC0000142 smtp.exe

: Re: [Declude.JunkMail] error 0xC142 smtp.exe That sounds like me. What’s the cure? Drop the number of threads in declude.cfg? I haven’t looked at it yet to see what I have. From: Andy Schmidt <mailto:andy_schm...@hm-software.com> Sent: Thursday, May 05, 2011 1:05

RE: [Declude.JunkMail] error 0xC0000142 smtp.exe

4:10 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] error 0xC142 smtp.exe That sounds like me. What’s the cure? Drop the number of threads in declude.cfg? I haven’t looked at it yet to see what I have. From: Andy Schmidt <mailto:andy_schm...@hm-software.com>

RE: [Declude.JunkMail] error 0xC0000142 smtp.exe

I had encountered the problem when I introduced another Declude add-on to the mix (e.g., another command line program that Declude was launching). Eventually there were too many command line processes using up too much heap… Some of us were using the old command-line sniffer and 2 or 3 anti-vi

RE: [Declude.JunkMail] How to send notices about email held by HiJack

PS: appears they removed it in v10 – not just v11 (or v11.03). I went back to version 11.02 installer, and after going through the entire activation sequence for a new/second trial install – I ended up with 11.02 – but no Imail1.exe. I don’t have a pre-version 10 installer laying around!

RE: [Declude.JunkMail] JunkMail Bounce and Virus Notices

Hi, It’s not just limited to HiJack, it seems that Declude Virus and Declude Junkmail are both hardcoded to use IMail1 for virus notifications, Bounce Messages. I can’t find any configuration option where you can either use BLAT or some other command line mailer and/or mailer script. He

RE: [Declude.JunkMail] Idea for new Declude add-on

>> I couldn't think of any specific instances where you would not want to >> whitelist a recipient's address. Obviously nobody should be emailing a >> spammer. << In general, that's reasonable - but certainly not bullet-proof. Since spammers always use other people's email addresses (specially

RE: [Declude.JunkMail] Blocking on no REV DNS?

Not sure if you're asking how to "trap" items without reverse DNS? It would be a line like this in the GLOBAL.CFG: WHITELIST AUTH REVDNS revdnsexists x x 5 0 (which would add a weight of 5 if there is no reverse DNS - but whitelist

RE: [Declude.JunkMail] Blocking on no REV DNS?

I suppose it depends on your clients. I host mostly small to medium business sites, bounce on reverse DNS at my gateway and only get a question once or twice a year, where I assist some clueless Email Admin about contacting his ISP to set up the proper reverse DNS. I explain to them that we are

[Declude.JunkMail] Spam Routing and IP 6?

Hi, I may be barking up the wrong tree. But since the following email only had a single IP v4 hop to our Imail, I can't see how this could possibly be caught by "spamrouting" - unless there is some confusion on how to treat the IP v6 address address: Received: from SDKENG01.dkeng.co.uk [81.

[Declude.JunkMail] Spam Routing and IP 6?

Hi, I may be barking up the wrong tree. But since the following email only had a single IP v4 hop to our Imail, I can't see how this could possibly be caught by "spamrouting" - unless there is some confusion on how to treat the IP v6 address address: Received: from SDKENG01.dkeng.co.uk [81.

Re: [Declude.JunkMail] Imail vs. Smartermail

spam checks (we'll see which ones they are starting with.) I've been asking for that for 10 years - so hopefully I'll be able to reject (some) spam outright during the SMTP conversation. Best Regards Andy Schmidt Tel. +1 201-934-9411, x20 Fax +1 201-934-9206 From: Eddie Sent: S

Re: [Declude.JunkMail] Server AV Scanner

Server AV ScannerDave, ClamAV works perfectly fine with Declude - runs as a service and thus is fast. A native Windows version has been available for quite a while. Best Regards Andy Schmidt Tel. +1 201-934-9411, x20 Fax +1 201-934-9206 From: Dave Beckstrom Sent: Thursday, August 12, 2010 9

[Declude.JunkMail] RE: A small Junkmail enhancement suggestion

Hi, Yes - the "From" header is just for the mail client (such as Outlook). The "real" sender is typically provided in the Sender or X-Sender header. Here is an example using different versions of CDO: a) Up to Win 2000 Server and prior Reply-To: From: Sender: To: The

RE: [Declude.JunkMail] Blocking domains by DNS server?

Hi Dave, Unless that name server is listed in one of the RBLs already, you'd have to set up your own RBL zone on your name server and then check against that. Here's the appropriate section of the config file:

[Declude.JunkMail] FTC Permanently Shuts Down Notorious Rogue Internet Service Provider

http://www.ftc.gov/opa/2010/05/perm.shtm --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.

RE: [Declude.JunkMail] Interim 4.10.51

Hi Dave, Thanks. Question, assuming that some folks have likely defined actions based on "ZEROHOUR", or referred to that name in Filters, etc. - wouldn't it be more appropriate for everyone to configure the new test as: ZEROHOUR ZEROHOURxx 12 0

RE: [Declude.JunkMail] SORBS Website Down?

It's up now. Also, I like to use this 3rd party for an instant second opinion: http://downforeveryoneorjustme.com Andrew 8) _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, May 12, 2010 1:15 PM To: declud

RE: [Declude.JunkMail] SORBS Website Down?

Down? It may have been down when you looked, Andy. It's up now. Also, I like to use this 3rd party for an instant second opinion: http://downforeveryoneorjustme.com Andrew 8) _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Sc

RE: [Declude.JunkMail] Fine tuning Declude

mer servers to place the extraction script. Trying to get access to LDAP through firewalls for an external process would take a lot longer to coordinate on a per-customer basis. Darin. ----- Original Message - From: Andy Schmidt <mailto:andy_schm...@hm-software.com> To: declude.ju

[Declude.JunkMail] SORBS Website Down?

Hi, Does anyone have a URL that works? I haven't been able to get www.sorbs.net/lookup.shtml, or www.au.sorbs.net/lookup.shtml to come up? I remember reading something last year that they had trouble getting a hosting sponsor - but later they were acquired by GFI. Best Regards, Andy

RE: [Declude.JunkMail] Fine tuning Declude

Email Addresses from Active Directory // --- // // Author: © 2005, Andy Schmidt // Email: a...@argos.net // Runtime: Windows Scripting Host 5.6 // // //

RE: [Declude.JunkMail] Fine tuning Declude

Hi Michael: I have a Windows script that I use with a whole bunch of different Exchange customers to pull their email addresses from their servers and dump them into a small JET (.mdb = Access) Database. It does have a few input parameters where you configure the LDAP path to the mail domain (

RE: [Declude.JunkMail] Sniffer Integration -> Multiple Exit Codes

ation -> Multiple Exit Codes On 5/5/2010 3:24 PM, Andy Schmidt wrote: Hi Dave (just in case this got overlooked - or I missed the answer), >> Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. << I know that all 18

RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme

, May 05, 2010 3:14 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme On 5/5/2010 1:30 PM, Andy Schmidt wrote: Hi Dave, Hm - yes,I think if you added 21 lines (from -10 to 0 and to +10) to the config file, you would have could cover

RE: [Declude.JunkMail] Sniffer Integration -> Multiple Exit Codes

\Smartermail\Declude\Sniffer\xxx.exe xxxabc123"12 0 SNIFFER-TRAVEL SNFx 47 12 0 Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. David From: supp...

RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme

...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, May 03, 2010 4:52 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme Hi Dave, I'm breaking this into two discussions as they are two different topics. The REAL

[Declude.JunkMail] Sniffer Integration - Bad snf_engine.xml

Dave, Pete has helped me figure out that your XML samples, e.g.: http://interim.declude.com/41048/Scanners/SNF/snf_engine.xml is NOT a valid XML file. Specifically, the closing tag for the "node" element is invalid. It MUST be: (Currently it is "").

RE: [Declude.JunkMail] Sniffer IP Reputation -- Graduated Weight Scheme

Hi Dave, I'm breaking this into two discussions as they are two different topics. The REAL point of Pete's input (and my suggestion) for SNFIPREP is that the reputation scale of -1 through +1 should NOT just result in either ONE positive or ONE negative weight option. Your example:

RE: [Declude.JunkMail] Sniffer "BasePoint"

T, with that said if you think it is really important to be able to use a negative value as you have described in your post, let me know and I can add it to the dev list. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar

RE: [Declude.JunkMail] SNFIP option for "WHITE"?

clude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Saturday, May 01, 2010 2:19 PM To: declude.junkmail@declude.com Subject: FW: [Declud

RE: [Declude.JunkMail] Reporting of Tests Failed Incomplete?

er thread. From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Monday, May 03, 2010 1:10 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Reporting of Tests Failed Incomplete? Hi Dave, I agree with you that the total weight of 9 is co

RE: [Declude.JunkMail] Sniffer Integration -> Multiple Exit Codes

Hi Dave (just in case this one got lost), >> Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. << I know that all 18 "SNF" rule lines only require one invocation of Sniffer - which are then evaluated 18 different way. Fair enough.

RE: [Declude.JunkMail] Reporting of Tests Failed Incomplete?

Hi Dave, I agree with you that the total weight of 9 is correct (I had already "piecemealed" that arithmetic together in my msg). >> As Commtouch Zerohour was implemented differently that regular tests (because it runs as part of the AV code) it is not listed in this log line. Agreed it sh

[Declude.JunkMail] Reporting of Tests Failed Incomplete?

Hi Dave, I do have SOME tests suppressed from the SMTP headers: HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT WEIGHTKILL2 WEIGHT8 WEIGHT10 WEIGHTHDR WEIGHTFOOTER NJABL AHBL SORBS SENDERDB WEIGHTGATEWAY So the SMTP header looks correct - and the weight of 9 is accurate:

FW: [Declude.JunkMail] SNFIP option for "WHITE"?

Dave, Pete confirmed that in addition to the "Caution", "Black" and "Truncate" categories, there is a "WHITE" category (which was also mentioned in the Sniffer documentation). So, I seems as if besides the existing three "SNFIP" options: SNFIPCAUTION SNFIP x 4 5 0 SNFIPBLACK SNFIP x 5

RE: [Declude.JunkMail] Sniffer IP Reputation for "white" listing

riginal Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete McNeil Sent: Saturday, May 01, 2010 11:57 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Sniffer IP Reputation for "white" listing On 4/30/2010 9:32 PM, Andy Schmidt

RE: [Declude.JunkMail] Statistic programs for Junkmail

I happen to run Invariant Software's "Declude Analyzer" (for Declude Virus and Declude Spam). -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Dodell Sent: Saturday, May 01, 2010 12:39 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMai

RE: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate -- SUGGESTION

a large portion of our customers today do not understand or even care about the details. The beauty of Declude is that you are welcome to score tests however you feel appropriate for your email server. I do agree with you that it could be made more clear, but to advise the list NOT to use the

RE: [Declude.JunkMail] Sniffer IP Reputation for "white" listing

lude.com [mailto:supp...@declude.com] On Behalf Of Pete McNeil Sent: Friday, April 30, 2010 7:07 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate On 4/30/2010 5:16 PM, Andy Schmidt wrote: > Hi Pete, > > I'

RE: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate

ct). It's not at all clear that after all their Sniffer rules, 30 would be added to the weight in several cases. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete McNeil Sent: Friday, April 30, 2010 7:07 PM To: declude.junkmail@declude.com Sub

RE: [Declude.JunkMail] Sniffer Integration -> Multiple Exit Codes

12 0 SNIFFER-TRAVEL SNFx 47 12 0 Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of And

RE: [Declude.JunkMail] Sniffer IP vs. Sniffer IP Reputation vs. Sniffer Truncate

Hi Pete, I'm look over Decludes recommended Sniffer configuration and trying to understand how much overlap there is between these options: IPREPUTATIONSNFIPREPx 0 10 -5 SNFIPCAUTIONSNFIP x 4 5 0 SNFIPBL

RE: [Declude.JunkMail] We have opened up truncate.gbudb.net

It is - and I agree with you! From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Matt Sent: Friday, April 30, 2010 12:53 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] We have opened up truncate.gbudb.net Is the result code really 127.0.0.1? That is to

RE: [Declude.JunkMail] Sniffer Integration -> Global Exit Code "nonzero"?

tiple entries the test only runs once and the resulted exit code is the triggered. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, April 30, 2010 10:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integrat

RE: [Declude.JunkMail] Sniffer Integration -> Global Exit Code "nonzero"?

Thanks for clearing up that it doesn't work for the 2nd variable (I'm aware that it is an internal and not and external test, and that it is the SECOND variable, and that it only executes once, etc.) As a suggestion, you might consider enabling the "nonzero" option for the second variable as we

RE: [Declude.JunkMail] Sniffer Integration -> Global Exit Code "nonzero"?

Hi Dave, Thanks for taking the time to explain it. I see that the sample on your web site has already been corrected to read "IPREPUTATIONSNFIPREP " and I was simply working off an earlier copy. For the "SNF" test type, is there a way to have a "global" match (e.g., NONZERO), instead of

RE: [Declude.JunkMail] We have opened up truncate.gbudb.net

gards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete McNeil Sent: Friday, April 30, 2010 4:49 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] We have opened up truncate.gbudb.net On 4/29/2010 10:06 PM, Andy Schmidt wrote: Thanks - I acti

RE: [Declude.JunkMail] Sniffer Integration

Hi, 1. I'm confused about the Sniffer integration sample: SNFIPBLACK SNFIP x 5 10 0 IPREPUTATIONSNFIP x 5 10 -5 It seems to me as if BOTH lines test the SAME Sniffer return code of "5"

RE: [Declude.JunkMail] We have opened up truncate.gbudb.net

Thanks - I activated it in my gateway and will report back after a day or so. Question: a) Does it have TXT records that holds additional info that can be returned in the 5.7.1 message to the sender? b) Is there a lookup URL that can be included in the 5.7.1 message that people can use

RE: [Declude.JunkMail] AllLists.DAT in RAR Format?

o:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, February 19, 2010 11:22 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] AllLists.DAT in RAR Format? Importance: High Hi, Obviously, I know that I can download third party tools to “unrar” the file – but I REALLY hate n

RE: [Declude.JunkMail] CommTouch False Positive

we can report it to Commtouch. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmid

[Declude.JunkMail] AllLists.DAT in RAR Format?

Hi, Obviously, I know that I can download third party tools to “unrar” the file – but I REALLY hate nothing more, but than cluttering up production systems with unnecessary shareware/freeware. Windows has built-in ZIP support (“compressed folders”). Is there any justification to pick a

[Declude.JunkMail] CommTouch False Positive

Hi, How do I go about reporting ZeroHour false positives? For the past few days, one of my cliens has been trying to email a (legitimate) ZIP file with a DLL that keeps getting blocked by CommTouch. How do I submit these D/Q files to get this problem fixed? Best Regards, Andy -

RE: [Declude.JunkMail] Conditional Whitelist - Good Use of SPF!

ral result, couldn't you just create a rule that if the sender passes SPF that you apply a large negative point value? Then you could apply that rule to only the domains that you want to whitelist. Dean On Wed, Jan 20, 2010 at 8:47 AM, Andy Schmidt wrote: > Hi, > > > > Despite all

[Declude.JunkMail] Conditional Whitelist - Good Use of SPF!

Hi, Despite all the shortcomings of SPF, there may be one GOOD use: Every once in a while I receive requests to whitelist certain sender email addresses or domains - then I explain that we don't like to do that because it would allow any spam that PRETENDS to come from that domain to pass.

RE: [Declude.JunkMail] Release 4.10.42

ake the change as suggested. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax <mailto:dbar...@declude.com> dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of

RE: [Declude.JunkMail] Release 4.10.42

Happy New Year: Can you elaborate on the Sniffer implementation please? a) Is the annual cost of Sniffer now included with Declude? b) If we have no "custom" rule-base, there would be no reason not to use the Declude rule-base? c) What's the technical implementation of

RE: [Declude.JunkMail] How to Correctly Parse RECEIVED Headers for IP Address

ted or enclosed at the boundary with parenthesis, but it does happen. Matt Andy Schmidt wrote: Hi Matt, Sorry - but some of these are actually headers inserted by my OWN server. So they are NOT forged. Most of them are "spam", but some of them were even false posi

RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes

FC compliant anyway). I would guess that this would take a programmer maybe an hour to code up and test. Matt Andy Schmidt wrote: Hi Dave, just sent you a zip file - hope it made it past your virus check. It has a few "interesting" cases to see if your new code picks up th

RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes

Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Thursday, November 05, 2009 10:50 AM To: declude.junkmail@declude.com Subject: RE: [De

RE: [Declude.JunkMail] Declude 4.9.39 "Postini Received Header Fix"

.2933 office 978.988.1311 fax dbar...@declude.com From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, November 04, 2009 3:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes

RE: [Declude.JunkMail] Declude 4.9.39 Interim Release Notes

Hi David: I'm interested to better understand this feature. The line you posted looks like a legit received header that Postini indeed should add to the top of the headers when it receives the message from the source? Received: from source ([209.85.221.110]) by

RE: [Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files

thing external. I have our engineer looking to see what we can gather from the file. And will get back to you asap. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, August 26, 2009 11:59 AM To: declude.junkmail@declude.com Subjec

RE: [Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files

de.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, August 26, 2009 11:04 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files Sensitivity: Personal Hi, Doesn't make much sense to as

[Declude.JunkMail] Suggestion: Quarantine problematic Q/D files to match GP1/GP2 files

Hi, Doesn't make much sense to ask a user to submit "debug" logs AFTER a GP fault that only happens sporadically. How about Declude quarantining the Q/D files in question whenever the C:/Declude.GP* files are written? This way, the customer can attempt to reproduce the problem (using the sa

Re: [Declude.JunkMail] Imail 11

Imail 11 supports ActiveSync (e.g., I'm using it from my regular cell phone) to synch contacts, emails, appointments, notes,... From: Nick Hayer Sent: Tuesday, August 11, 2009 6:43 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail 11 SmarterMail. Its the way to go. Ve

Re: [Declude.JunkMail] Imail 11

Hi, been using Imail 11 since May. Several annoying bugs - bug fixes for each one within a few days. Looks good now - but it's not worth for anyone installing NOW because 11.0.1 is in technical preview and saves you the hassle of having to ask for 5 or 6 DLL updates (because they are not being

[Declude.JunkMail] RE: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?

m: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Wednesday, July 08, 2009 10:20 AM To: declude.vi...@declude.com; declude.junkmail@declude.com Subject: [Declude.Virus] Commtouch ZeroHour - no longer active? What's the best procedure everyone uses to renew it?

[Declude.JunkMail] RE: Database error after upgrading & Incorrect HELO in Received Header

Hi, a) As far as the HELOBOGUS test - you likely are missing the various IMAIL 11 fixes that Ipswitch created but only gives out when you ask: http://kb.imailserver.com/cgi-bin/imail.cfg/php/enduser/std_adp.php?p_faqid= 691 With the latest fixed SMTP service and Imail_API DLL, my HELOBOGUS test do

RE: [Declude.JunkMail] All_list.dat

Hi Dave: Good to see that this is (apparently) now an automated procedure that keeps a current file online for us. Thank you! Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Monday, June 08, 2009 4:56 PM To: declude.junkmail@declude.com Subje

[Declude.JunkMail] ZEROHOUR vs. TESTSFAILED

of “TESTSFAILED” filters) which groupings of tests might be testing/triggering on the same “aspect” of a message. Currently ZEROHOUR appears to negate all the other advantages of Declude! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail

RE: [Declude.JunkMail] CommTouch ZeroHour

t: RE: [Declude.JunkMail] CommTouch ZeroHour Yes Internet access provider is a better description of ISP and how it is understood by Commtouch. David -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, June 05, 2009 11:30 AM To: declude.jun

RE: [Declude.JunkMail] CommTouch ZeroHour

Uh - okay, that was the reason, why I wasn't able to purchase CommTouch back when. As a hosting provider (which includes providing mailboxes for the clients' domains), that would fall under the umbrella "primary function is to provide Internet service". If they would define ISP as Internet AC

RE: [Declude.JunkMail] Upgrade 4.6.35 AVG not scanning - FIX

That's semantics - either are "Malicious" emails (Phishing are the new "Viruses" - or sometimes just a precursor). Most "malicious email" scanners now include "phishing" in their realm of responsibility. Bottom line: You need to run a "scanner", it will find malicious emails, whether you technicall

RE: [Declude.JunkMail] Declude 4.5.29 Released

Hi, is the jump from 4.4.25 ( release 4.4 ) to 4.5.26 (release 4.5) intentional or a typo? If 4.5 is a new release, one would have expected it to start at 4.5.) - and thus this latest build be referred to as 4.5.3 ? -Original Message- From: supp...@declude.com [mailto:supp...@declude.com]

RE: [Declude.JunkMail] Errorlevel not working

Because it does a >= comparison, you need to start with the greatest value and work your way lower. -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Serge Sent: Sunday, February 08, 2009 7:58 PM To: declude.junkmail@declude.com Subject: Re: [Declude.J

RE: [Declude.JunkMail] DNS lookup fail, yet e-mail passes spam tests

I wouldn't add anything to the score because it's very common (specially for larger organizations) to have dedicated outbound servers, while all MX records point to their anti-spam/anti-virus gateways! The better approach would be to REDUCE the weight score if you receive mail from a mail serve

RE: [Declude.JunkMail] DNS lookup fail, yet e-mail passes spam tests

Hi, I think there are two different issues: a) As stated by others, the mail SERVER is NOT required to have an MX record (seldomly will!) and is not required to be referenced in the domain's MX record (in case it's an "outbound" server only). b) However, I reject mails from

RE: [Declude.JunkMail] "New" Blacklist / Whitelist (Barracuda)

Hi, I very much feel it's worth it - as long as you combine it with other tests. Other than Sniffer, it flags MORE emails (about 55 to 60%) than CBL Dyna, Spamcop, InvURIBL, Sorbs, SenderDB etc. Many times when I looked at NEW spam (or a Virus), then Barracuda (besides Sniffer) was the ONLY one d

[Declude.JunkMail] No Reverse DNS in Header?

Hi, I never noticed this scenario before, so I figured I ask: One of the emails I investigated was had a "null string" RevDNS in the XINHEADER: X-Declude: Version 4.4.20; Code 0xe from [38.108.41.55] The global config defines the following: XINHEADERX-Declude: Version

RE: [Declude.JunkMail] URIBL vs. SURBL

Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Andy Schmidt wrote: > Hi, > > I checked two of my systems and

[Declude.JunkMail] URIBL vs. SURBL

Hi, I checked two of my systems and noticed that apparently multi.uribl.com does not have any hits for its black and red lists EVER? I find that hard to believe. My systems DOES check SURBL first, and only would pass a good message to URIBL. Is it really possible that URIBL is fully redundant to

[Declude.JunkMail] "New" Blacklist / Whitelist

a) Pay $20.00 for another flavor of SPF - or do I see this wrong? http://www.emailreg.org/ b) http://www.barracudacentral.org/rbl Hadn't seen this one mentioned? Any experiences? Effective? False Positives? --- This E-mail came from the Declude.JunkMail mailing list. To unsubs

[Declude.JunkMail] http://tools.declude.com/headercode.php?code=8000004e

That really does NOT help. I know it failed the BADHEADERS test, otherwise I wouldn't use the BADHEADERS tool to look up the cause. The explanation doesn't need to tell me what's okay, I need to know what's NOT. After reading the explanation I'm just as smart as before: Results The E-mail fa

RE: [Declude.JunkMail] country chain

Hi, I think that counting countries is not necessarily helpful - specially if you think of other continents. In Europe, many AOL IP blocks are registered to the U.K. Knowing that an email went through two or three countries before reaching you does not really imply anything, specially for corporat

RE: [Declude.JunkMail] country chain

I believe the routing test looks for emails hopping back and forth across major regions. So, if the email was sent from the U.S. to China and then back to the U.S., it should trigger. But, if a multinational company has I/T resources (or registered IP addresses) south or north of the border, or if

  1   2   3   4   5   6   7   8   9   10   >