Re: [Declude.JunkMail] Declude not taking action
Not related to your problem but do yourself a favor block @mcsi.net only thing I ever seen from there is spam. Best regards, Eje Aya Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 240-376-7272 - Your Full Time Professionals - Online Store http://www.wisp-router.com/ MikroTik, Star-OS, PACWireless, EnGenius, RF Industries -- KR I figure that each individual E-mail on my system has about a 0.6% KR chance of being stolen and delivered by the queue. KR Matt: KR I have spent a lot of my years in the field of mathematics. A study done a KR while back and it is related to data-mining stated.. men buy baby diapers KR and orange juice on Tuesdays more than any other day of the week. KR While it sounds interesting it is real hard to make any use of it. :) -- I KR am either very lucky or the 0.6% is only concentrating itself to my KR mailbox. KR On our very small volume server I got 2 last night and that is only me - KR others are probably getting it and not letting us know. KR Attached is an email that IMail added its headers but Declude never saw. KR I get about 2-3 daily. KR Regards, KR Kami -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] failed to fail test ?
Thanks Scott for clearing things up for me.. Since all my dailup and highspeed customers have correct revdns and everyone outside our network have to use smtp auth (running WHITELIST AUTH) then there should be no implications to do a spamdomain with fament.com. If this is the case then time to add all my own domains in there and cut of another potential spamhole... Best regards, Eje Aya Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 240-376-7272 - Your Full Time Professionals - Online Store http://www.wisp-router.com/ MikroTik, Star-OS, PACWireless, EnGenius, RF Industries -- Yet this piece of mail did come though with a very low rate and didn't fail the HOLOBOGUS ? Received: from fament.com [63.165.214.42] by imail.fament.com with ESMTP (SMTPD32-8.03) id AD019930280; Sat, 22 Nov 2003 19:27:29 -0600 RSP That's because the HELO is fament.com, and fament.com has an MX RSP record. Therefore, it is a valid HELO. RSP However, 63.165.214.42 is not in the MX record of fament.com, so: X-Tests-Failed: IPNOTINMX, REVDNS. RSP it failed the IPNOTINMX test. Wouldn't helobogus add it's weight to it ? Or have I miss understood the helobogus test ? How can I punish servers that try claim be from my domain like the above ? RSP HELOBOGUS just looks for bogus HELO entries (such as random characters, IPs RSP masquerading as hostnames, and made-up domains). RSP IPNOTINMX checks for IPs that aren't listed in the sender domain's MX RSP records (note that it is not unusual for legitimate mail to be sent this way). RSP In this case, SPAMDOMAINS may be the best answer, as it will require the RSP reverse DNS entry of the sending computer to include the domain name in the RSP return address -- but only for domains that you specify. So if you list RSP fament.com, this mail would have been caught. But if you do list your RSP domain, you need to be sure that people sending mail through your server RSP come from IPs with your domain in the reverse DNS entry. And how could the score end up at -2 ? What is the math behind it. RSP Declude JunkMail adds all the weights for the E-mail, which came out to -2 RSP here. RSP The confusing parts are things like negative weights (either kind -- a test RSP that has a weight of -2, or a test that has a weight that is added for RSP E-mail that does NOT fail the test, like the IPNOTINMX and NOLEGITCONTENT RSP tests), and filters where multiple lines can match. RSP -Scott RSP --- RSP Declude JunkMail: The advanced anti-spam solution for IMail mailservers. RSP Declude Virus: Catches known viruses and is the leader in mailserver RSP vulnerability detection. RSP Find out what you've been missing: Ask about our free 30-day evaluation. RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. The archives can be found RSP at http://www.mail-archive.com. -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] failed to fail test ?
I have the following two tests in my global.cfg (along with others) HELOBOGUS helovalid x x 6 0 IPNOTINMX ipnotinmx x x 0 -3 REVDNS revdnsexistsx x 7 0 NOLEGITCONTENT nolegitcontent x x 0 -8 Yet this piece of mail did come though with a very low rate and didn't fail the HOLOBOGUS ? Received: from fament.com [63.165.214.42] by imail.fament.com with ESMTP (SMTPD32-8.03) id AD019930280; Sat, 22 Nov 2003 19:27:29 -0600 Received: from DJQ92P11 [192.168.123.124] by fament.com with eSMTP; Sat, 22 Nov 2003 19:27:21 -0600 Message-ID: [EMAIL PROTECTED] From: ryan [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Tests-Failed: IPNOTINMX, REVDNS. X-Note: Total spam weight of this E-mail is -2. By default everything supposed to be -11 on a good e-mail. 63.165.214.42 is NOT a valid MX record for fament.com Wouldn't helobogus add it's weight to it ? Or have I miss understood the helobogus test ? How can I punish servers that try claim be from my domain like the above ? And how could the score end up at -2 ? What is the math behind it. The -3 and -8 in the 6th column are the only - I have in that column anywhere. So if it's -8 + 7 then shouldn't the weight be -1 and not -2 ? But most important how can I punish servers that claim to be fament.com if they are not ? Best regards, Eje Aya Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 240-376-7272 - Your Full Time Professionals - Online Store http://www.wisp-router.com/ MikroTik, Star-OS, PACWireless, EnGenius, RF Industries -- -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] blocking spam faked as coming from local address
Talking about SPAMDOMAINS anyone have a list they would like to share with me (on or offlist). I just setup this test and put in the ones I could THINK of of top of my head (yahoo, msn, hotmail and a couple of others) but my list was no more then about 10-12 before I ran out of domains I could think of that I know was commonly used.. Best regards, Eje Aya Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 240-376-7272 - Your Full Time Professionals - Online Store http://www.wisp-router.com/ MikroTik, Star-OS, PACWireless, EnGenius, RF Industries -- MB Let's keep in mind that the discussion has changed from the original MB topic of MAILFROM Forged to VERP + Forged. MB For the last day I've been filtering using the SPAMDOMAINS method which MB captures examples of both topics in this thread, however it didn't MB capture E-mail that fakes a local domain when it is sent from my MB Microsoft SMTP server because I have that IPBYPASSed (there would MB otherwise be a lot of this). MB MAILFROM Forged MB --- MB As far as the MAILFROM test goes for finding faked local addresses, here MB are my results but bear in mind that this excludes intra-server faked MB domains from Web sites: MB 3 - Spam w/Forged address (2 passed filters with 80% of fail weight, MB 1 failed). MB 9 - Legit w/Forged address (E-mails sent from one local user to MB another local user but didn't use my server for sending.) MB = MB 12 - E-mails caught with whitelisting local Web server. MB For me the FP rate of a MAILFROM ENDSWITH local domain test was 75% with MB whitelisting (as it is currently set) or about 89% without whitelisting MB because of mail sent from local Web sites. The FP rate would definitely MB higher on weekdays because legit volume is higher and several customers MB have business communications sent forged. This test tagged a total of 3 MB pieces of spam out of a total of 1,968 unique messages received (0.15% MB of unique messages). MB I am going to look at an entire week's traffic with the MAILFROM test as MB Andrew suggested in order to spot the possibility of adding a point or MB two if there is leeway in the current scoring. For such a small number MB of forged addresses though, I don't want to risk the possibility of MB FPing on anything. I do have problems with legit E-mail doing this that MB fails multiple tests that I don't want to turn down to allow this, and I MB don't like to whitelist if at all possible. MB SPAMDOMAINS-based VERP + Forged MB MB Now as far as the SPAMDOMAINS-based test results go, here's what I found: MB 120 - Spam messages caught (71%) MB 117 - Spam w/VERP MB 3 - Spam w/Forged addresses MB 50 - Legit messages caught (29%) MB 41 - Legit w/VERP MB 9 - Legit w/Forged addresses MB MB 170 - Total Messages Caught MB The only spams that got through were the two mentioned above that MB actually forged the local sender. I also had one false positive in this MB group which was sent from Yahoo Groups and FP'd because for some reason, MB this message failed EASYNET-PROXIES. I assume that this was a problem MB in the lookup returned by Easynet because that IP is not currently in MB their database, and that same server successfully sent about 40 other MB messages without being caught. This message was also sent to a dead MB address that I am scoring as a 'spamtrap' but it is forwarded to another MB account so I'm not killing the message automatically. MB From looking at the spam using VERP, almost all of it came from a small MB handful of companies who have been tagged by FIVETEN-SPAMSUPPORT, MB MAILPOLICE-BULK, SPAMCOP, EASYNET-DNSBL and SBL. All but about 5 of MB these were tagged by at least two of those mentioned which is enough to MB fail any message with no other points necessary. None of the spam VERP MB messages passed my filters. MB It appears that all of this VERP stuff comes from gray-spam (for lack of MB a better word). These are addresses harvested primarily from contest MB and free membership sites with participants knowingly giving their MB addresses away for such things (not all of it uses VERP of course). The MB ones using VERP likely have somewhat static addresses and therefore MB these mailers are easily tagged by the leading blocklists. I don't MB believe I have any problems with VERP spammers, though this will take MB more monitoring to make a solid conclusion. MB I do have problems already with FP's on legit opt-in advertising, some MB of which use VERP. Too often such places find their way onto MailPolice MB or SpamCop only to be removed shortly thereafter, a problem
Re: [Declude.JunkMail] Whitelisting
Say I want to do this for [EMAIL PROTECTED] as I understand I have to create a fament.com directory would it be enough to drop in a postmaster.Junkmail in that directory and have the rest of the default settings be picked up from the main default \imail\declude\$default$.junkmail file ? I want to avoid having to many $default$.junkmail files because that means when new features are added and lists dies etc I have to manually edit multiple files. The less files to edit the better IMO. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - Mikrotik OEM dealer - Online Store http://www.fament.net/ -- It was also mentioned to a blank user file with the per user config which would allow all tests to pass. Would this work also? I just wanted more options. The negative weight works. RSP The blank per-user file would work, just differently. RSP Using a whitelist will ensure that the E-mail is delivered. The blank RSP per-user file would work almost the same as whitelisting E-mail that was RSP sent *just* to that one user, but if it was sent to other users as well, it RSP could get blocked. RSP -Scott RSP --- RSP Declude JunkMail: The advanced anti-spam solution for IMail mailservers. RSP Declude Virus: Catches known viruses and is the leader in mailserver RSP vulnerability detection. RSP Find out what you've been missing: Ask about our free 30-day evaluation. RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. The archives can be found RSP at http://www.mail-archive.com. -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SORBS-SPAM
If someone demands they not get listed then they deserve to get blacklisted because OBVIOUSLY they have something to hide. .6 is List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, this could be for providing websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you are out' basis, where the third spam will cause the supporter to be blocked. .8 List of hosts demanding they are never tested by SORBS. So of course someone that host spammers will demand they never be tested. Almost should be a case for immediate blocking IMO. Either way with declude there is not reason to directly block anything just use a weighted system where each test add to the total weight. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - Mikrotik OEM dealer - Online Store http://www.fament.net/ -- PBH Yes..do not block on 127.0.0.6 and .8 PBH pbh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smart Business Lists Sent: Monday, September 01, 2003 4:57 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SORBS-SPAM Careful on SORBS-SPAM - blocking some large providers - Cox for one. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] PBH --- PBH [This E-mail scanned for viruses by Declude Virus] PBH --- PBH [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] PBH --- PBH This E-mail came from the Declude.JunkMail mailing list. To PBH unsubscribe, just send an E-mail to [EMAIL PROTECTED], and PBH type unsubscribe Declude.JunkMail. The archives can be found PBH at http://www.mail-archive.com. -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY etc
Seems like it according to the news and information that been released. Another rbl list that been killed by nasty DoS attacks more then likely caused by spammers. sorbs.net seems to be a decent replacement. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - Mikrotik OEM dealer - Online Store http://www.fament.net/ -- GH Hi, GH Is relays.osirusoft.com permanently offline? GH _ GH Glen Harvy GH Aquarius Communications GH for all your Internet Needs. GH Phone 9977 3788 Fax 9977 3844 -- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Another new test
ipswitch been meaning to add a tag in their queue file (the qx file) where it would show if the message was a local originated, remote originated or a remote smtp-auth originated. This way Scott could create a test that could add a weight to any remote originated e-mail that are NOT smtp-authenticated (local I understand should include all the ips and ip blocks you allow to relay through the server). But until that happens there is no way for Scott to securely determine if it was a local or remote originated e-mail short of digging through the log files to see if it's a smtp-authed e-mail and check the relay list and determine if the remote address is allowed to relay. / Eje Sunday, June 22, 2003, 4:33:59 PM, you wrote: DM This morning I received three spam from my own email address. DM How about a way to tag a local user but remote origin? DM Doug DM --- DM [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DM --- DM This E-mail came from the Declude.JunkMail mailing list. To DM unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DM type unsubscribe Declude.JunkMail. The archives can be found DM at http://www.mail-archive.com. DM --- DM [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Fraud Alert
Hey that one looks familiar.. I got 4 copies of that one today on different e-mail accounts that I NEVER used (however posted on webpages). Funny thing is that each and everyone of these are the same purchased item with same address.. I called BestBuy about it earlier today tried to get them to post a dang warning on their website about this fraud. Only way to fight misinformation such as this one is with information. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - Mikrotik OEM dealer - Online Store http://www.fament.com/catalog/ -- DP Watch out for this one, the underlying code looks like: DP href=http://www.your-instant-credit-reporter.org/fraud.html;FONT face=Arial size=2BestBuy.com/fraud_department.html/FONT/A/DIV/BODY/HTML DP The subject reads: DP BestBuy Order #1095619. Fraud Alert. DP The message reads: DP Dear customer, DP DP Recently we have received an order made by using your personal credit card information. DP This order was made online at our official BestBuy website on 06/19/2003. DP Our Fraud Department has some suspicions regarding this order and we need you to visit a special Fraud Department page at our web store where you can confirm or decline this transaction by DP providing us with the correct information. DP This e-mail address has been taken from National Credit Bureau. DP DP Click the link below to visit a special Fraud Department page to resolve the cause of the problem. DP BestBuy.com/fraud_department.html DP -- DP ORDER# 1095619 - STATUS: SUSPENDED DP ITEMS PURCHASED DP -- DP Item No: 73890 DP CDA-9815 In-Dash CD Player/Ai-Changer Controller DP Price: $387.65 Qty: 2 Total: $775.3 DP DP The order listed above has not yet been processed. DP The reason for the delay in processing your order is: DP DP - UNVERIFIED SHIPPING ADDRESS DP DP - Information provided: DP Shipping DP 41 WINHAM ST DP Staten Island, NY 10306 DP United States DP phone# 206-337-9843 DP DP In our effort to deter fraudulent transactions, we need your help in providing us with the correct information. Your prompt response is needed to avoid any unauthorized charges to your credit DP card. DP DP -- DP Click the link below to visit a special Fraud Department page to resolve the cause of the problem. DP BestBuy.com/fraud_department.html DP --- DP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DP --- DP This E-mail came from the Declude.JunkMail mailing list. To DP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DP type unsubscribe Declude.JunkMail. The archives can be found DP at http://www.mail-archive.com. DP --- DP [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] My domain failing HELOBOGUS
You need to have a MX record for hasna.jeeran.com which you don't have. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - Mikrotik OEM dealer - Online Store http://www.fament.com/catalog/ -- OK Why would my IMGATE machine fail the HELOBOGUS test when HELO/EHLO data OK header returns: OK 220 hasna.jeeran.com - ESMTP - Postfix - Ahlan Wa Sahlan OK Which seems complaint to me. Here is the error in the log file: OK Msg failed MX; testing A (HELOBOGUS ) [0 1 0 ] OK --- OK [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] OK --- OK This E-mail came from the Declude.JunkMail mailing list. To OK unsubscribe, just send an E-mail to [EMAIL PROTECTED], and OK type unsubscribe Declude.JunkMail. The archives can be found OK at http://www.mail-archive.com. OK --- OK [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Request for new/enhanced feature
I keep getting mail that slipps through that IMO shouldn't be that hard to catch really... They use a variant of the html comments but the way they do it it don't get detected as a mail with to many html comments. Below is a snippet of example text inside the html formated e-mail : Pk73ch7b1tddyenkqjezab3w79ejis Enkpv36t91gfs2largktwn2sd3kn7tqemek63uv4i3njxxcnt Pikxl9qjl2r3ervkll On The Mak9jgo17u5v244rkekth2amv3m1st!/font/font/font/bfont face=Arial,Helvetica/font pfont face=Arial,Helvetica* Gksfvuh135aju042aikndkb4w1ppwy192n 3kbq72kb2dv2xsd2+ Full Inkn46ft9yw8pchkwhb2wy27wls3es In Lengka4vte11x26Lengka4vte11x26wth/font brfont face=Arial,Helvetica* Exkcay5sz12le0pand Your Pekt70s753udaio49nis Up To 20kh3tfh82ejp1% Basically remove the x junk and you get the text. Since these are invalid html comments most e-mail clients just simply ignore the comment text all together since it has the around the text. This messages X-Tests-Failed: IPNOTINMX, SUBJECTSPACES, LONGSUBJECT. IMO this should also have failed HTMLCOMMENTS which it did not. So my question.. Would it be possible to add the above junk as detected html comment ? Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] -- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - Mikrotik OEM dealer - Online Store http://www.fament.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: SPAMCOP:Re: [Declude.JunkMail] HiJack Not Working ?
Not besides that your listed yourself in spamcop and that you need to take a look at the logs to see what's in them and/or show them to us so we can see what is failing. I see a couple of things right of. 1) no reverse DNS for 208.253.112.168 which is your sending ip for you mailserver. 2) your subnet is listed with numerous spam lists. DELINK, SPAMCOP, XBL, HEUR1, REVDNS, SPAMCHK, IPNOTINMX, Reverse-IP - Eje Wednesday, March 26, 2003, 9:15:11 PM, you wrote: BC Scott, BC I made these changes and restarted services. BC But then I stopped receiving emails. BC When I reverted back, I'm now receiving emails again. BC Any thoughts? BC Thanks. BC b BC -- Original Message -- BC From: R. Scott Perry [EMAIL PROTECTED] BC Reply-To: [EMAIL PROTECTED] BC Date: Wed, 26 Mar 2003 19:19:28 -0500 I checked the W log files and it looks like they are coming in through web messaging (god knows how they are sending that much email through web messaging) under several IP's ranging from Nigeria to Israel. I blocked those IP's within Imail Control Access. Ah, that explains what is going on. That's the first time I've seen serious spammers try to send E-mail through web messaging. How can I make Hijack work with webmessaging? It is possible to do this, by having the declude.exe file act as the smtp32.exe file, so that Declude can intercept the web messaging E-mail. This is done by renaming the smtp32.exe file to ipsmtp.exe, renaming the declude.exe file to smtp32.exe, using a DAISYCHAIN ipsmtp.exe line in the hijack.cfg file. Then, you need to use regedit to change the HKEY_LOCAL_MACHINE\Software\Ipswitch\IMail\Global\SendName value to point to smtp32.exe instead of declude.com, and finally stop/restart the IMail SMTP service so that IMail will recognize the change -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for Viruses and Spam by Richmond.com] BC --- BC [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] BC --- BC This E-mail came from the Declude.JunkMail mailing list. To BC unsubscribe, just send an E-mail to [EMAIL PROTECTED], and BC type unsubscribe Declude.JunkMail. The archives can be found BC at http://www.mail-archive.com. BC --- BC [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Q: help with fixing client-side?
Not sure where your getting 1903 etc from but that is besides the point. The main problem in this mess is among other things this line Date: 20 Mar 03 18:30:01 -0800 A correct date according to the RFC should read Date: 20 Mar 2003 18:30:01 -0800 The mac I seen resets back to 1980 when the batteries dies in them and I think they use regular unix EPOC just like allot of other systems out there when your dealing with system time (seconds since 1970 Jan 1 00:00:00). - Eje Friday, March 21, 2003, 7:30:30 PM, you wrote: DP I have some insight on the date issue. DP Macs tell time by counting the amount of time since a date in 1903 (something to do with the Wright Brothers), used as time zero. It makes them automatically y2k savvy, but it also means that DP when a particular machine's been around long enough for the clock battery to die, they reset to time zero (1903). DP Dan DP On Friday, March 21, 2003 10:24, Joseph Acac [EMAIL PROTECTED] wrote: What follows is the header from an email sent from a valid account to another valid account, here at UCD. The recipient was concerned that this message would be tagged as 'consistent with spam' and/or 'bad headers'. My thoughts were that perhaps its because the user is on an older Macintosh, running an old version of Quick Mail, which perhaps doesn't follow standard email protocol/form? Any ideas? Thanks, joe X-POP3-Rcpt: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Received: from salzburg.ucdavis.edu (salzburg.ucdavis.edu [169.237.104.162]) by orvieto.ucdavis.edu (8.11.6/8.11.0/IT4.6.2) with ESMTP id h2L2M1p20970 for [EMAIL PROTECTED]; Thu, 20 Mar 2003 18:22:01 -0800 (PST) Received: from primate.ucdavis.edu (blackhole.primate.ucdavis.edu [169.237.80.10]) by salzburg.ucdavis.edu (8.11.6/8.11.0/virus-scan-4.0.1) with ESMTP id h2L2Lwd08932 for [EMAIL PROTECTED]; Thu, 20 Mar 2003 18:21:59 -0800 (PST) Received: from 169.237.80.51 [169.237.80.51] by primate.ucdavis.edu (SMTPD32-7.13) id A7451A730278; Thu, 20 Mar 2003 18:21:57 -0800 Date: 20 Mar 03 18:30:01 -0800 From: Alice Tarantal [EMAIL PROTECTED] Subject: RE: Pilot call To: John Capitanio [EMAIL PROTECTED] X-Mailer: QuickMail Pro 1.5.4 (Mac) X-Priority: 3 MIME-Version: 1.0 Reply-To: Alice Tarantal [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Message-Id: [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c014020e]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c014020e]. X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [169.237.80.51] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by orvieto.ucdavis.edu id h2L2M1p20970 Joseph C. Acac CNPRC University of California at Davis [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. DP --- DP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DP --- DP This E-mail came from the Declude.JunkMail mailing list. To DP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DP type unsubscribe Declude.JunkMail. The archives can be found DP at http://www.mail-archive.com. DP --- DP [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] HELO contains
Question.. I see more and more spams that is coming where the senders MTA is claiming to be the localhost As for example one of my servers is called imail.fament.com Latest spam that slipped through had following header Received: from imail.fament.com [66.81.201.98] by imail.fament.com (SMTPD32-7.13) id A7F38560150; Wed, 12 Mar 2003 16:42:59 -0600 Note that 66.81.201.98 is the spammers ip and do NOT belong to me. SOO.. My question is this.. Could I create a wordfilter rule that goes like HELO 10 CONTAINS imail.fament.com or will that shoot myself in the foot for some reason ? If it really is the HELO string then I don't see this as a problem since my understanding is that my mail server do NOT connect to itself and should then never send the helo imail.fament.com to itself ?! Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] HELO contains
Alright. Great. No the other mailserver identifies itself as backup.fament.com which I don't have declude on. On the other hand there. My backup mx server only forward mail. Do I have to get the Pro version of Declude or would Standard be enough ? I did throw out Webshield because it records the headers so badly that so much junkmail came in that direction. / Eje Wednesday, March 12, 2003, 5:17:33 PM, you wrote: SOO.. My question is this.. Could I create a wordfilter rule that goes like HELO 10 CONTAINS imail.fament.com or will that shoot myself in the foot for some reason ? RSP That will work fine, just so long as you don't have any other mailservers RSP that identify themselves as imail.fament.com. If your IMail server is RSP the only one that does, the filter will work fine. If it really is the HELO string then I don't see this as a problem since my understanding is that my mail server do NOT connect to itself and should then never send the helo imail.fament.com to itself ?! RSP Correct. There might be odd cases where the IMail server would connect to RSP itself, but if that happens, you've got another problem on your hands (as RSP it would cause a mail loop). RSP -Scott RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. The archives can be found RSP at http://www.mail-archive.com. RSP --- RSP [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Store and Forward w/JunkMail Question
spamreview rocks. Only wish it could do filters with wildcards. Hate the darn spammers that uses mail123.domain.tld mail124.domain.tld and so on do *.domain.tld and take care of them for good. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan -- JT Instead of ROUTETO, you could use HOLD. Then, the files will be in Imail\spool\spam\hold folder. You can either open them with notepad or use SpamReveiw. JT John Tolmachoff MCSE, CSSA JT IT Manager, Network Engineer JT RelianceSoft, Inc. JT Fullerton, CA 92835 JT www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Keith Johnson Sent: Tuesday, February 11, 2003 7:10 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Store and Forward w/JunkMail Question Since late last year we have had our entire setup with virtual hosted domains with No Mail Relay. We are going to change our relay mode to 'relay for addresses' to filter email for about 10 or more Exchange Servers (thus, store and forward). However, we are going to still require all our other domains to SMTP Auth to us. My question is, with JunkMail, does all the filters and commands work just like they do under domains hosted on the IMail server itself. Previously, we always used the RouteTo a mailbox (same domain) for a 'little' admin to look at the spam email and thus forward it on to the necessary person, however, we won't be able to do that anymore with these domains since the domain isn't on the box. We were thinking of creating a bogus.com domain and RouteTo there. Thanks for allowing me to ramble here, just trying to see if I missed anything. I believe the Declude Virus should be fine with this as well. Thank you for the info. Keith Nf???yu u ?dj)jgnr[x??f)+Nrz;?ukj)r[y jw???m r[x?8jqy ?? f+rmw? Vry JT --- JT [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] JT --- JT This E-mail came from the Declude.JunkMail mailing list. To JT unsubscribe, just send an E-mail to [EMAIL PROTECTED], and JT type unsubscribe Declude.JunkMail. The archives can be found JT at http://www.mail-archive.com. JT --- JT [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Base64 encoded
I know in the past it was discussion about legit base64 usage in mail. I found what seems to be a legit e-mail where the mail client is base64 encoding the message. Received: from mail.XX.com [12.28.XX.XXX] by imail.fament.com with ESMTP (SMTPD32-7.13) id A4EE26B0366; Wed, 15 Jan 2003 09:57:34 -0600 Received: from [10.1.102.202] by mail.XX.XXX with SMTP (QuickMail Pro Server for Mac 3.0.1); 15-Jan-2003 09:57:19 -0600 Date: 15 Jan 2003 09:45:15 -0600 Message-ID: [EMAIL PROTECTED] From: X X [EMAIL PROTECTED] Subject: Fwd: To: X XX [EMAIL PROTECTED] X-Mailer: QuickMail Pro 3.0 (Mac) X-Priority: 3 MIME-Version: 1.0 Reply-To: X X [EMAIL PROTECTED] Content-Type: multipart/mixed; boundary=50524848535754575554===1 X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: WEIGHT10: Weight of 20 reaches or exceeds the limit of 10. X-Tests-Failed: REVDNS, BASE64, WEIGHT10, WEIGHT20. X-Note: Total spam weight of this E-mail is 20. --50524848535754575554===1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=US-Ascii regular text message (seems to be a chainmail) MSN 8: advanced junk mail protection and 2 months FREE* http://g.msn.com/= 8HMNEN/2017 --50524848535754575554===1 Content-Transfer-Encoding: base64 Content-Type: text/html; name=Text00.htm; x-mac-creator=556DC536; x-mac-type=54455854 PGh0bWw+PGRpdiBzdHlsZT0nYmFja2dyb3VuZC1jb2xvcjonPjxESVY+DQo8UD48QlI+PFVuZGlz Y2xvc2VkLVJlY2lwaWVudD rest of the base64 is cut off. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Base64 encoded
Well. When I say legit I reference in that it is not a spam mail but a regular mail communication to a user that been sent with a regular mail program. Like you using Eudora Version 5.1 to send a e-mail message directly to me. This person was using QuickMail Pro 3 (mac) to send a e-mail to a client on our service. Reason for doing base64 ? None except poor software engineering and client more then likely using default settings because they don't know better. There is no reason really for the base64 just that it does it anyways in poor practice. I personally put in a word filter rule that now gives this X-mailer a somewhat negative weight to compensate for it's poor e-mail sending behavior. Wasn't sure if anyone ever found a e-mail client that did post standard message in base64 besides what we frequently see from spammers with advertisment junk in it. / Eje Tuesday, January 21, 2003, 2:42:41 PM, you wrote: I know in the past it was discussion about legit base64 usage in mail. I found what seems to be a legit e-mail where the mail client is base64 encoding the message. RSP The question here is what legitimate means. RSP Does it mean that it is a legitimate E-mail, which uses base64 encoding for RSP no apparent reason (which we are not too concerned about, as most people RSP only use the BASE64 test towards the weighting system), or is it a RSP legitimate mail that has a legitimate reason for using base64 encoding RSP (which we would care about, as it could indicate that there are false RSP positives that can't be prevented)? RSP -Scott RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. The archives can be found RSP at http://www.mail-archive.com. RSP --- RSP [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] Base64 encoded
Thank you I had missed the OWA I added that one myself. Thanks. Tuesday, January 21, 2003, 3:33:06 PM, you wrote: CA As per John's earlier research on OWA as a client, and Eje's report I now CA use this in one of my filter text files: CA #Nov-29-2002 AC Cancel the BASE64 weight when the client was CA # OWA for Exchange 2000 and Enterprise CA HEADERS -4 CONTAINS V6.0.5762.3 CA HEADERS -4 CONTAINS V6.0.6249.0 CA #Jan-21-2003 AC Cancel the BASE64 weight another product that CA # happens to encode body test as BASE64 CA HEADERS -4 CONTAINS QuickMail Pro Server for Mac CA Andrew 8) EG Wasn't sure if anyone ever found a e-mail client that did post EG standard message in base64 besides what we frequently see from EG spammers with advertisement junk in it. JT Outlook Web Access on Exchange 2000. CA --- CA [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] CA --- CA This E-mail came from the Declude.JunkMail mailing list. To CA unsubscribe, just send an E-mail to [EMAIL PROTECTED], and CA type unsubscribe Declude.JunkMail. The archives can be found CA at http://www.mail-archive.com. CA --- CA [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Base64 encoded
Hello Dan, I see. Thanks for the clearification. This particular message was a html encoded message where the html part got encoded. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan -- DP Eje, DP I use QuickMail on a Mac and Base64 is used as the encoding type by two of their standard configs, but only for attachments. Base64 encoding for the message body requires a manual change. What DP most likely happened is that the sender in question was swapping around encoding types trying to get an attachment to go through and got sloppy. DP Dan DP On Tuesday, January 21, 2003 13:14, Eje Gustafsson [EMAIL PROTECTED] wrote: Well. When I say legit I reference in that it is not a spam mail but a regular mail communication to a user that been sent with a regular mail program. Like you using Eudora Version 5.1 to send a e-mail message directly to me. This person was using QuickMail Pro 3 (mac) to send a e-mail to a client on our service. Reason for doing base64 ? None except poor software engineering and client more then likely using default settings because they don't know better. There is no reason really for the base64 just that it does it anyways in poor practice. I personally put in a word filter rule that now gives this X-mailer a somewhat negative weight to compensate for it's poor e-mail sending behavior. Wasn't sure if anyone ever found a e-mail client that did post standard message in base64 besides what we frequently see from spammers with advertisment junk in it. / Eje Tuesday, January 21, 2003, 2:42:41 PM, you wrote: I know in the past it was discussion about legit base64 usage in mail. I found what seems to be a legit e-mail where the mail client is base64 encoding the message. RSP The question here is what legitimate means. RSP Does it mean that it is a legitimate E-mail, which uses base64 encoding for RSP no apparent reason (which we are not too concerned about, as most people RSP only use the BASE64 test towards the weighting system), or is it a RSP legitimate mail that has a legitimate reason for using base64 encoding RSP (which we would care about, as it could indicate that there are false RSP positives that can't be prevented)? RSP -Scott RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. The archives can be found RSP at http://www.mail-archive.com. RSP --- RSP [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. DP --- DP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DP --- DP This E-mail came from the Declude.JunkMail mailing list. To DP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DP type unsubscribe Declude.JunkMail. The archives can be found DP at http://www.mail-archive.com. DP --- DP [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ipswitch Newsletter
Hello Michael, Looks like your giving mail that fail the spamheaders test a negative 1 in weight. Funny that ipswitch's newsletter fails this test.. At least it's not a message or newsletter from Scott now that would be really REALLY amusing consider the guys skills and knowledge ;) -Eje ML Either I am doing something wrong or this is worth a chuckle. ML Received: from newman.ipswitch.com [156.21.1.4] by ucopiannetworks.com with ML ESMTP ML (SMTPD32-6.05) id ACC42F4B00CA; Wed, 08 Jan 2003 21:21:56 -0500 ML Received: from CAMPAIGN [156.21.1.4] by newman.ipswitch.com ML (SMTPD32-7.12) id A2E2AE027A; Wed, 08 Jan 2003 13:50:10 -0500 ML From: Tamara Hart, Ipswitch [EMAIL PROTECTED] ML To: [EMAIL PROTECTED] ML Subject: Your Ipswitch Newsletter - January Edition ML Date: WED, 08 JAN 2003 13:50:10 -0400 ML MIME-Version: 1.0 ML Reply-To: [EMAIL PROTECTED] ML Content-Type: multipart/alternative; boundary=Boundary.. ML Message-Id: 200301081350968.SM00206@CAMPAIGN ML X-Declude-Sender: [EMAIL PROTECTED] [156.21.1.4] ML X-Note: This E-mail was scanned by Ucopian JunkMail ML (www.ucopiannetworks.com) for spam. ML X-Spam-Tests-Failed: SPAMHEADERS [-1] ML X-RCPT-TO: [EMAIL PROTECTED] ML X-UIDL: 342055870 ML Status: U --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] I can't believe this would even work.
This people been discussed about on the isp-ceo list provided by isp-planet.com. I gotten that one as well. One guy at the isp-ceo list sent the guy a quote for about $1mill per month up front payment ;P / Eje Thursday, January 2, 2003, 10:01:28 AM, you wrote: CF Some spammer is soliciting for dedicated hosting of spam servers. CF The received header - CF Received: from onemails2608.com [66.118.148.209] by argolink.net CF (SMTPD32-6.06) id A638128C0132; Mon, 30 Dec 2002 08:20:40 -0600 CF It was only caught by spamheaders. It just goes to show, someone CF somewhere is willing to support spammers if money can be made. CF Thanks, CF Chuck Frolick CF ArgoNet, Inc. CF -Original Message- CF From: W2K Servers Needed [mailto:[EMAIL PROTECTED]] CF Sent: Monday, December 30, 2002 8:24 AM CF To: [EMAIL PROTECTED] CF Subject: I need 2 win2k dedicated servers CF Importance: High CF If you've already received this email, please disregard it. CF I need 2 dedicated servers running Windows 2000, with FTP and Terminal CF Services access. I will be increasing servers if your service meets our CF demands. You will get occasional spam complaints (at most 5 per month). CF I won't be spamming or port scanning directly from the servers. I will CF be mailing through proxies, so you will get very few complaints, if any CF at all. If you can provide this service, please reply back and let me CF know. CF The headers - CF Received: from host01.corp.argolink.net [209.144.1.13] by argolink.net CF with ESMTP CF (SMTPD32-6.06) id AF4C3D490142; Thu, 02 Jan 2003 09:48:28 -0600 CF Return-Path: [EMAIL PROTECTED] CF Delivered-To: [EMAIL PROTECTED] CF Received: from onemails2608.com [66.118.148.209] by argolink.net CF (SMTPD32-6.06) id A638128C0132; Mon, 30 Dec 2002 08:20:40 -0600 CF Reply-To: [EMAIL PROTECTED] CF Date: Mon, 30 Dec 2002 09:24:01 -0500 CF X-Priority: 1 CF MIME-Version: 1.0 CF X-Mailer: Microsoft Outlook Express 6.00.2600. CF X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. CF Content-Type: text/plain; charset=us-ascii CF Content-Transfer-Encoding: 7bit CF Message-Id: [EMAIL PROTECTED] CF X-Declude-Warning: [SPAMHEADERS] CF http://www.declude.com/tools/header.php?code=420e ::W5 CF X-SPAM-Level: SPAM-VLOW CF X-Declude-Warning: [SPAMHEADERS] This message may be SPAM. This E-mail CF has headers consistent with spam [420e]. CF X-Declude-Sender: [EMAIL PROTECTED] [66.118.148.209] CF X-Declude-Spoolname: D5638132.SMD CF X-Note: This E-mail was scanned for SPAM by ArgoLink.net with Declude CF JunkMail. More info at http://help.argolink.net/spam.asp CF X-Declude-Failed: SPAMHEADERS, SPAM-VLOW CF X-Declude-Total-Weight: 5 CF X-RCPT-TO: [EMAIL PROTECTED] CF Status: U CF X-SpamReview-Deliver: Mesage redelivered by SpamReview. New headers CF below. CF X-SpamReview-Note: Original CC List:[EMAIL PROTECTED] CF To: [EMAIL PROTECTED] CF From: W2K Servers Needed [EMAIL PROTECTED] CF Subject: I need 2 win2k dedicated servers CF X-SPAM-Level: SPAM-NONE CF X-Declude-Sender: [EMAIL PROTECTED] [209.144.1.13] CF X-Declude-Spoolname: D5f4c142.SMD CF X-Note: This E-mail was scanned for SPAM by ArgoLink.net with Declude CF JunkMail. More info at http://help.argolink.net/spam.asp CF X-Declude-Failed: SPAM-NONE CF X-Declude-Total-Weight: 0 CF X-UIDL: 340151554 CF --- CF [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] CF --- CF This E-mail came from the Declude.JunkMail mailing list. To CF unsubscribe, just send an E-mail to [EMAIL PROTECTED], and CF type unsubscribe Declude.JunkMail. The archives can be found CF at http://www.mail-archive.com. CF --- CF [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] With new release this git through
Hello Joe, My understanding is that Outlook Express can't filter based on headers Correct me if I'm wrong because if I am them I can pass along the info to my customers using OE so they can filter the few messages that might slip through and still get them incase they are really messages they want. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan -- JH Hi Scott, JH Happy Holidays JH I am running with the new version downloaded yesterday. Thanks... That did the trick... JH A weird problem. I put a new weight10a test with an action of WEIGHT10a HEADER WEIGHT10a. Notice that it did indeed add the text WEIGHT10a to the body of the message. However, I have a rule JH in Outlook to move any mail with weight10a in the body to another folder, but outlook can't see it. It works fine for messages that come in as plain text. Is this a bug in outlook or is Declude JH putting the message in the wrong place. JH I think it's an Outlook express problem. JH I changed my action to SUBJECT and that fixed the problem, but I was just curious if you know why outlook can't see the text in this email. Thanks JH Received: from mmhw [64.233.124.49] by reliant.igdc.com JH (SMTPD32-7.13) id A4C6E3EE021C; Wed, 25 Dec 2002 08:38:14 -0500 JH From: Joy Verardi [EMAIL PROTECTED] JH To: [EMAIL PROTECTED] JH Subject: Information webmaster JH Date: Wed, 25 Dec 2002 10:56:13 -0500 JH Mime-Version: 1.0 JH Content-Type: text/html JH Content-Transfer-Encoding: base64 JH Message-Id: [EMAIL PROTECTED] JH X-RBL-Warning: DSBL: http://dsbl.org/listing.php?64.233.124.49 JH X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?64.233.124.49 JH X-RBL-Warning: DSN: Not supporting null originator (DSN) JH X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. JH X-RBL-Warning: HELOBOGUS: Domain mmhw has no MX or A records. JH X-Declude-Sender: [EMAIL PROTECTED] [64.233.124.49] JH X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. JH X-Spam-Tests-Failed: DSBL, SPAMCOP, DSN, BASE64, HELOBOGUS, WEIGHT10a, WEIGHT10 [27] JH X-RCPT-TO: [EMAIL PROTECTED] JH Status: U JH X-UIDL: 340370359 JH WEIGHT10a JH PEhUTUw+PFAgQUxJR049Q0VOVEVSPjxGT05UICBTSVpFPTYgUFRTSVpFPTI0PjxCPndlYm1h JH c3Rlciw8QlI+DQo8L0ZPTlQ+PEZPTlQgIENPTE9SPSIjZmYwMDAwIiBCQUNLPSIjZmZmZmZm JH IiBzdHlsZT0iQkFDS0dST1VORC1DT0xPUjogI2ZmZmZmZiIgU0laRT02IFBUU0laRT0yNCBG JH QU1JTFk9IlNBTlNTRVJJRiIgRkFDRT0iQXJpYWwiIExBTkc9IjAiPjxVPllvdSBoYXZlIGJl JH ZW4gYXBwcm92ZWQuPEJSPg0KPC9GT05UPjxGT05UICBDT0xPUj0iI2ZmMDAwMCIgQkFDSz0i JH I2ZmZmZmZiIgc3R5bGU9IkJBQ0tHUk9VTkQtQ09MT1I6ICNmZmZmZmYiIFNJWkU9NSBQVFNJ JH WkU9MTggRkFNSUxZPSJTQU5TU0VSSUYiIEZBQ0U9IkFyaWFsIiBMQU5HPSIwIj48L1U+Q2Fz JH aCBHcmFudCBBbW91bnQ6PEJSPg0KPC9GT05UPjxGT05UICBDT0xPUj0iIzAwMDBmZiIgQkFD JH Sz0iI2ZmZmZmZiIgc3R5bGU9IkJBQ0tHUk9VTkQtQ09MT1I6ICNmZmZmZmYiIFNJWkU9NyBQ JH VFNJWkU9MzYgRkFNSUxZPSJTQU5TU0VSSUYiIEZBQ0U9IkFyaWFsIiBMQU5HPSIwIj4kMTAs JH MDAwLSQ1LDAwMCwwMDA8QlI+DQo8L0ZPTlQ+PEZPTlQgIENPTE9SPSIjMDAwMDAwIiBCQUNL JH PSIjZmZmZmZmIiBzdHlsZT0iQkFDS0dST1VORC1DT0xPUjogI2ZmZmZmZiIgU0laRT02IFBU JH U0laRT0yNCBGQU1JTFk9IlNBTlNTRVJJRiIgRkFDRT0iQXJpYWwiIExBTkc9IjAiPjxJPjxV JH PkRpZCBZb3UgS25vdz88QlI+DQo8L0ZPTlQ+PEZPTlQgIENPTE9SPSIjMDAwMDAwIiBCQUNL JH PSIjZmZmZmZmIiBzdHlsZT0iQkFDS0dST1VORC1DT0xPUjogI2ZmZmZmZiIgU0laRT01IFBU JH U0laRT0xOCBGQU1JTFk9IlNBTlNTRVJJRiIgRkFDRT0iQXJpYWwiIExBTkc9IjAiPjwvQj48 JH L0k+PC9VPi1FYWNoIFllYXIgdGhlIFUuUy4gR292ZXJtZW50IEdpdmVzIGF3YXkgQklMTElP JH TlMgaW4gY2FzaCBncmFudHM/PEJSPg0KLVRoZXJlJm5ic3A7IGFyZSBObyBzcGVjaWFsIHJl JH cXVpcmVtZW50cyB0byBvYnRhaW4gdGhlc2UgZ3JhbnRzLjxCUj4NCi1UaGVzZSBhcmUgRnJl JH ZSBDYXNoIEdyYW50cyBUaGF0IHlvdSBORVZFUiBoYXZlIHRvIHJlcGF5ITxCUj4NCjxCUj4N JH CjwvRk9OVD48Rk9OVCAgQ09MT1I9IiMwMDAwMDAiIEJBQ0s9IiNmZmZmZmYiIHN0eWxlPSJC JH QUNLR1JPVU5ELUNPTE9SOiAjZmZmZmZmIiBTSVpFPTYgUFRTSVpFPTI0IEZBTUlMWT0iU0FO JH U1NFUklGIiBGQUNFPSJBcmlhbCIgTEFORz0iMCI+d2VibWFzdGVyLFlvdSBRdWFsaWZ5ITxC JH Uj4NCjwvRk9OVD48Rk9OVCAgQ09MT1I9IiMwMDAwZmYiIEJBQ0s9IiNmZmZmZmYiIHN0eWxl JH PSJCQUNLR1JPVU5ELUNPTE9SOiAjZmZmZmZmIiBTSVpFPTcgUFRTSVpFPTM2IEZBTUlMWT0i JH U0FOU1NFUklGIiBGQUNFPSJBcmlhbCIgTEFORz0iMCI+PEEgSFJFRj0iaHR0cDovL3JkLnlh JH aG9vLmNvbS82NDUxMTEvKmh0dHA6Ly93d3cuZnJlZWhvc3RuZXR3b3JrLmNvbS9ncmFudDJr JH L2luZGV4LmFzcD9kdm49MDEoTDg5MzEyeDg5RTNMOGF3SjZMIj5DbGljayBIZXJlPC9BPjwv JH Rk9OVD48Rk9OVCAgQ09MT1I9IiMwMDAwMDAiIEJBQ0s9IiNmZmZmZmYiIHN0eWxlPSJCQUNL JH R1JPVU5ELUNPTE9SOiAjZmZmZmZmIiBTSVpFPTUgUFRTSVpFPTE4IEZBTUlMWT0iU0FOU1NF JH UklGIiBGQUNFPSJBcmlhbCIgTEFORz0iMCI+PEJSPg0KPC9GT05UPjxGT05UICBDT0xPUj0i JH I2ZmMDAwMCIgQkFDSz0iI2ZmZmZmZiIgc3R5bGU9IkJBQ0tHUk9VTkQtQ09MT1I6ICNmZmZm JH ZmYiIFNJWkU9NyBQVFNJWkU9MzYgRkFNSUxZPSJTQU5TU0VSSUYiIEZBQ0U9IkFyaWFsIiBM JH QU5HPSIwIj48Qj5MaW1pdGVkIFRpbWUgT2ZmZXI8L0ZPTlQ+PEZPTlQgIENPTE9SPSIjMDAw JH
Re: [Declude.JunkMail] With new release this git through
Thanks. I guess that is what you get for not following a threat to closely. =) Back to my Christmas drinks =) Cheers and Merry Christmas. - Eje My understanding is that Outlook Express can't filter based on headers... SW Joe's talking about the HEADER action, which isn't inserting an RFC822 SW header, but a header before the original body (closer to word SW processing terminology). SW John's answer is spot-on: if the body is Base64, then ALL of it must SW be decoded by the client, even if some of it is plain-text to a human. SW -Sandy SW --- SW [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] SW --- SW This E-mail came from the Declude.JunkMail mailing list. To SW unsubscribe, just send an E-mail to [EMAIL PROTECTED], and SW type unsubscribe Declude.JunkMail. The archives can be found SW at http://www.mail-archive.com. SW --- SW [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] With new release this git through
blah and I can't type right either. THREAD not threaT doh.. EG Thanks. I guess that is what you get for not following a threat to EG closely. =) EG Back to my Christmas drinks =) EG Cheers and Merry Christmas. EG - Eje My understanding is that Outlook Express can't filter based on headers... SW Joe's talking about the HEADER action, which isn't inserting an RFC822 SW header, but a header before the original body (closer to word SW processing terminology). SW John's answer is spot-on: if the body is Base64, then ALL of it must SW be decoded by the client, even if some of it is plain-text to a human. SW -Sandy SW --- SW [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] SW --- SW This E-mail came from the Declude.JunkMail mailing list. To SW unsubscribe, just send an E-mail to [EMAIL PROTECTED], and SW type unsubscribe Declude.JunkMail. The archives can be found SW at http://www.mail-archive.com. SW --- SW [This E-mail scanned for viruses by Declude Virus] EG --- EG [This E-mail scanned for viruses by Declude Virus] EG --- EG [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] EG --- EG This E-mail came from the Declude.JunkMail mailing list. To EG unsubscribe, just send an E-mail to [EMAIL PROTECTED], and EG type unsubscribe Declude.JunkMail. The archives can be found EG at http://www.mail-archive.com. EG --- EG [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Chinanet
Anyone knows of any spam list that got chinanet.cn.net ips blocked ? Like for example the different blackholes.us lists that block china, Argentina etc Their damn spam keep coming through and I keep block it but they always surface from different IP. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] -- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] FrontPage form to email SPAMHEADERS
Hello William, Imail automatically inserts missing Message-ID: headers. Since Declude scans the e-mail before Imail put in that header you will then get that positive but when you look at it Imail have fixed it. Unfortunately your only way to truely fix this is to edit all webforms to inject the Message-ID: in the headers or I guess you could whitelist the local machine that way it will not give this warning and if it sends to outside e-mail address then Imail will have fixed the header for you. If you fix it then when you fixed the Message-ID: you will have then you will more then likely have to fix missing Date: header (which Imail also fixes if it's missing but Declude will complain since it's happens before Imail fixes it) Best regards, Eje Gustafsson mailto:MacAhan;fament.com The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan -- WBc How do you get FrontPage form to email to add the Message-ID: header. WBc I have Windows 2000 SP3 IIS server. When a user fills out a guest book WBc the FrontPage form emails the results through Imail. All software is on WBc the same server. Declude fails the message on SPAMHEADERS. WBc The failed test indicates the Message-ID: is missing from the header. WBc When it arrives the email does have the Message-ID: but Declude says WBc Imail added it. WBc I hope it does not involve editing ever web page on my site that uses WBc form to email, because that a lot of them. WBc Sincerely, WBc WBc William J. Baumbach II [EMAIL PROTECTED] WBc 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 WBc Ph: 703-273-4400 ext:1708 Fax: 703-691-0946 WBc - WBc --- WBc [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] WBc --- WBc This E-mail came from the Declude.JunkMail mailing list. To WBc unsubscribe, just send an E-mail to [EMAIL PROTECTED], and WBc type unsubscribe Declude.JunkMail. The archives can be found WBc at http://www.mail-archive.com. WBc --- WBc [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] BASE64 problem!?
Actually you can see even more then that.. File-Details (or right click on the message in the inbox) Click on the details tab and hit the message source button. Now you have the entire e-mail source to read (or copy and paste to submit to spamcop ;P ) / Eje Friday, September 27, 2002, 5:33:41 PM, you wrote: ST You can actually view the header in Outlook. You just right click the ST message in your inbox and then select options. At the bottom of the options ST window is all the header information. (At least most of it) ST Shane Thoney ST -Original Message- ST From: Joshua Levitsky [mailto:[EMAIL PROTECTED]] ST Sent: Friday, September 27, 2002 12:45 PM ST To: [EMAIL PROTECTED] ST Subject: Re: [Declude.JunkMail] BASE64 problem!? ST - Original Message - ST From: R. Scott Perry [EMAIL PROTECTED] ST To: [EMAIL PROTECTED] ST Sent: Friday, September 27, 2002 2:43 PM ST Subject: RE: [Declude.JunkMail] BASE64 problem!? OE lets you see the raw E-mail, including the encoding? I didn't realize ST that. ST Just right click on the email and pick properties and then on the Details ST tab there is a button that says Message Source. It is the raw message if you ST click on that. ST -- ST Joshua Levitsky, MCSE, MCSA, CISSP, EMTD, MCP+I, MCP ST Desktop Systems Engineer ST AOL Time Warner ST --- ST [This E-mail was scanned for viruses by Declude Virus ST (http://www.declude.com)] ST --- ST This E-mail came from the Declude.JunkMail mailing list. To ST unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ST type unsubscribe Declude.JunkMail. The archives can be found ST at http://www.mail-archive.com. ST --- ST [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] ST --- ST This E-mail came from the Declude.JunkMail mailing list. To ST unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ST type unsubscribe Declude.JunkMail. The archives can be found ST at http://www.mail-archive.com. ST --- ST [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Date Header wrong - REALLY?
My guess is that it didn't have any date header. Imail automatically adds a Date header if it is missing. /Eje Wednesday, September 18, 2002, 5:02:44 PM, you wrote: AS Scott- AS why do I get http://www.declude.com/tools/header.php?code=c020020c for AS this: AS Received: from mta541.mail.yahoo.com [216.136.131.23] by hm-software.com AS (SMTPD32-7.07) id A0461AEF00BE; Wed, 18 Sep 2002 17:29:42 -0400 AS From: [EMAIL PROTECTED] AS To: [EMAIL PROTECTED] AS X-Loop: [EMAIL PROTECTED] AS Subject: SPAM: [See Headers] Delivery failure AS Message-Id: [EMAIL PROTECTED] AS X-Declude-Note: This E-mail was sent from a broken mail client [c020020c]. AS See: http://www.declude.com/tools/header.php?code=c020020c AS X-RBL-Warning: This E-mail has headers consistent with spam [c020020c]. See: AS http://www.declude.com/tools/header.php?code=c020020c AS X-Declude: Version 1.60; Df0461aef00be8b36.SMD from mta541.mail.yahoo.com AS [216.136.131.23] AS X-Declude: Failed BADHEADERS, SPAMHEADERS, WEIGHT8 [8] AS Return-Path: AS Date: Wed, 18 Sep 2002 17:29:49 -0400 AS X-RCPT-TO: [EMAIL PROTECTED] AS Status: U AS X-UIDL: 896287752 AS Message from yahoo.de. AS Unable to deliver message to the following address(es). AS [EMAIL PROTECTED]: AS This user doesn't have a yahoo.de account ([EMAIL PROTECTED]) AS [EMAIL PROTECTED]: AS This user doesn't have a yahoo.de account ([EMAIL PROTECTED]) AS --- AS [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] AS --- AS This E-mail came from the Declude.JunkMail mailing list. To AS unsubscribe, just send an E-mail to [EMAIL PROTECTED], and AS type unsubscribe Declude.JunkMail. The archives can be found AS at http://www.mail-archive.com. AS --- AS [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
roflmao.. Lovely I love it!! Tuesday, September 17, 2002, 10:47:34 AM, you wrote: ADG Craig, ADG I have two paid hotmail accounts. The one for my 5-year old daughter (it's ADG really a test account for spam-filtering) did not get checked. My other ADG account for Elmer Fudd strangely had a birthyear of 1900 and they were ADG checked. ADG I thought that when I set these up I said no sharing. Does anyone know how ADG old these boxes are? ADG You all might enjoy playing our new anti-s*pam game (see sig). Just launced ADG today. ADG Alexis ADG --- ADG Alexis D. Gutzman, Managing Editor, Reports ADG MarketingSherpa's Knowledge Store ADG http://torturegame4.emailsherpa.com = Play Torture a S^pammer online game ADG - Original Message - ADG From: Craig Gittens [EMAIL PROTECTED] ADG To: [EMAIL PROTECTED] ADG Sent: Tuesday, September 17, 2002 8:59 AM ADG Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail Sorry, just getting around to reading my 700 or so unread messages. Anyone notice Hotmail put in a few new options a while ago and enabled them for everyone? Click on the options link and choose Personal Profile and scoll ADG to the bottom. You will notice that the two options to 1) Share my email address and 2) Share my other registration information are checked. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Sent: Monday, September 16, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail By OREN ETZIONI of the NY TIMES --- A few days ago I created a new e-mail account, and within 24 hours I had received over 25 unsolicited commercial e-mail messages, otherwise known ADG as spam. Even though I'm a professor of computer science, I, like so many others, have failed to protect myself from this daily nuisance. So I ADG welcome t --- [This E-mail was scanned for viruses by Declude Virus ADG (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ADG --- ADG [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] ADG --- ADG This E-mail came from the Declude.JunkMail mailing list. To ADG unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ADG type unsubscribe Declude.JunkMail. The archives can be found ADG at http://www.mail-archive.com. ADG --- ADG [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail
Dear Kami, Tuesday, September 17, 2002, 11:36:09 AM, you wrote: KR Some thoughts ... What I have seen happening to us.. KR [1] What do you blacklist? I think that only the IP address of the KR sender could be safely blacklisted. KR --- If I do IP then it has to be a temp file so lets say for 24 hours KR that IP can not send email. Because we sure don't want to blacklist a KR temporary open relay. These folks do not send email using their servers KR but they always use open relays. Also majority of times That is a sound approach. KR [2] What happens if someone finds the address and uses it maliciously? KR --- how? I don't understand how an email can be used maliciously... KR They can only send email to it and to an address where they have no KR business of sending. If you block based on email then your bound to even if you only do 24 hour blocks block hotmail, yahoo, netscape and eudoramail constantly because a lot of spammers spoof those addresses. So not a sound approach there. KR [3] The spammer may have already sent a lot of spam before they send to KR this address. KR --- TRUE but a great chance also exists that it is the beginning of the KR list or the middle. What I see in the addresses that are sent they KR typically are alphabetically sorted. So may be an address like KR AADoe@... Would put it on top of the list. But regardless it is a first KR attempt. If nothing is gained, I feel nothing is lost either but if it KR is used in their SPAM list then we have gained a lot. I just can't see KR us losing anything. In the game of Pros Cons our loss is a lot less KR than our potential gain. Yes you would have to make sure it's among the first possible hits. / Eje KR -Original Message- KR From: [EMAIL PROTECTED] KR [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry KR Sent: Tuesday, September 17, 2002 11:45 AM KR To: [EMAIL PROTECTED] KR Subject: RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail An address that we can use in Declude so any e-mail that is sent to that address is automatically added to a blacklist address for background deletion. KR This is something that we have been considering. KR A couple of thoughts, though: KR [1] What do you blacklist? I think that only the IP address of the KR sender KR could be safely blacklisted. KR [2] What happens if someone finds the address and uses it maliciously? KR [3] The spammer may have already sent a lot of spam before they send to KR this address. KR -Scott KR --- KR [This E-mail was scanned for viruses by Declude Virus KR (http://www.declude.com)] KR --- KR This E-mail came from the Declude.JunkMail mailing list. To KR unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type KR unsubscribe Declude.JunkMail. The archives can be found at KR http://www.mail-archive.com. KR --- KR [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] KR --- KR This E-mail came from the Declude.JunkMail mailing list. To KR unsubscribe, just send an E-mail to [EMAIL PROTECTED], and KR type unsubscribe Declude.JunkMail. The archives can be found KR at http://www.mail-archive.com. KR --- KR [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Paypal scammer
Just want to warn and suggest people might consider putting up manual blocks. Last few days I gotten a few supposedly Urgent Paypal account update notices. However this is NOT coming from PayPal network. They want you to login and update your account info because supposedly a server of paypals caused corruption. Their is a link posted in this html message that looks like it points to paypal.com's login page HOWEVER the link in the html code points to http://www.paypalsys.com/cgibin/webscr/?cmd=_login-run not the additional SYS in the domain name. Also when you look at the headers of the e-mail it comes from ehost.com and this site IS listed with spews. http://spews.org/html/S1519.html What scares me the most is now I gotten this e-mail to THREE of my e-mail addresses on file with paypal. They have been spread out over the last 2 days. And they try to sweeten the deal and really get the customer to go and login by claiming Because of the inconvenience this causes we are giving all users that repair their missing data their next two incoming transfers for free! You will pay no fees for your next two incoming transfers* Received: from eweb16.ehost.com [65.212.149.23] by imail.fament.com with ESMTP (SMTPD32-7.12) id A50A19BC00C6; Wed, 11 Sep 2002 22:07:54 -0500 Received: (from nobody@localhost) by eweb16.ehost.com (8.11.2/8.11.2) id g8C34bJ28468; Wed, 11 Sep 2002 20:04:37 -0700 Date: Wed, 11 Sep 2002 20:04:37 -0700 From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: URGENT: PayPal Account Update is part of the headers. Do your clients and customers a favour block this person from the look of it this scum bag (pardon my language but this is the works of a con artists that seems to been around for a longer time). Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Spammer tools - why do these sites exist
PROTECTED] JT 8593 Mentor Road JT Mentor, OH 44060 JT US JT 440-205-9140 JT Registrar of Record: TUCOWS, INC. JT Record last updated on 16-Aug-2002. JT Record expires on 29-Jan-2003. JT Record Created on 29-Jan-2002. JT Domain servers in listed order: JT NS1.1800THENERD.NET 64.214.111.123 JT WARHOL.AMERISERV.NET 216.82.64.10 JT IP whois look up for www.marketmenow.com: JT OrgName:Fidelity Access Networks JT OrgID: FAIN JT NetRange: 66.94.64.0 - 66.94.95.255 JT CIDR: 66.94.64.0/19 JT NetName:FIDELITY-001 JT NetHandle: NET-66-94-64-0-1 JT Parent: NET-66-0-0-0-0 JT NetType:Direct Allocation JT NameServer: DNS-1.FIDELITYACCESS.NET JT NameServer: MAIL-1.FIDELITYACCESS.NET JT Comment: JT RegDate:2002-07-03 JT Updated:2002-08-12 JT TechHandle: RM1764-ARIN JT TechName: Marks, Robert JT TechPhone: +1-216-595-0866 JT TechEmail: [EMAIL PROTECTED] JT John Tolmachoff JT IT Manager, Network Engineer JT RelianceSoft, Inc. JT Fullerton, CA 92835 JT www.reliancesoft.com JT --- JT [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] JT --- JT This E-mail came from the Declude.JunkMail mailing list. To JT unsubscribe, just send an E-mail to [EMAIL PROTECTED], and JT type unsubscribe Declude.JunkMail. The archives can be found JT at http://www.mail-archive.com. JT --- JT [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Please someone tell me it's friday..
Just found this e-mail in Spam Review.. Check out the subject.. almost made me fall out of the chair laughing. / Eje Received: from opt-in-email-4-sale.com [65.245.26.62] by imail.fament.com (SMTPD32-7.07) id A4B854A011E; Sun, 04 Aug 2002 22:44:56 -0500 From: Fred [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Stop Spam AND Get paid! Sender: Fred [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Date: Sun, 4 Aug 2002 22:40:49 -0500 Reply-To: Fred [EMAIL PROTECTED] Content-Transfer-Encoding: 8bit Message-Id: [EMAIL PROTECTED] X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?65.245.26.62 X-RBL-Warning: REVDNS: This E-mail was sent from a mail server 65.245.26.62 with no reverse DNS entry. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. X-RBL-Warning: WEIGHT10: Weight of 24 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [65.245.26.62] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Note: This E-mail was sent from [No Reverse DNS] ([65.245.26.62]). X-Tests-Failed: SPAMCOP, REVDNS, SPAMHEADERS, WEIGHT10, WEIGHT20. X-Note: Total spam weight of this E-mail is 24. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] What Action Do you take?
I used bounce but got so many return bounces due to the poor bouncing option Imail offer Declude. We block a good 3-5k messages each day out of 8-10k total. So many spammers use fake addresses or get their service disconnected/discontinued or simply get their mailboxes full that there will be a LOT of bounces for your postmaster acct. Depending on your total mail volume and volume of spam out of it it might or might not be ok for you. Can only say test and see but if you have a LOT of mail getting delivered be ready to switch from bounce to hold very quickly. / Eje Friday, August 2, 2002, 2:50:56 PM, you wrote: DL I am sure most people use the weighting system. For the most part you DL have certain weights were you know that 99% of the mail triggering that DL weight is spam. DL Do you BOUNCE, HOLD, Or DELETE? Right now I am using HOLD, but was DL considering switching that to BOUNCE. There are defiantly some pro's DL and con's to both. DL Any thoughts. DL Darrell DL --- DL [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DL --- DL This E-mail came from the Declude.JunkMail mailing list. To DL unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DL type unsubscribe Declude.JunkMail. The archives can be found DL at http://www.mail-archive.com. DL --- DL [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Whitelist Not Working What Am I doing wrong
Yes Monday, July 29, 2002, 3:51:24 PM, you wrote: DL Scott, DL In the new version is it even able to more refined subnets like DL 1.1.1.16/28? DL Darrell DL -Original Message- DL From: [EMAIL PROTECTED] DL [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry DL Sent: Monday, July 29, 2002 4:41 PM DL To: [EMAIL PROTECTED] DL Subject: Re: [Declude.JunkMail] Whitelist Not Working What Am I doing DL wrong I add the following line to my global.cfg file WHITELIST IP 66.54.32.* However, messages from the 66.54.32.* subnet are not being WhiteListed. What am I doing wrong? DL That's because Declude JunkMail doesn't understand what the * means. DL You can either use WHITELIST IP 66.54.32., or with the most recent DL version, you can use WHITELIST IP 66.54.32.0/24. DL -Scott DL --- DL [This E-mail was scanned for viruses by Declude Virus DL (http://www.declude.com)] DL --- DL This E-mail came from the Declude.JunkMail mailing list. To DL unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DL type unsubscribe Declude.JunkMail. You can E-mail DL [EMAIL PROTECTED] for assistance. You can visit our web DL site at http://www.declude.com . DL --- DL [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DL --- DL This E-mail came from the Declude.JunkMail mailing list. To DL unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DL type unsubscribe Declude.JunkMail. You can E-mail DL [EMAIL PROTECTED] for assistance. You can visit our web DL site at http://www.declude.com . DL --- DL [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: OSSRC:RE: BLARSBL:Re: [Declude.JunkMail] problem with spamreview software
Dear Robert, Not sure about his e-mail but on his spamreview homepage there is a paypal donation link/button. Just hit that one and send your money through paypal that way. http://www.slsoft.com/spamreview.htm Thursday, July 25, 2002, 8:28:39 AM, you wrote: RH Does he take PayPal? If so, what is his email? RH Rob Just a reminder guys.. Don't forget to make a donation to the programer at slsoft.com for this wounderful tool that SpamReview is. If you haven't donated then if something isn't working to your liking you have no right to bitch IMO. RH --- RH [This E-mail scanned for viruses by Declude Virus] RH --- RH [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RH --- RH This E-mail came from the Declude.JunkMail mailing list. To RH unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RH type unsubscribe Declude.JunkMail. You can E-mail RH [EMAIL PROTECTED] for assistance. You can visit our web RH site at http://www.declude.com . RH --- RH [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] problem with spamreview software
I had no problem with .39 to do that as I recall. Did the check the programs update a while back and ended up with .40 which works just fine (tested it just now) Wednesday, July 24, 2002, 4:05:03 PM, you wrote: EC Is anyone having a problem with the latest version (1.0.39) of spamreview EC not writing to the kill.lst file? EC Tried local and mapped drives, file permissions etc. without success. EC I have an older version (1.0.12) that does write to the kill.lst file. EC I've also emailed the author of the program. EC Thanks, EC Eddie Cornejo, Sys Admin EC Tom Rowe Associates EC 956-412-6600 Ext.10 EC Toll Free USA 888-866-7693 EC Toll Free Canada 877-866-7693 EC http://www.tomrowe.com EC --- EC [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] EC --- EC This E-mail came from the Declude.JunkMail mailing list. To EC unsubscribe, just send an E-mail to [EMAIL PROTECTED], and EC type unsubscribe Declude.JunkMail. You can E-mail EC [EMAIL PROTECTED] for assistance. You can visit our web EC site at http://www.declude.com . EC --- EC [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: BLARSBL:Re: [Declude.JunkMail] problem with spamreview software
Hello Roger, Just a reminder guys.. Don't forget to make a donation to the programer at slsoft.com for this wounderful tool that SpamReview is. If you haven't donated then if something isn't working to your liking you have no right to bitch IMO. I personally did a donation a couple of months ago. Now after updating to .44 I see it's time to do another donation because he added a couple of things that I asked for. =) A great time saving tool. Well worth a donation. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - eBay UserID : macahan RH Reply to: Eddie Cornejo RH Re: BLARSBL:Re: [Declude.JunkMail] problem with spamreview software on Wednesday 6:01:50 PM RH I have furnished some files to him to fix this and got fixes the RH same day. It is an indispensable piece of sofware. Don't know RH what I would do without it. Hope to see fixes on the kill.lst RH That is the only problem I am experiencing at this time. RH -- RH Roger Heath RH [EMAIL PROTECTED] RH www.rleeheath.com RH - Copy of Original Message(s): - E Roger, E I've come to the conclusion that the spamreview software is choking on my E spool files. E I installed the software on three different machines with the same results E (2k server, 2k pro, and win98). E I am sending the author a sample of my spool files for testing. E If anyone on this list wants to give it a try, please email me directly. E mailto:[EMAIL PROTECTED] E Eddie Cornejo, Sys Admin E Tom Rowe Associates E 956-412-6600 Ext.10 E Toll Free USA 888-866-7693 E Toll Free Canada 877-866-7693 E http://www.tomrowe.com E -Original Message- E From: [EMAIL PROTECTED] E [mailto:[EMAIL PROTECTED]]On Behalf Of Roger Heath E Sent: Wednesday, July 24, 2002 5:10 PM E To: Eddie Cornejo E Subject: BLARSBL:Re: [Declude.JunkMail] problem with spamreview software E Reply to: Eddie Cornejo E Re: [Declude.JunkMail] problem with spamreview software on Wednesday E 4:05:03 PM E We have reported this for several months now and it has never E been fixed because it is working for the author. We know the E paths are correct as we can load the kill.lst from the menu. It E keeps putting carriage returns at the end of the file but no E addresses or domains... NT4SP6A. You are not alone. g E -- E Roger Heath E [EMAIL PROTECTED] E www.rleeheath.com E - Copy of Original Message(s): - E Is anyone having a problem with the latest version (1.0.39) of spamreview E not writing to the kill.lst file? E Tried local and mapped drives, file permissions etc. without success. E I have an older version (1.0.12) that does write to the kill.lst file. E I've also emailed the author of the program. E Thanks, E Eddie Cornejo, Sys Admin E Tom Rowe Associates E 956-412-6600 Ext.10 E Toll Free USA 888-866-7693 E Toll Free Canada 877-866-7693 E http://www.tomrowe.com E --- E [This E-mail was scanned for viruses by Declude Virus E (http://www.declude.com)] E --- E This E-mail came from the Declude.JunkMail mailing list. To E unsubscribe, just send an E-mail to [EMAIL PROTECTED], and E type unsubscribe Declude.JunkMail. You can E-mail E [EMAIL PROTECTED] for assistance. You can visit our web E site at http://www.declude.com . E -- E ActivatorMail(tm) ver.061902 Scanned for all viruses by E www.activatormail.com intelligent anti-virus anti-spam service E -- E ActivatorMail(tm) ver.061902 Scanned for all viruses by E www.activatormail.com intelligent anti-virus anti-spam service E --- E [This E-mail was scanned for viruses by Declude Virus E (http://www.declude.com)] E --- E This E-mail came from the Declude.JunkMail mailing list. To E unsubscribe, just send an E-mail to [EMAIL PROTECTED], and E type unsubscribe Declude.JunkMail. You can E-mail E [EMAIL PROTECTED] for assistance. You can visit our web E site at http://www.declude.com . E --- E [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] E --- E This E-mail came from the Declude.JunkMail mailing list. To E unsubscribe, just send an E-mail to [EMAIL PROTECTED], and E type unsubscribe Declude.JunkMail. You can E-mail E [EMAIL PROTECTED] for assistance. You can visit our web E site at http://www.declude.com . E -- E ActivatorMail(tm) ver.061902 Scanned for all viruses by E www.activatormail.com intelligent anti-virus anti-spam service RH -- RH ActivatorMail(tm) ver.061902 Scanned for all viruses by RH www.activatormail.com intelligent anti-virus anti-spam service RH --- RH [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RH --- RH This E-mail came from the Declude.JunkMail mailing list. To RH unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RH type unsubscribe Declude.JunkMail. You can E-mail RH [EMAIL PROTECTED] for assistance
[Declude.JunkMail] weight of 63 passed ??
Strangeness. I'm curious how this message manage to get through and be delivered. I have weight20 set to hold and weight30 to delete. This message made weight63. The address it was delievered to is granted located on a unix box but the messages get relayed through imail and obviously declude processed and tagged this message but it got delivered anyways. (below the message is excerp from my declude log) Return-Path: [EMAIL PROTECTED] Received: from imail.fament.com (imail.fament.com [208.189.26.51]) by unicorn.fament.com (8.11.6/8.11.0) with ESMTP id g6FDFf125937 for [EMAIL PROTECTED]; Mon, 15 Jul 2002 08:15:42 -0500 Received: from SPHINX.ftf.sn [213.154.76.114] by imail.fament.com with ESMTP (SMTPD32-7.07) id ABA29C500FE; Mon, 15 Jul 2002 08:18:26 -0500 Received: from smtp0210.mail.yahoo.com ([213.96.125.231]) by SPHINX.ftf.sn with Microsoft SMTPSVC(5.0.2195.2966); Mon, 15 Jul 2002 11:58:12 + Date: Mon, 15 Jul 2002 07:54:45 -0400 From: Virginia Doub[EMAIL PROTECTED] X-Priority: 3 To: [EMAIL PROTECTED] Subject:Free Online Payment Account - Plus a $5.00 Sign Up Bonus Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: [EMAIL PROTECTED] X-OriginalArrivalTime: 15 Jul 2002 11:58:22.0356 (UTC) FILETIME=[EAF35540:01C22BF6] X-RBL-Warning: OSRELAY: This entry was last confirmed open on 4/19/2002 X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?213.96.125.231 X-RBL-Warning: NOABUSE: Not supporting abuse@domain X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: REVDNS: This E-mail was sent from a mail server 213.154.76.114 with no reverse DNS entry. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [4000100f]. X-RBL-Warning: WEIGHT10: Weight of 63 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [213.154.76.114] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. Status: 07/15/2002 08:19:29 Qcba209c500fe07cb Msg failed OSRELAY (This entry was last confirmed open on 4/19/2002). 07/15/2002 08:19:29 Qcba209c500fe07cb Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?213.96.125.231). 07/15/2002 08:19:29 Qcba209c500fe07cb Msg failed NOABUSE (Not supporting abuse@domain). 07/15/2002 08:19:29 Qcba209c500fe07cb Msg failed NOPOSTMASTER (Not supporting postmaster@domain). 07/15/2002 08:19:29 Qcba209c500fe07cb Msg failed REVDNS (This E-mail was sent from a mail server 213.154.76.114 with no reverse DNS entry.). 07/15/2002 08:19:29 Qcba209c500fe07cb Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [4000100f].). 07/15/2002 08:19:29 Qcba209c500fe07cb Msg failed WEIGHT10 (Weight of 63 reaches or exceeds the limit of 10.). --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] nice disclaimer
Now how is this for a disclaimer for junkmails ? (sender and receiver of the e-mails are local mailboxes). This email was sent to you via Saf-E Mail Systems. Your email address was automatically inserted into the To and From addresses to eliminate undeliverables which waste bandwidth and cause internet congestion. Your email or webserver IS NOT being used for the sending of this mail. No-one else is receiving emails from your address. You may utilize the removal link below if you do not wish to receive this mailing. Please Remove Me Saf-E Mail Systems, PO Box 116-3015 San Rafael de Heredia, CR 011-506-267-7139 I hate spammers.. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] nice disclaimer
Nod. I added a word filter rule which will cause my hold filter to get triggered even if the mail passes all other tests. One thing to note is that the sender is using $domain in their HELO. However I get a bunch of these messages coming through our Webshield server which don't record headers correctly :( Wednesday, July 03, 2002, 10:33:13 AM, you wrote: RD I thought that was cute to, I now filter and hold on Saf-E Mail Systems RD Have a great day! RD Rick Davidson RD Buckeye Internet Services RD www.buckeyeweb.com RD 440-953-1900 RD - RD - Original Message - RD From: Eje Gustafsson [EMAIL PROTECTED] RD To: [EMAIL PROTECTED] RD Sent: Wednesday, July 03, 2002 11:16 AM RD Subject: [Declude.JunkMail] nice disclaimer Now how is this for a disclaimer for junkmails ? (sender and receiver of the e-mails are local mailboxes). This email was sent to you via Saf-E Mail Systems. Your email RD address was automatically inserted into the To and From addresses to eliminate undeliverables which waste RD bandwidth and cause internet congestion. Your email or webserver IS NOT being used for the RD sending of this mail. No-one else is receiving emails from your address. You may utilize the removal link RD below if you do not wish to receive this mailing. Please Remove Me Saf-E Mail Systems, PO Box RD 116-3015 San Rafael de Heredia, CR 011-506-267-7139 I hate spammers.. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus RD (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . RD --- RD [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RD --- RD This E-mail came from the Declude.JunkMail mailing list. To RD unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RD type unsubscribe Declude.JunkMail. You can E-mail RD [EMAIL PROTECTED] for assistance. You can visit our web RD site at http://www.declude.com . RD --- RD [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
IPWHOIS:Re[2]: Is there a feature list for the JunkMail beta? Fw: [Declude.JunkMail] New filter test
--- RD [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
IPWHOIS:Re[2]: [Declude.JunkMail] My Word Filtering File
Dear Glenn, A question here on the word filter. Say if I have BODY 5 CONTAINS viagra in my word filter text if the message contains the word viagra 5 times in it will it get an total weight of 25 due to word filter or will it just get a weight of 5 ? If the prior then people should be VERY careful to use single words in the filter file. Because a nasty joke could have say the words viagra in it 5 times. Seems like I quickly got a LOT of hits on the wordlist so changed my WEIGHT30 DELETE to WIEGHT30 HELD for now. Had one that hit a word filter of 50. But that message also hit my senderblacklist, orbd and spamcop so wasn't to worried about that one. Thursday, June 27, 2002, 15:39:56 PM, you wrote: GW Rick, would you mind providing the details of your tests and weights? I tried HOLDING on weight30 for a couple days, reviewing with SpamReview to see what comes through. It was around 8000 per GW day. None were legit, so I'm deleting those now. On Weight20 I get between 20,000 and 26,000 per day. T many to screen to determine if blind-deleting is safe, so it's up to the users to do GW what they want with them. I also have Weight10 and Weight14. I've had a handful of false-positives at 14, and quite a lot at 10. GW I'm thinking of trying a weight25 and HOLDing those for a couple days to check for false-positive, then maybe auto-deleting on that instead of 30. GW Glenn Z. GW - Original Message - GW From: Rick Davidson GW To: [EMAIL PROTECTED] GW Sent: Thursday, June 27, 2002 2:51 PM GW Subject: Re: [Declude.JunkMail] My Word Filtering File GW just wanted to add that we hold at a weight of 14 and have virtually no GW false positives GW Have a great day! GW Rick Davidson GW Buckeye Internet Services GW www.buckeyeweb.com GW 440-953-1900 GW - GW - Original Message - GW From: Rick Davidson [EMAIL PROTECTED] GW To: [EMAIL PROTECTED] GW Sent: Thursday, June 27, 2002 3:48 PM GW Subject: [Declude.JunkMail] My Word Filtering File GWhere is my word filter file, sorry I had to zip it or it wouldnt have made GWit :-] GW GWIts amazing how effective the phrase filter is when targeting their SPAM GWexcuses... GW GWHave a great day! GWRick Davidson GWBuckeye Internet Services GWwww.buckeyeweb.com GW440-953-1900 GW- GW GW --- GW [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] GW --- GW This E-mail came from the Declude.JunkMail mailing list. To GW unsubscribe, just send an E-mail to [EMAIL PROTECTED], and GW type unsubscribe Declude.JunkMail. You can E-mail GW [EMAIL PROTECTED] for assistance. You can visit our web GW site at http://www.declude.com . Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
IPWHOIS:Re[2]: [Declude.JunkMail] My Word Filtering File
Thank you. Then I can safetly turn back on my delete but for now until I got a good set of word filters that I can sleep good with I think I will put the delete on WEIGHT40 and hold the WEIGHT30 for now. Thursday, June 27, 2002, 16:10:05 PM, you wrote: A question here on the word filter. Say if I have BODY 5 CONTAINS viagra in my word filter text if the message contains the word viagra 5 times in it will it get an total weight of 25 due to word filter or will it just get a weight of 5 ? RSP No. Only the first instance will be counted. RSP -Scott RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. You can E-mail RSP [EMAIL PROTECTED] for assistance. You can visit our web RSP site at http://www.declude.com . RSP --- RSP [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] IPWHOIS:More McAfee spam
Now their spam starts to get very annoying. I know they are really an opt-in/subscribtion list but gosh darn it I have no idea what they done but they must changed spam err mail engine and new one is very RFC incompliant so getting stuck. But I guess one can not expect anything better from a company who's SMTP gateway (SMTP WebShield) software is RFC incompliant and they show no interest in fixing this issue. Received: from mcafee.com [216.49.93.46] by imail.fament.com (SMTPD32-7.07) id AE0010E800F4; Tue, 25 Jun 2002 21:59:12 -0500 X-Mailer: UnityMail Originator: mesd_ex_1_text_list@MESD_ex_1 Errors-To: mesd_ex_1_text_list@MESD_ex_1 X-UnityID: [EMAIL PROTECTED]@UNITY4.mcafee.com X-UnityUser: McAfee X-Mailer-Version: 5.1.182 Reply-To: McAfee.com Store [EMAIL PROTECTED] From: McAfee.com Store [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Get a $10 certificate good at Amazon.com with VirusScan 6.0 Date: Tue, 25 Jun 2002 19:55:22 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Thread-Index: AcIcvOoKX4KhLOXsTPuO6XqEVhEJxw== Content-Class: urn:content-classes:message X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-Id: [EMAIL PROTECTED] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. X-RBL-Warning: WEIGHT10: Weight of 22 reaches or exceeds the limit of 10. X-RBL-Warning: HEUR10: Heuristic spam detection level 10 [1.00] X-Declude-Sender: mesd_ex_1_text_list.UM.A.143.10@MESD_ex_1 [216.49.93.46] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Note: This E-mail was sent from unity8.mcafee.com. ([216.49.93.46]). X-Tests-Failed: MAILFROM, SPAMHEADERS, WEIGHT10, WEIGHT20, HEUR10. X-Note: Total spam weight of this E-mail is 22. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
IPWHOIS:Re[2]: [Declude.JunkMail] Coldfusion Declude front end?
I would love to get a copy of you registry-sql conversion script. I been thinking about doing this change for a while and would be nice to have a way to decrypt the passwords to. BTW is there any drawbacks on using sql database compared to registry ? I think I recall seeing something somewhere about something with virtual servers not working correctly but not sure about version or anything. Are there any such issues if so what are they ? Friday, June 21, 2002, 12:14:23 PM, you wrote: TBNI My code is not in a format I am proud to share right now. TBNI I am running through putting comments in, and writing a small text file to TBNI put up. TBNI I'll post the URL to the code by the end of the day. TBNI All of my IMAIL domains are stored in a SQL db so anyone using the registry TBNI will need to most likely need to do a few modifications, or maybe I can post my registry-sql conversion scripts for Imail as well. (that decrypt TBNI passwords too). TBNI Thank you, TBNI Tom Baker TBNI MCSE, CCNP TBNI Network Administrator TBNI Netsmith, Inc. TBNI -Original Message- TBNI From: Matt Robertson [mailto:[EMAIL PROTECTED]] TBNI Sent: Friday, June 21, 2002 11:00 AM TBNI To: [EMAIL PROTECTED] TBNI Subject: RE: [Declude.JunkMail] Coldfusion Declude front end? TBNI Yes, please! I'll post back whatever I come up with as well. TBNI --Matt Robertson-- TBNI MSB Designs, Inc. TBNI http://mysecretbase.com TBNI -Original Message- TBNI From: [EMAIL PROTECTED] TBNI [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Baker | TBNI Netsmith Inc TBNI Sent: Friday, June 21, 2002 4:04 AM TBNI To: '[EMAIL PROTECTED]' TBNI Subject: Re: [Declude.JunkMail] Coldfusion Declude front end? TBNI Actually yes, I have written two seperate front ends, as an ISP having a TBNI frontend was essential to us. When we first purchased Junkmail Pro I went TBNI straight to work for customized versions of TBNI \imail\declude\domain.com\user.junkmail TBNI After using that for a while and realizing what I really needed was a idiot TBNI proof way of managing the \mail\mail_domain_com\users\USER\rules.ima file. TBNI The last frontend I wrote does just that, so I erased all my user.JunkMail TBNI files so that everyone on my system is using the $default$.Junkmail settings TBNI (which is set to WARN on everything for header entries). TBNI My frontend has a main menu with 3 options: TBNI Filterlevel, Blocked Senders and Approved Senders. TBNI When first choosing any of the 3 my script sucks in the current rules.ima TBNI into a temporary SQL table (much easier to manage than a text file in CF). TBNI The FilterLevel Menu has 5 Choices: Off, Low, Medium, High and Extreme as TBNI well as 2 actions (move to SPAM or permanently delete) all 4 actual levels TBNI are defined by another SQL table of course, and every level selected gets TBNI logged into another table. (so if you update the definitions of the levels TBNI you have a log of who has what level and can push the new rules.ima to TBNI your users). TBNI Blocked Senders and Approved Senders work by putting entries in rules.ima to TBNI Move to Main and Move to NUL TBNI I haven't written the code to actually push updates to your definitions TBNI yet, but I would be glad to post my code for both the user.JunkMail and the TBNI rules.ima scripts for those interested. TBNI From: Matt Robertson TBNI Subject: [Declude.JunkMail] Coldfusion Declude front end? TBNI Date: Thu, 20 Jun 2002 10:48:28 -0700 TBNI Has anyone tried putting a web-based front end on Declude? I just upgraded TBNI to JunkMail Pro and am looking for something in ColdFusion. Don't want to TBNI have to write it myself if I can avoid it. TBNI --Matt Robertson-- TBNI MSB Designs, Inc. TBNI http://mysecretbase.com TBNI --- TBNI [This E-mail was scanned for viruses by Declude Virus TBNI (http://www.declude.com)] TBNI --- TBNI This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, TBNI just send an E-mail to [EMAIL PROTECTED], and type unsubscribe TBNI Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You TBNI can visit our web site at http://www.declude.com . TBNI --- TBNI [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] TBNI --- TBNI This E-mail came from the Declude.JunkMail mailing list. To TBNI unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TBNI type unsubscribe Declude.JunkMail. You can E-mail TBNI [EMAIL PROTECTED] for assistance. You can visit our web TBNI site at http://www.declude.com . TBNI --- TBNI [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude
[Declude.JunkMail] IPWHOIS:Ip block
Noticed here a little while ago a spammer that was basically trying a dictionary attack on our imail server. If I IP blacklist this sender in declude he can still do his dictionary attack right ? So only way to make sure he doesn't tie up my server resources is to add him to Imail Kill list ? FYI ip is 62.254.178.50 Also if anyone out there is using FormMail 1.9 then UPDATE. Had a domain that used 1.9 that the spammers found this morning. Updated it to 1.9sp7 and the spammers where killed. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
IPWHOIS:Re[2]: [Declude.JunkMail] IP Blakclist
Talk about that.. 205.244.69.0/24 207.33.16.0/24 216.129.173.70/32 216.15.250.0/23 216.33.87.128/26 64.158.28.0/25 64.159.91.197/32 64.32.34.128/25 64.49.220.128/25 64.5.230.0/24 66.115.47.0/24 66.185.166.0/25 66.35.193.0/24 80.64.131.0/25 Is my ip blacklist that I used in Imail klist BUT after I ran that a while they stopped using our primary server and user our backup server which runs SMTP Webshield so I removed them from Imail again. These are the IPs for the worst spammers/promotors that sent things to our network. (Note there are a few of those in there that belong to places like for example Rackspace.com ) Also CAN oen do as with the fromfile add a comment after the ip ? because as it is today I have NO idea why I choose to block all of the above :( Wednesday, June 19, 2002, 16:10:07 PM, you wrote: OK I've had it with free4all.com In the global.cfg can I blacklist an entire series of ip's with one entry .. eg 193.111.237 and leave the last portion off RSP No, but you can do this if you set up an ipfile test type: RSP KILLFREE4ALL ipfile C:\IMail\Declude\killfree4all.txt x 10 RSP 0 [in the global.cfg file] RSP KILLFREE4ALL DELETE[in the $default$.JunkMail file] RSP and: RSP 193.111.237.0/24[in the RSP C:\IMai\Declude\killfree4all.txt file] RSP -Scott RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. You can E-mail RSP [EMAIL PROTECTED] for assistance. You can visit our web RSP site at http://www.declude.com . RSP --- RSP [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
IPWHOIS:Re[2]: [Declude.JunkMail] Minus One Address.
No I told you to leave them on ;) j/k Thursday, June 20, 2002, 00:56:42 AM, you wrote: alltel.net is a isp and cellphone service provider. They provide dialup access and in some areas even DSL access. A competitor of ours so just leave them on the list ;P T @alltel.net T Sorry about that, it will be removed from the list. T Thanks, T Tom T --- T [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] T --- T This E-mail came from the Declude.JunkMail mailing list. To T unsubscribe, just send an E-mail to [EMAIL PROTECTED], and T type unsubscribe Declude.JunkMail. You can E-mail T [EMAIL PROTECTED] for assistance. You can visit our web T site at http://www.declude.com . T --- T [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
IPWHOIS:Re[2]: [Declude.JunkMail] Coldfusion Declude front end?
Always been thinking about doing a simple thing in php so my users can enable/disable it and maybe set levels. But to much to do with to little time. Thursday, June 20, 2002, 15:22:22 PM, you wrote: WOD If you write one i'd love to see it too! ( CF dude) WOD - Original Message - WOD From: Matt Robertson [EMAIL PROTECTED] WOD To: [EMAIL PROTECTED] WOD Sent: Thursday, June 20, 2002 11:04 AM WOD Subject: [Declude.JunkMail] Coldfusion Declude front end? Has anyone tried putting a web-based front end on Declude? I just upgraded to JunkMail Pro and am looking for something in ColdFusion. Don't want to have to write it myself if I can avoid it. --Matt Robertson-- MSB Designs, Inc. http://mysecretbase.com --- [This E-mail was scanned for viruses by Declude Virus WOD (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by our Stealth Virus Detector] WOD --- WOD [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] WOD --- WOD This E-mail came from the Declude.JunkMail mailing list. To WOD unsubscribe, just send an E-mail to [EMAIL PROTECTED], and WOD type unsubscribe Declude.JunkMail. You can E-mail WOD [EMAIL PROTECTED] for assistance. You can visit our web WOD site at http://www.declude.com . WOD --- WOD [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Handling Held Spams
Hello Mark, I use a weighted system. requires a lot more then badheaders to hold a message. badheaders have a weight of 4. Need 15 to get held. We use spamreview http://www.slsoft.com/spamreview.htm to go through the held messages. In spam review we create filters that delete what is obvious spams and return into the queue what is legit messages that fallen victim to a black listed mailserver or for any other reason triggered our hold weight. It has an out of office mode that I always turn on and then in mornings when I get back to work I go through the messages for which there are currently no rules if only a single message from a special source I process it manually if there are a lot of messages from a special source I create a filter rule. Usually try to do it around lunch time and before I go home. The first few days I ran it I ended up spending a LOT of time with it but after a couple of weeks I might spend 30 minutes in the morning, 5 around lunch and 10 around evening time before I go home. Monday mornings can take a while since I generally haven't done anything since Friday afternoon before I went home. Almost every webserver mail script trips badheaders so you will catch a LOT of legit messages with that test alone. I advise against holding messages that ONLY fails badheaders. MM Hello, MM I was wondering how people handle all the held spam? From my estimates, MM my mailserver is holding over 1 million spams per month. I only have MM BADHEADERS and MAILFROM set for hold and rest for warn. Are those the two MM that most people have set to hold? Any way to make it so the spam forwards MM to a specific email address so I can search it easier if a customer MM complains that there message was marked spam? MM Thanks, MM Mark --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] False positives for Spamheaders
If anyone would understand that then well world be so much easier. Get it when someone like microsoft don't support postmaster and abuse.. Their mailservers don't have any rev dns configured and to boot has invalid headers (this was what I saw on a MSN passport lost password requests that got held in our mails a while back). Whatever you do do not block or delete on JUST spamheaders or badheaders use the weighted system and if a message fail spamheaders only let it pass through. my .02 Thursday, May 23, 2002, 20:00:34, you wrote: DM Hello... DM Installed JunkMail last week and I'm getting some interesting spamheader DM false positives. Some of the more interesting ones are newsletters from: DM ORACLE, SOPHOS, and SYMANTEC! DM I must trigger for Spamheaders since there are far too many real spam DM messages failing only the Spamheader test, so i'll be doing some DM whitelisting... DM ...but, all this makes makes me wonder why companies such as these, who of DM all people should know better, are sending out deficient headers. DM Any suggestions? DM Thx, DM D (just curious) McD. DM --- DM [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] DM --- DM This E-mail came from the Declude.JunkMail mailing list. To DM unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DM type unsubscribe Declude.JunkMail. You can E-mail DM [EMAIL PROTECTED] for assistance. You can visit our web DM site at http://www.declude.com . DM --- DM [This E-mail scanned for viruses by Declude Virus] Best regards, Eje mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Maybe something real will come out of this one.
http://msn.com.com/2100-1105-916931.html Maybe finally a real usable law might come out of that one... One can always hope.. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] Enhancements - unknown sender must reply to ack
A product that does just this is spambar. Gets very enoying when someone on a mailing list starts use it and you write to the list and you have to ack your message to this person. Then someone else sees it start using it. ugh. Tuesday, May 21, 2002, 08:22:33 AM, you wrote: TH I have to agree that this could be one of the most powerful tools yet to TH fight SPAM. I would pay money for this even if it were a seperate product! TH A couple of questions about the implementation: TH 1- If the sender does not acknowledge the confirm request, do they go onto TH the blacklist? This could be helpful if its given a TTL and when expired TH goes onto the blacklist. This would help reduce traffic when a spammer sends TH repeated messages. TH 2- Will it be server and per user based? I don't want to configure anything TH on the client for this and I don't want to traffic to/from the client for TH confirm request/receipt. TH 3- Would it be specific to Imail? Would it be a gateway in front of the TH mail server? TH 4- How will the onslaught of undeliverable messages be handled? I would TH imagine that most of the SPAM messages would not have valid senders, and TH those would produce undeliverable messages. TH 5- If a message from a blacklisted address arrives, can it be put into a TH hold bin instead of deleted? Maybe the Imail SPAM folder, so we can TH continue to SpamReview on them. TH Thanks and I want to push for this product!! TH Todd TH -Original Message- TH From: [EMAIL PROTECTED] TH [mailto:[EMAIL PROTECTED]]On Behalf Of decjunkmail TH Sent: Tuesday, May 21, 2002 12:41 AM TH To: [EMAIL PROTECTED] TH Subject: [Declude.JunkMail] Enhancements - unknown sender must reply to TH ack TH I think I saw this as somewhere else but never heard about it being released TH or implemented: TH System maintains a per-user whitelist of people that are allowed to send TH email to that user TH If an incoming mail is not on the whitelist, it is returned to the sender TH automatically (the user never sees this first attempt) with a request to TH confirm they are sending the email. TH The sender confirms by replying to this request message and then the TH original message will be delivered. TH This has the benefit of: TH Automated for the user. they just start out with an empty individual TH white-list. TH Catches most spam - since the confirm message will bounce if it is sent to TH a fake sender and that accounts for a lot of the spam TH Can be customized - user can reset or manually change their whitelist if TH they want to. TH works for the naiive user - simple system config can enable or disable the TH feature per-user but the actual user need do nothing (doesn't have to learn TH anything) TH The spam that does slip thru would still be processed by all the usual TH weighted scoring algorithms. TH --- TH [This E-mail was scanned for viruses by Declude Virus TH (http://www.declude.com)] TH --- TH This E-mail came from the Declude.JunkMail mailing list. To TH unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TH type unsubscribe Declude.JunkMail. You can E-mail TH [EMAIL PROTECTED] for assistance. You can visit our web TH site at http://www.declude.com . TH --- TH [This E-mail scanned for viruses by Declude Virus] TH --- TH [This E-mail scanned for viruses by Declude Virus] TH --- TH [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] TH --- TH This E-mail came from the Declude.JunkMail mailing list. To TH unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TH type unsubscribe Declude.JunkMail. You can E-mail TH [EMAIL PROTECTED] for assistance. You can visit our web TH site at http://www.declude.com . TH --- TH [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Bounce strategies?
Don't bounce from your postmaster acct. That is just bad. Rather create filters so that you delete the return bounce messages. Just my $0.02 Monday, May 20, 2002, 12:31:55 PM, you wrote: MR I just switched from DELETE to BOUNCE on my weight13 test. I originally MR set to DELETE, but wanted more of a safety factor in there, so went to MR bounce. MR Of course the inbox associated with the bounce msgs is loaded with MR bounced bounce messages. Is it safe for me to do something like set MR that acct to 1-byte capacaity, or a 1-message limit? Will other MR postmasters bounce up and down when the bounced bounce bounces back to MR them? Any advice would be appreciated. MR Cheers, MR --Matt-- MR --- MR [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] MR --- MR This E-mail came from the Declude.JunkMail mailing list. To MR unsubscribe, just send an E-mail to [EMAIL PROTECTED], and MR type unsubscribe Declude.JunkMail. You can E-mail MR [EMAIL PROTECTED] for assistance. You can visit our web MR site at http://www.declude.com . MR --- MR [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] Bounce strategies?
I don't like to delete either. I just the other week move almost fully into a 100% weighted system (used to delete spamcop failed and had a few ones that was set to bounce). If the weight is above 30 I delete, weight above 20 I hold. 10 I just put a header on. The held messages I process with spam review (a great program) those that are abvious junk mail that sends a lot of junk I have filters that deletes the messages basically moves them from Decludes hold folder to a spam review hold folder. Every couple of weeks I purge out messages in the spam review hold folder that are older then 2 weeks. So IF a customer is missing a piece of mail they have 2 weeks to get hold of me. However messages that obviously are not junk but ended up in the hold queue for one or another reason I use spam review to return into the queue to get delivered if I see a large amount of held messages from one person I usually create a rule to automatically return this persons messages back into the queue and for the majority of the time I run spam review in Out of office mode during which time it will process my filters automatically. Messages that don't match my filters will sit there for me when I have time (usually spend a little time in the morning processing last 12-24 hours messages). No complaints from any of our customers so far. Well besides the common complaint that they get a lot of junk mail. Delog show that I block 50-60% of incoming messages and yet they complain :( - Eje Monday, May 20, 2002, 12:59:42 PM, you wrote: GW I don't like the idea of bouncing or deleting any messages. I don't want to take that responsibility, and potentially zap a message that a user wants. I've set up a local blacklist (based on GW the spams I've received that didn't fail any tests), a local whitelist, and I've adjusted the individual pre-defined test weights a little, and am testing a configuration that ATTACHes spam that GW hits a weight of 10, 14, or 20. I've had a few non-spams get a weight of 10, but 14 and 20 are pretty on-target thus far. If the users want to set up filters to delete messages, that's *their* GW choice. GW My problem at the moment is figuring out how to explain to a rather unsophisticated user base how to set up their own client or WebMail filters to make use of the whole thing, if they do want to GW delete anything or move tagged messages to their own holding folder for later review. GW Glenn Z. GW - Original Message - GW From: Matt Robertson GW To: [EMAIL PROTECTED] GW Sent: Monday, May 20, 2002 12:48 PM GW Subject: RE: [Declude.JunkMail] Bounce strategies? GW Yah, I got that part. I created an acct called ''spammaster'' and am GW sending bounce msgs from it. GW Using filters is a good idea. Nice and transparent. Anybody have ideas GW on how to handle the myriad of incoming msgs without a corresponding GW number of filters? I've never really used them. GW --Matt-- GW -Original Message- GW From: [EMAIL PROTECTED] GW [mailto:[EMAIL PROTECTED]] On Behalf Of Eje Gustafsson GW Sent: Monday, May 20, 2002 10:38 AM GW To: Matt Robertson GW Subject: Re: [Declude.JunkMail] Bounce strategies? GW Don't bounce from your postmaster acct. That is just bad. Rather create GW filters so that you delete the return bounce messages. Just my $0.02 GW Monday, May 20, 2002, 12:31:55 PM, you wrote: GW MR I just switched from DELETE to BOUNCE on my weight13 test. I GW MR originally set to DELETE, but wanted more of a safety factor in GW MR there, so went to bounce. GW MR Of course the inbox associated with the bounce msgs is loaded with GW MR bounced bounce messages. Is it safe for me to do something like set GW MR that acct to 1-byte capacaity, or a 1-message limit? Will other GW MR postmasters bounce up and down when the bounced bounce bounces back GW MR to them? Any advice would be appreciated. GW MR Cheers, GW MR --Matt-- GW MR --- GW MR [This E-mail was scanned for viruses by Declude Virus GW MR (http://www.declude.com)] GW MR --- GW MR This E-mail came from the Declude.JunkMail mailing list. To GW MR unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type GW MR unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] GW MR for assistance. You can visit our web site at GW MR http://www.declude.com . GW MR --- GW MR [This E-mail scanned for viruses by Declude Virus] GW Best regards, GWEje Gustafsson mailto:[EMAIL PROTECTED] GW --- GW The Family Entertainment Network http://www.fament.com GW Phone : 620-231- Fax : 620-231-4066 GW eBay UserID : macahan GW - Your Full Time Professionals - GW --- GW [This E-mail scanned for viruses by Declude Virus] GW --- GW [This E-mail was scanned for viruses by Declude Virus GW (http://www.declude.com)] GW --- GW This E-mail came from
Re: [Declude.JunkMail] Wish List
Hello Tom, Would i tbe possible to have SpamReview submit mailservers to like DSBL like test systems and possible Spamcop (maybe look in header to check for what Declude test message didn't fail and submit to those that it passed). Not sure how really useful it would be but it was a thought I had the other day. TS David, TS Only if it were that easy. I'll toss it into the next major release. TS ? Do you use the Out of Office feature now? TS Tom TS -Original Message- TS From: [EMAIL PROTECTED] TS [mailto:[EMAIL PROTECTED]]On Behalf Of David Stavert TS Sent: Monday, May 20, 2002 6:44 PM TS To: [EMAIL PROTECTED] TS Subject: RE: [Declude.JunkMail] Wish List TS Importance: Low TS Add away. TS Thanks TS David TS -Original Message- TS From: [EMAIL PROTECTED] TS [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Schwarz TS Sent: Monday, May 20, 2002 4:24 PM TS To: [EMAIL PROTECTED] TS Subject: RE: [Declude.JunkMail] Wish List TS I'm already doing this. I have a program on the server that runs 24x7 and TS checks a specific email account every minute. In my case the email account TS is [EMAIL PROTECTED] TS This works with IMail Rules file. TS The process is as follows: TS You, as an email users, forward the email in question to TS [EMAIL PROTECTED] This program sees the email, strips it down, and TS replys to you with information about what email address it is going to add TS to the IMail rules. If you reply to this email it is added to your Rules TS and IMail takes care of all email from that address in the future. I could TS add this to SpamReview, if you like and it would work in the Out-Of-Office TS Mode, or make it a seperate program. TS However, as Scott points out it will not be perfect. TS -Original Message- TS From: [EMAIL PROTECTED] TS [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry TS Sent: Monday, May 20, 2002 4:09 PM TS To: [EMAIL PROTECTED] TS Subject: Re: [Declude.JunkMail] Wish List Would it not be great if we could assign an e-Mail or a number of e-Mails that if someone sends a message to they will automatically get blacklisted? This would immediately save all the junk they will manage to send through. TS It is a good idea. The question though is what to block -- the remote TS mailserver, the return address, or something else? TS -Scott TS --- TS [This E-mail was scanned for viruses by Declude Virus TS (http://www.declude.com)] TS --- TS This E-mail came from the Declude.JunkMail mailing list. To TS unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TS type unsubscribe Declude.JunkMail. You can E-mail TS [EMAIL PROTECTED] for assistance. You can visit our web TS site at http://www.declude.com . TS --- TS [This E-mail was scanned for viruses by Declude Virus TS (http://www.declude.com)] TS --- TS This E-mail came from the Declude.JunkMail mailing list. To TS unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TS type unsubscribe Declude.JunkMail. You can E-mail TS [EMAIL PROTECTED] for assistance. You can visit our web TS site at http://www.declude.com . TS --- TS [This E-mail was scanned for viruses by Declude Virus TS (http://www.declude.com)] TS --- TS This E-mail came from the Declude.JunkMail mailing list. To TS unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TS type unsubscribe Declude.JunkMail. You can E-mail TS [EMAIL PROTECTED] for assistance. You can visit our web TS site at http://www.declude.com . TS --- TS [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] TS --- TS This E-mail came from the Declude.JunkMail mailing list. To TS unsubscribe, just send an E-mail to [EMAIL PROTECTED], and TS type unsubscribe Declude.JunkMail. You can E-mail TS [EMAIL PROTECTED] for assistance. You can visit our web TS site at http://www.declude.com . TS --- TS [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] hotmail !?
Nothing like posting on your own post. Also seems atleast one AOL server and one prodidgy server also been OSSRC listed. Got a chunk of legit mail that was caught this morning and tonight thanks to OSSRC. Guess I really need to go all the way with the weighted system consider I'm using a combination weighted and hardcoded tests. Wednesday, May 01, 2002, 10:38:25 AM, you wrote: EG Seems like hotmail been ossrc listed !? Found it in our hold queue EG this morning. There was a bunch from this person sent to this same EG person and you can see in the message that it's a continues thread. EG Received: from hotmail.com [64.4.30.124] by imail.fament.com with ESMTP EG (SMTPD32-7.07) id ACB422910122; Wed, 01 May 2002 09:33:24 -0500 EG Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; EG Wed, 1 May 2002 07:30:20 -0700 EG X-Originating-IP: [12.147.72.21] EG From: [EMAIL PROTECTED] EG To: [EMAIL PROTECTED] EG References: 003201c1f114$05edb930$291bbdd0@rene EG Subject: Re: thoughts EG Date: Wed, 1 May 2002 08:32:29 -0600 EG MIME-Version: 1.0 EG Content-Type: multipart/alternative; EG boundary==_NextPart_000_0083_01C1F0EA.BACDFD80 EG X-Priority: 3 EG X-MSMail-Priority: Normal EG X-Mailer: Microsoft Outlook Express 6.00.2600. EG X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. EG Message-ID: [EMAIL PROTECTED] EG X-OriginalArrivalTime: 01 May 2002 14:30:20.0920 (UTC) FILETIME=[B90E8780:01C1F11C] EG X-Declude-Sender: [EMAIL PROTECTED] [64.4.30.124] EG X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. EG X-Note: This E-mail was sent from oe20.pav1.hotmail.com. ([64.4.30.124]). EG X-Tests-Failed: OSSRC. EG Best regards, EG Eje Gustafsson mailto:[EMAIL PROTECTED] EG --- EG The Family Entertainment Network http://www.fament.com EG Phone : 620-231- Fax : 620-231-4066 EG eBay UserID : macahan EG - Your Full Time Professionals - EG --- EG [This E-mail scanned for viruses by Declude Virus] EG --- EG [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] EG --- EG This E-mail came from the Declude.JunkMail mailing list. To EG unsubscribe, just send an E-mail to [EMAIL PROTECTED], and EG type unsubscribe Declude.JunkMail. You can E-mail EG [EMAIL PROTECTED] for assistance. You can visit our web EG site at http://www.declude.com . EG --- EG [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Why is this one getting held?
Have a mail that gotten held by Declude. Received: from mta01-srv.alltel.net [166.102.165.143] by imail.fament.com with ESMTP (SMTPD32-7.06) id A8321E100EE; Sat, 13 Apr 2002 13:25:54 -0500 Received: from mbaker ([216.96.14.52]) by mta01-srv.alltel.net with SMTP id 20020413182301.SHBY26878.mta01-srv.alltel.net@mbaker; Sat, 13 Apr 2002 13:23:01 -0500 Message-ID: 003901c1e317$e5ac1ea0$340e60d8@mbaker From: Judy Baker [EMAIL PROTECTED] I don't really a reason unless they where an open relay and cleared it up gotten removed from the lists. (I don't use the postfix list) Any way to configure Declude to always write what check the message failed ? Because like this message have no Junk Mail Warnings. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your Full Time Professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] XBL:Just added new spam tests... opinions?
Welcome to the club a while back when I started on this list there was a post to a tool called delog which I downloaded and setup and ran. Since I started running that one (infrequently usage) I always get the depressing results 62-67% junk that is getting blocked by declude :( This weekend is first time I found in the hold folder any considerable amount of legit mail that gotten held that I had to put back in queue. (PS Spamreview is GREAT I hope I'm not the only one that donated money to the guy for writing this great tool). Monday, April 15, 2002, 10:53:28 AM, you wrote: M We've noted a significant increase in spam volumes and variability. We M are now discarding more mail than we deliver. M _M M | -Original Message- M | From: [EMAIL PROTECTED] M | [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Nice M | Sent: Sunday, April 14, 2002 7:10 PM M | To: [EMAIL PROTECTED] M | Subject: Re: [Declude.JunkMail] XBL:Just added new spam M | tests... opinions? M | M | M | Late last week overall volume picked up ... both caught and M | delivered. They seemed to be using lots more virgin relays M | that weren't listed in Spamcop, ORBL, etc. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] Why is this one getting held?
Hello R., Have a mail that gotten held by Declude. From: Judy Baker [EMAIL PROTECTED] RSP alltel.net is listed in the NOPOSTMASTER database. Hmm ok. Shouldn't been held on that alone. RSP To find out what other test(s) it failed, you can check the Declude RSP JunkMail log file. Any way to configure Declude to always write what check the message failed ? RSP With recent version of Declude JunkMail, you can use: RSP XINHEADER X-Tests-Failed: %TESTSFAILED%. RSP That will add a line to the headers that shows which spam test(s), if any, RSP the E-mail failed. Thank you I know I seen it somewhere but being monday I couldn't find it. =O Next time I will know thanks to this little trick. Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your fulltime professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] DSBL
Not many hits yet for dsbl but seen a few Delog Version 1.05b Detailed Report for: 04/10/2002 10:10:46 Log file examined: I:\IMail\spool\dec0409.log Unique Message Count: 7957 Failed Message Count: 4891 Total Percentage of Spam: 61% User Selected tests: 20 OSSRC failed: 1138 OSSOFT failed: 245 OSDUL failed: 2 OSFORM failed: 0 OSLIST failed: 0 OSRELAY failed: 222 SPAMCOP failed: 1281 DSBL failed: 41 DSBLALL failed: 41 DSBLMULTI failed: 0 ORDB failed: 228 MAILFROM failed: 36 BADHEADERS failed: 1174 SPAMHEADERS failed: 1899 REVDNS failed: 980 ROUTING failed: 159 NOABUSE failed: 1471 WEIGHT10 failed: 2471 WEIGHT20 failed: 792 WEIGHT30 failed: 0 Just put in the DSBLMULTI and the WEIGHT30 today I just love spamcop ;) Takes care of so much of our spam. Wednesday, April 10, 2002, 08:26:04 AM, you wrote: DD It appears that DSBL is now three lists ... the two confirmed ones DD are: DD list.dsbl.org for single-stage relays tested by trusted users, multihop.dsbl.org DD I haven't noticed any hits on these with Declude ... are they working? DD I'm using the format: DD DSBL ip4r list.dsbl.org * 10 0 DD DSBL ip4r multihop.dsbl.org * 10 0 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Declude Virus Junkmail
Hello Adam, we run both on one server. A Dual P-II 350 /w 256MB ram. Imail deliver about 4k e-mails each day and we have about 8-8.5k incoming e-mails of which 4-4.5k gets blocked by declude junkmail. Rarely gets over 10% load. This is on about 60+ domains which one domain is for our dial-up service with 500+ accounts. Tuesday, April 09, 2002, 11:01:52 AM, you wrote: AH Hello, AH We are ISP using Imail and we are evaluating Declude Virus Junkmail. I was AH wondering anyone can offer insight on how much of a load these 2 programs AH will put on our servers. AH Our machines have roughly 200 domains on each server. The server does both AH web and email services. If we install Delcude Virus Junkmail on each AH server will this be to much? We have the trial version on Virus running and AH it doesn't seem to bad yet (but we just started it). Our servers range from AH PII-300 dual PII-1GHz machines. AH I know a rough estimate on the number of emails would be good but I really AH don't know. So if you have some figures for a server with about 200 domains AH and the amount of email generated a day I would appreciate anything AH Let me know about the stats for server loading... AH Thanks, AH Adam AH AH Adam Hobach AH CyberLynk Sales/Support AH [EMAIL PROTECTED] or [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Relaying configuration WAS HELP: I just got listed on ORDB
A little netiq please.. Trim your posts. The original message was 11.2k for less then 1k worth of comment... Just want to chimn in and say that MSN also blocks outbound smtp and you have to use their mailservers. But on top of that you HAVE to use SPA smtp authentication which is something evil that microsoft have come up with. I use a mail client called The Bat! and it would NOT function with MSNs mailservers. Only app I managed to find that worked was Outlook Outlook Express. Now talk about cornering your clients... Sunday, March 31, 2002, 10:27:34 AM, you wrote: DB Auth should work, then, unless there was some change in 7.xx. To be DB sure, setup a test virtual server and try it from a dial-up. Have your DB Imail logs set to debug, so you can see what's happening during the DB test. DB What we do here is use relay for addresses and Auth. However, since DB we use an external database with Imail 6.xx, we have to assign an IP DB to every mail host that needs Auth. That may be fixed in 7.xx, but I DB haven't heard for sure. DB Moreover, we really encourage our users to use the SMTP of their DB dial-up provider, since many (like Earthlink) block port 25 traffic to DB IP's which are not on their net. DB Sunday, March 31, 2002, 9:16:42 AM, Jim Rooth [EMAIL PROTECTED] wrote: JR I am using the Imail Database on v7.06 JR Family, God, and Corps...all else are mere details JR Jim Rooth JR http://www.usmcfew.com/3516 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Relaying configuration WAS HELP: I just got listed on ORDB
Hello Timm, Hmm Never thought about that. I could do that on my firewall redirect connections for port 125 to 25. Sunday, March 31, 2002, 18:48:20 PM, you wrote: TJ I got around the SMTP filtering issue by setting up a small daemon on my TJ server that accepted connections on port 125 (could be any port, I just TJ picked 125) and redirects the connection to port 25. It's multi-threaded and TJ lets people connect directly to your server to send mail even if their port TJ 25 is blocked by their ISP. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] More wounderful SWBell.net
I know there was a discussion a few days ago about SWBells wounderfull DNS service. Well thought I give a true sad story. About a year ago we ran MailMax and McAfee Webshield SMTP. We did an update of mailmax to latest version less then a week later our server got hijacked and used as a spamrelay server. Mailmax was configured to avoid relaying but something was obviously broke and SmartMax people just keep saying nothing wrong with mailmax even though I could show them rbl listings with our mailmax servers tag in the passed messages. After 5 days we gave up and started looking for new software and our eyes fell on Ipswitch Imail and Declude antivirus and junkmail. Said and done we bought 2 days delivery same day we ordered it we got a call from SWBell Policy department telling us to shutdown our mailserver or we would find our upstream bandwidth shutdown by 5pm that same day (which BTW is big nono according to our contract we are required 14day written notice). I managed to buy ourselves 24hrs more since we had ordered the software and fixup so that swbell relay tests wouldn't go through so I got enough time to get our new mailserver software and install it without further threats (dirty done by me but hey)... Either way.. Today I found this after gotten a complaint from a customer that couldn't receive mail from a customers of theirs. #nslookup smtp-relay.swbell.net Name:smtp-relay.swbell.net Address: 151.164.30.54 http://www.orbz.org/b.php?151.164.30.54 Now... What is wrong with this picture If I do it they can violate our contract and threaten to terminate me but they can run a relay server for over 3 weeks Besides I'm STILL waiting four our letter of apology from SWBell for this incident. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: FW: [Declude.JunkMail] MISSING_REVERSE_DNS:FW: IMail Server 7.06 Hotfix 1
roflmao.. Now why don't that suprise me at all.. They recently upgraded their servers. Figures they screwed it up. Their QoS is very poor to say the least trust me I had a T1 from them for some time now and when the contract is up I will not renew with them.. Sunday, March 10, 2002, 20:27:13 PM, you wrote: What am I missing? Why did I get the reverse DNS note? ---from www.DNSstuff.com--- Reverse DNS for 209.184.248.29 Generated by www.DNSstuff.com How I am searching: Searching for PTR record for 29.248.184.209.in-addr.arpa at h.root-servers.net: Got referral to BUCHU.ARIN.NET. Searching for PTR record for 29.248.184.209.in-addr.arpa at BUCHU.ARIN.NET.: Got referral to NS1.SWBELL.NET. Searching for PTR record for 29.248.184.209.in-addr.arpa at NS1.SWBELL.NET.: Got referral to wildcat.elkhart.com. Searching for PTR record for 29.248.184.209.in-addr.arpa at wildcat.elkhart.com.: Reports mail.elkhart.com. RSP There seems to be a problem with the swbell.net servers. Sometimes, they RSP are responding with one answer, sometimes with another. For example: RSP Searching for PTR record for 29.248.184.209.in-addr.arpa at RSP NS1.SWBELL.NET.: Got referral to ns1.swbell.net. RSP Searching for PTR record for 29.248.184.209.in-addr.arpa at RSP ns1.swbell.net.: Got referral to wildcat.elkhart.com. RSP Searching for PTR record for 29.248.184.209.in-addr.arpa at RSP wildcat.elkhart.com.: Reports mail.elkhart.com. RSP Here, ns1.swbell.net is referring the answer back to itself, and on the RSP second try is responding correctly. It sounds like they may have the IP RSP for ns1.swbell.net point to multiple servers, some of which are set up RSP properly, and others are not. RSP I'm guessing that our local DNS server sees ns1.swbell.net referring us RSP back to itself, and assumes that an infinite loop will result (whereas the RSP www.DNSstuff.com lookup will only detect an infinite loop if more than 20 RSP lookups are performed). The swbell.net people need to fix the problem. RSP -Scott --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] Spamcop issue
My only concern is that after doing some checking myself with just warn on weight10 is that someone that fail revdns and badheaders will have a weight of 13 and thusely get held/deleted. I seen legit messages fail these two tests. For example my wife signed up for a newsletter for a software this weekend weight 13. I received a letter this morning from Microsoft also a newsletter missing Revdns if they would also have bad headers or something similar they would also be held. I decided to only put warn on weight10 and create a weight 20 that I end up holding. Might consider giving OSSRC a higher weight so that your OSSRC and spamheaders push it up higher then 10 or make sure you lower revdns since it seems so many legit mailinglist/newsletters unfortunately fails this test. Just my $.02 Saturday, March 02, 2002, 02:50:36 AM, you wrote: T After careful consideration to everyone's views, I have elected T to use the weight10 test to help define spam. I have been looking T through thousands of messages and logs to figure out what the best T method would be for cutting down spam. Most spam will fail more T than one test. Usually a message considered spam will also fail T the Spamheader test. Using the Declude weight test I can now T set Declude to hold just that message and let the other messages T through with a warning. T If you take a look at the following example, you will see that T there are messages that fail more than one test; T OSSRC: Jackpot.com spam T SPAMHEADERS: This E-mail has headers consistent with spam T So if both of these tests have a value of 5 then this mail T would fail based on the weight10 test. T Any thoughts? T Regards, T Tom T Image`fx T --- T [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] T --- T This E-mail came from the Declude.JunkMail mailing list. To T unsubscribe, just send an E-mail to [EMAIL PROTECTED], and T type unsubscribe Declude.JunkMail. You can E-mail T [EMAIL PROTECTED] for assistance. You can visit our web T site at http://www.declude.com . T --- T [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your fulltime professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re[2]: [Declude.JunkMail] Spamcop issue
Interesting Terry thanks for sharing. How do you generate those reports ? Interested in sharing if it's a program or script ? Regards Eje Monday, March 04, 2002, 09:20:27 AM, you wrote: SBL Eje, SBL Monday, March 4, 2002 you wrote: EG My only concern is that after doing some checking myself with just EG warn on weight10 is that someone that fail revdns and badheaders will EG have a weight of 13 and thusely get held/deleted. SBL I don't know if this helps you or not but we use a similar weighting SBL system and here are our results for February: SBL --- SBL Total Messages: 26,438 SBL Not fail having weight: 20,626 (Avg Wt: 9.62) SBL Failed Messages: 5,812 ( 21.98%) (Avg Wt: 34.93) SBL Messages failed the following tests: SBL ADULT: 80 SBL BADHEADERS: 4633 SBL DSN: 458 SBL MAILFROM: 351 SBL NOABUSE: 4276 SBL NOPOSTMASTER: 3474 SBL ORBZIN: 2162 SBL ORBZOUT: 3239 SBL ORDB: 2281 SBL OSDUL: 33 SBL OSLIST: 1 SBL OSRELAY: 1849 SBL OSSOFT: 218 SBL OSSRC: 1448 SBL REVDNS: 6480 SBL ROUTING: 2409 SBL SPAMCOP: 5218 SBL SPAMHEADERS: 12603 SBL nsbsibl1: 496 SBL sbsibl1: 137 SBL sbsibl2: 79 SBL I think there may be a bug either in my reporting or perhaps in SBL declude because we did have messages which should have no weight but I SBL think because of our weight09 test they end up with some weight. I SBL haven't had time to check. SBL So the average of our non-failed messages was 9.62 but 34.93 for the SBL ones that did fail. SBL Still we move all failed messages to a spam folder and then check them SBL and move any good ones back to the spool. Here is results of that: SBL -- SBL Year - Mo Moved Pct DeletedPct Total SBL 2001 - 12 64 3.92% 1,567 96.08% 1,631 SBL 2002 - 01221 4.08% 5,198 95.92% 5,419 SBL 2002 - 02247 4.19% 5,643 95.81% 5,890 SBL So we still have about 4% of our trapped messages that are really SBL legitimate messages. SBL I do not see a solution for this at this point. SBL Terry Fritts SBL --- SBL [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] SBL --- SBL This E-mail came from the Declude.JunkMail mailing list. To SBL unsubscribe, just send an E-mail to [EMAIL PROTECTED], and SBL type unsubscribe Declude.JunkMail. You can E-mail SBL [EMAIL PROTECTED] for assistance. You can visit our web SBL site at http://www.declude.com . SBL --- SBL [This E-mail scanned for viruses by Declude Virus] Best regards, Eje Gustafsson mailto:[EMAIL PROTECTED] --- The Family Entertainment Network http://www.fament.com Phone : 620-231- Fax : 620-231-4066 eBay UserID : macahan - Your fulltime professionals - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .