Re: [Declude.JunkMail] Declude 2 and DELETE
I've run into this problem too. My solution was to setup another delete test two points lower than your original delete test. So with a WEIGHT30 test, setup a WEIGHT28 test with the action of delete. I don't know how reliable it is, but it worked for me. Jason - Original Message - From: Fritz Squib [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, March 01, 2005 7:42 AM Subject: [Declude.JunkMail] Declude 2 and DELETE Apparently I missing something bloody obvious, but with 2.0 running it seems like my delete action doesn't work as expected any more. Running the latest 2.x release downloaded last night. --Global Config-- WEIGHT20 weight x x 20 0 WEIGHT30 weight x x 32 0 --Default.junkmail-- WEIGHT20 HOLD WEIGHT30 DELETE In a brief conversation with Declude the response I got was: The problem is probably the change in the way the DELETE action works. In the past, it would delete the E-mail for all recipients. Now, it only deletes the E-mail for recipients that use the DELETE action. It still seems like the HOLD action is taking precedence over the DELETE action since mail with weight over my WEIGHT30 test winds up in the hold folder even though the log file says: 02/01/2005 12:25:06 Qbb6c48770128853b Msg failed WEIGHT30 (Weight of 44 reaches or exceeds the limit of 32.). Action=DELETE. I has sent Scott debug log files but I still haven't figure out what I'm missing. Yes there are a *few* per user .junkmail files, with an action of WARN, but most of the held mail is either not for them (nor are they CC'd or BCC'd as far as I can tell) and/or (may or may not be related) in the spam review application there is no To: field reported. I have also tried changing 'weight' to 'weightrange' with the appropriate scores, and still see the same results Anyone else ? Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html email /\- against microsoft attachments --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SURBL as RHSBL
I would rather not add six new tests to my config. Would you recommend a single SURBL test? Which one seems to work better? Regards, Jason - Original Message - From: Darin Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 8:02 AM Subject: Re: [Declude.JunkMail] SURBL as RHSBL Hi Bill, You seem to always be one of the first to share new blacklists. Where do you find this info? Is there another list that would be worth joining? Thanks, man. Darin. - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 5:04 AM Subject: Re: [Declude.JunkMail] SURBL as RHSBL Modification, since I was not thinking, but Declude JunkMail does not support bitmasked responses. So instead of using the multi zone, you will need to use: SURBL_AB rhsbl ab.surbl.org127.0.0.2 1 0 SURBL_JP rhsbl jp.surbl.org127.0.0.2 1 0 SURBL_OB rhsbl ob.surbl.org127.0.0.2 1 0 SURBL_PH rhsbl ph.surbl.org127.0.0.2 1 0 SURBL_SC rhsbl sc.surbl.org127.0.0.2 1 0 SURBL_WS rhsbl ws.surbl.org127.0.0.2 1 0 Which will require six different queries if you want to use all SURBL lists. Bill - Original Message - From: Bill Landry To: [EMAIL PROTECTED] Sent: Tuesday, November 23, 2004 12:47 AM Subject: Re: [Declude.JunkMail] SURBL as RHSBL Markus, if you want to test against all of the SURBLs, since it's only a single query to the multi zone, use: SURBL_AB rhsbl multi.surbl.org127.0.0.32 1 0 SURBL_JP rhsbl multi.surbl.org127.0.0.64 1 0 SURBL_OB rhsbl multi.surbl.org127.0.0.16 1 0 SURBL_PH rhsbl multi.surbl.org127.0.0.8 1 0 SURBL_SC rhsbl multi.surbl.org127.0.0.2 1 0 SURBL_WS rhsbl multi.surbl.org127.0.0.4 1 0 AB = AbuseButler data JP = Combination of Prolocation data Joe Wein's SpamSpy data OB = OutBlaze data PH = Combination of MailPolice Fraud list data MailSecurity Phishing list data SC = SpamCop top 200 hits data WS = William Stearns submitter data I have been testing this for about an hour, and am getting a few hits. We'll see how it goes over the next 24 hours... Bill - Original Message - From: Markus Gufler To: [EMAIL PROTECTED] Sent: Monday, November 22, 2004 11:41 PM Subject: RE: [Declude.JunkMail] SURBL as RHSBL Is this the correct configruation line for doing this? SURBLS-RHSBL rhsbl %MAILFROM%.sc.surbl.org 127.0.0.2 5 0 Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam Bounty Hunters...?
http://www.msnbc.msn.com/id/5326107/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Messages slipping through JM
We have had a many e-mails showing up as of late that have no subject/body. Further investigation shows that these messages are far above our hold weight. The latest one I've received has a subject, but no body. Here are the headers from the message: Received: from host107-183.pool80181.interbusiness.it [80.181.183.107] by areatech.com (SMTPD32-7.14) id A7EC9DA0084; Tue, 29 Jun 2004 14:50:04 -0500 From: [EMAIL PROTECTED] To: dolphins@ areatech.com Subject: Pay less money - receive more software.. It's too simple. ;-) quibble Date: Tue, 29 Jun 2004 14:48:37 -0600 Message-ID: 3[4 X-RBL-Warning: DSN: Not supporting null originator (DSN) [2-19-9800] X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 12. [2-36-12000] X-RBL-Warning: WEIGHT10: Weight of 39 reaches or exceeds the limit of 10. [2-37-12800] X-RBL-Warning: WEIGHT20: Weight of 39 reaches or exceeds the limit of 27. [2-40-14000] X-Declude-Sender: [EMAIL PROTECTED] [80.181.183.107] X-Spam-Tests-Failed: SORBS-DUHL, DSN, SPAMCHK, WEIGHT10, WEIGHT20 [39] X-UIDL: 385498355 Can someone shed some light on what may be causing this to be delivered? Thanks Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Messages slipping through JM
Sorry Scott, should have been more clear. We don't do a declude Hold at Weight20, we do a warn, and then I have a rule in Imail (7.15) that sends anything with WEIGHT20 to a spambox submailbox. Here are the JM logs: [trunc] 06/29/2004 14:49:58 Qc7df09da00840372 L1 Message OK 06/29/2004 14:49:58 Qc7df09da00840372 Tests failed [weight=39]: SORBS-DUHL=IGNORE DSN=WARN IPNOTINMX=IGNORE SPAMCHK=WARN WEIGHT10=WARN WEIGHT20=WARN CATCHALLMAILS=IGNORE 06/29/2004 14:49:58 Qc7df09da00840372 L2 Message OK 06/29/2004 14:49:58 Qc7df09da00840372 Tests failed [weight=39]: SORBS-DUHL=IGNORE DSN=WARN IPNOTINMX=IGNORE SPAMCHK=WARN WEIGHT10=WARN WEIGHT20=WARN CATCHALLMAILS=IGNORE 06/29/2004 14:49:58 Qc7df09da00840372 L3 Message OK 06/29/2004 14:49:58 Qc7df09da00840372 Tests failed [weight=39]: SORBS-DUHL=IGNORE DSN=WARN IPNOTINMX=IGNORE SPAMCHK=WARN WEIGHT10=WARN WEIGHT20=WARN CATCHALLMAILS=IGNORE 06/29/2004 14:49:58 Qc7df09da00840372 L4 Message OK [/trunc] So I'm gonna answer my own question here, and say that Declude got it right, but Imail didn't catch it in the Rule. Anyone have a clue on why Imail rule wouldn't catch the text WEIGHT20 using this rule: H~(WEIGHT20):spambox TIA Jason - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 3:11 PM Subject: RE: [Declude.JunkMail] Messages slipping through JM Jason, What does the Declude log file indicate for these messages? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Messages slipping through JM
- Original Message - From: Ken Weise [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 4:16 PM Subject: Re: [Declude.JunkMail] Messages slipping through JM If this was forwarded from another account, it would skip the IMail rule. I just went through that, when one of our sales people went on vacation and forwarded their mail to the CEO, who then received all their spam. :-) Is this by design? I'm confused now (doesn't take much). So an e-mail comes in, it gets processed by declude, processed by rules, and delivered. Now we take that same e-mail and forward it to my account. Where does it go south, does it go from declude to an odd 'forward' process bypassing the rules, and straight to delivery? Thanks Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Messages slipping through JM
- Original Message - From: Grant Griffith - Declude JM [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 4:19 PM Subject: RE: [Declude.JunkMail] Messages slipping through JM Why not use the command in Declude to do this directly? In looking at the manual it appears to be ROUTETO email address. You could do this for the WEIGHT20 Piece. I'm not sending all WEIGHT20 to a separate e-mail address. I'm shooting it to a sub mailbox. For this I would use the MAILBOX action, and that requires PRO which we do not have. Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Messages slipping through JM
Don't believe that will work. Does anyone know why a forwarded message isn't processed by the rules? Thanks, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Griffith - Declude JM Sent: Tuesday, June 29, 2004 4:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Messages slipping through JM Not sure if this would really work, but you could send it to a separate mailbox using the ROUTETO function by putting [EMAIL PROTECTED] Will this work if it is to the same user? Might be a way around the problem? Sincerely, Grant Griffith EI8HT LEGS Enhanced Web Management A Division of ETC http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason @ AreaTech Sent: Tuesday, June 29, 2004 4:44 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Messages slipping through JM - Original Message - From: Grant Griffith - Declude JM [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 4:19 PM Subject: RE: [Declude.JunkMail] Messages slipping through JM Why not use the command in Declude to do this directly? In looking at the manual it appears to be ROUTETO email address. You could do this for the WEIGHT20 Piece. I'm not sending all WEIGHT20 to a separate e-mail address. I'm shooting it to a sub mailbox. For this I would use the MAILBOX action, and that requires PRO which we do not have. Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] nospamproxy
Anyone here try using Nospamproxy? Looks promising http://www.nospamproxy.de Please let me know. Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Chuck, Your most efficient option would be to run your own DNS server. Then YOU control the query volumes, and no longer rely on ATT. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Thursday, April 22, 2004 11:16 AM To: Declude. JunkMail Subject: [Declude.JunkMail] Nameserver issues and Spam fighting With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more DNS timeouts which result in more spam getting through. Anyone else perceive this as a problem that will only get worse? Anyone have any suggestions to make the DNS lookup process more efficient? It would be nice feature if we could bypass some of the DNS lookups if the email scored over a certain amount which would allow some of the email to bypass the lookups thereby reducing the load. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Scripting batch files
Hello everyone. I have created a batch file that runs Bill's log analyzer that was made available last week. What I would like to do is have the DOS batch file e-mail this each night at midnight using the previous days declude log file. I do not know much about date scripting in DOS batch files so any help would be appreciated. Here is the batch I have (very basic): wamlog c:\imail\spool\dec0418.log Stats.txt imail1 -s Daily Spam Stats -t [EMAIL PROTECTED] -u Spam -h domain.com -f Stats.txt Thanks, Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Scripting batch files
Responding to my own post: Here is the final batch file with date scripting included. It is probably too basic, but if anyone can use it here it is: for /F tokens=1-4 delims=/- %%A in ('date/T') do wamlog c:\imail\spool\dec%%B%%C.log Stats.txt imail1 -s Daily Spam Stats -f Stats.txt -t [EMAIL PROTECTED] -u Spam -h domain.com Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: Monday, April 19, 2004 2:05 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: Scripting batch files Hello everyone. I have created a batch file that runs Bill's log analyzer that was made available last week. What I would like to do is have the DOS batch file e-mail this each night at midnight using the previous days declude log file. I do not know much about date scripting in DOS batch files so any help would be appreciated. Here is the batch I have (very basic): wamlog c:\imail\spool\dec0418.log Stats.txt imail1 -s Daily Spam Stats -t [EMAIL PROTECTED] -u Spam -h domain.com -f Stats.txt Thanks, Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New test
These headers didn't trigger the HELOISIP test. It looks to me like they should have. Any Ideas? Received: from adsl-63-202-107-44.dsl.lsan03.pacbell.net [63.202.107.44] by areatech.com (SMTPD32-7.14) id A37557AB0118; Mon, 19 Apr 2004 10:42:45 -0500 Received: from iowiekwaoakkwjehckckw.com (iowiekwaoakkwjehckckw.com [20.214.235.110]) by adsl-63-202-107-44.dsl.lsan03.pacbell.net (Postfix) with ESMTP id 24CB5D66BE for [EMAIL PROTECTED]; Mon, 19 Apr 2004 11:36:16 -0400 Date: Mon, 19 Apr 2004 11:36:16 -0400 From: Counsellors T. Dissenters [EMAIL PROTECTED] X-Mailer: The Bat! (v2.00.0) Personal Reply-To: [EMAIL PROTECTED] X-Priority: 3 Message-ID: [EMAIL PROTECTED] To: Newlandj [EMAIL PROTECTED] Subject: A|D|V 1adies tthat wannt to encounter 5trangers MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-milter (http://amavis.org/) X-RBL-Warning: MAILFROM: Domain iowiekwaoakkwjehckckw.com has no MX or A records [0301]. [2-26-d000] X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 10. [2-37-12800] X-RBL-Warning: WEIGHT10: Weight of 32 reaches or exceeds the limit of 10. [2-38-13000] X-RBL-Warning: WEIGHT20: Weight of 32 reaches or exceeds the limit of 28. [2-41-14800] X-Declude-Sender: [EMAIL PROTECTED] [63.202.107.44] X-Spam-Tests-Failed: SORBS-DUHL, MAILFROM, SPAMCHK, WEIGHT10, WEIGHT20 [32] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New test
Don't know about NT4, but we are running it on Win2k using log level low and it is working well. I don't see it come up in the task manager either, but it is running. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Brooks Sent: Monday, April 19, 2004 1:10 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] New test Will Heloisp run on NT ...I do not see any activity in task manager or in the declude logslog level MID At 01:57 PM 4/19/2004 -0400, you wrote: You should be fine as long as you don't do matches on numbers below 20, or at least that is my experience. I'm thinking that you created this exception in order to head off that problem. Minimally it's worth a try. Matt Bud Durland wrote: Jason wrote: These headers didn't trigger the HELOISIP test. It looks to me like they should have. Any Ideas? Received: from adsl-63-202-107-44.dsl.lsan03.pacbell.net [63.202.107.44] by areatech.com (SMTPD32-7.14) id A37557AB0118; Mon, 19 Apr 2004 10:42:45 -0500 Because of the 'lsan03', the numeric characters in the host name boil down to 63.202.107.44.03. I'm thinking about how best to make this type of entry fail, without jacking up the risk of a false positive. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New test
Bud, Is this the proper format for the config file? : HELOISIPexternalweight C:\imail\declude\heloisip\heloisip.exe 10 0 Thanks! Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bud Durland Sent: Sunday, April 18, 2004 6:18 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] New test Bud Durland wrote: I am testing a small external test program. A message fails the test if there is an discernable IP address in the HELO entry of the message. The new test is available for download from http://bud.thedurlands.com. -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New test
Thanks Bill. All I can say is WOW. This test seems to be working very very well. It is snagging tons of stuff. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Sunday, April 18, 2004 8:13 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] New test Bud's documentation says should be setup as a nonzero test, for example: HELOISIP external nonzero C:\imail\declude\heloisip\heloisip.exe 10 0 rather then a weight test. Bill - Original Message - From: Jason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, April 18, 2004 5:59 PM Subject: RE: [Declude.JunkMail] New test Bud, Is this the proper format for the config file? : HELOISIP external weight C:\imail\declude\heloisip\heloisip.exe 10 0 Thanks! Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bud Durland Sent: Sunday, April 18, 2004 6:18 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] New test Bud Durland wrote: I am testing a small external test program. A message fails the test if there is an discernable IP address in the HELO entry of the message. The new test is available for download from http://bud.thedurlands.com. -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
Me too :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, April 13, 2004 10:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Surbl.org I would be interested in your script until native support is added to Declude. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org - Scott?
Yes, your 8 minute update timeframe has passed. ;) Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Surbl.org
From the IMGATE list: http://surbl.org/ Interesting concept. Anyone here tried it? Ive been planning to upgrade SA on my personal acct here and have a few hours to kill on Tues so I think I'm going to add it and see how well it does. Any chance this can be made to work with Declude? Thanks Jason [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
Innocent? ;). We are already using spamchk as an external test. I would like to avoid adding spamassassin as well. I was thinking more along the lines of integrating the test into the declude core... Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Monday, April 12, 2004 11:05 PM To: Jason Subject: Re: [Declude.JunkMail] Surbl.org Any chance this can be made to work with Declude? Well, SpamAssassin can. :) Another innocent plug... --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Passing weight to Externalplus test
Did you send Scott a Christmas card? :) Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Wednesday, April 07, 2004 4:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Passing weight to Externalplus test There is now an interim 1.79i3 at WOW! I have to analyze Matt's and Sanford's messages/spelling/psycology. How the hell it's possible to have such a fast reaction (8 minutes!!!) for such a request? No doubt, support issues are resolved very fast. Also realy important things like EZIP. This is important and good. But I'm asking for month's now for simple new features that in the meantime was repeated several times by other customers... still waiting Can't imagine what I'm doing wrong here. Markus :-( --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Habeas win judgment
Great info! Thanks Bill. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Wednesday, April 07, 2004 8:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Habeas win judgment Based on the following link, Habeas is recommending that users no longer rely on solely on the Habeas headers to whitelist messages: http://habeas.com/configurationPages/spamassassin.htm The patches Habeas provides for Spamassassin remove the weight reduction rules based on the Habeas headers and adds the HIL (BlackList) and HUL (WhiteList) RBLs instead. I've added them to the Declude JunkMail global.cfg as: HABEAS-INFRINGER ip4r hil.habeas.com* 10 0 HABEAS-USER ip4r hul.habeas.com* -10 0 Adjust the weights to meet your own needs and requirements. Bill - Original Message - From: Nathan Fouarge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 2:05 PM Subject: [Declude.JunkMail] Habeas win judgment Just noticed this in the news and didn't see it on this list. http://www.theregister.co.uk/2004/04/07/habeas_spam_lawsuit/ Glad they are doing something about it. Nathan Fouarge AmberWave Communications --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Phishing? (Possible test?)
Title: Message Not knowing enough about the way WHOIS works, could a test be set up that would heavily weight any e-mails that come from a "New" domain? This would really help the pill/porn pushers.... Jason -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Saturday, April 03, 2004 7:17 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Phishing? The DNS and web server for this domain were on dynamic-range hosts and have already been shut down. The WHOIS registration is a little more than a week old. Googling thenet-abuse groupsturns up:
RE: [Declude.JunkMail] BlackIce
We had a single Colo'd server fall ill to this vulnerability on Friday night. It wasn't a pretty sight to say the least. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Wiegers Sent: Sunday, March 21, 2004 6:51 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BlackIce Thanks for the heads up on this. Unless you have updated your BlackICE in the last week you are at risk. http://xforce.iss.net/xforce/alerts/id/166 http://www.eeye.com/html/Research/Advisories/AD20040318.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Sunday, March 21, 2004 5:17 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] BlackIce Warning for anyone using BlackIce. We were hit by a destructive worm. http://www.washingtonpost.com/wp-dyn/articles/A11310-2004Mar20.html Destroyed most of our servers. We are in the process of recovering from backups. Fred --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [AUTOMATED NOTE: Your mail server [209.184.248.29] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Detecting disguised url's in headers
It is a rule. They are located in a rules.ima (inbound rules file). The rules.ima file gets placed in the top directory of the domain that you want to use it on. There is lots of data about this in the knowledge base on Imails web site. Regards, Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, March 19, 2004 12:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers Where is this set in imail? Is it antispam of imail as we do not use it. Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W. Kitchener, ON N2M 1L2 519-741-1222 Did you know we offer: - Province wide dial-up and high speed internet access - Web accessible email with anti-spam\antivirus protection - Computer hardware sales and service - Experienced website developers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: Friday, March 19, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers We created an Imail rule to block these. Here is what we use: (http\://\d\d\.|http\://\d\d\d\.):spambox This seems to work very well. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, March 19, 2004 12:30 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Detecting disguised url's in headers IE this url: //205.159.%372.%32%30/mort/ obviously gets translated and I could do so also. It would take a lot of extra time. I copy the url out of headers of spam that gets through and put it into my filter file. These are bothersome however. Is there a way that we could just mark these kind of mails as spam? I think it would be just spammers that do this. thanks Harry Vanderzand inTown Internet Computer Services --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Detecting disguised url's in headers
Well, let us ask the entire list if there are valid reasons that people would send an IP in a URL. I tested this for 2 months and didn't have a single legitimate e-mail like this. We did have people sending IP addresses, but not as a url. For example: My server IP is 156.23.140.10. Not one case had someone say my website is http://[insert ip here] Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, March 19, 2004 1:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers I am not sure if my request here is being understood. I would not want to mark all messages with an IP in the url as spam. Only those messages that use %nnn%nnn%nnn etc. When you view source of an html message you can see this kind of coding. As in this case: //205.159.%372.%32%30/mort/ We always do a view source and take the url out of the source and then blacklist that, for those messages that were no caught by anti-spam at the time. I do not know what that process is called and have only ever seen it in source code of certain spam e-mail Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W. Kitchener, ON N2M 1L2 519-741-1222 Did you know we offer: - Province wide dial-up and high speed internet access - Web accessible email with anti-spam\antivirus protection - Computer hardware sales and service - Experienced website developers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Sent: Friday, March 19, 2004 1:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Detecting disguised url's in headers We created an Imail rule to block these. Here is what we use: (http\://\d\d\.|http\://\d\d\d\.):spambox This seems to work very well. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Friday, March 19, 2004 12:30 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Detecting disguised url's in headers IE this url: //205.159.%372.%32%30/mort/ obviously gets translated and I could do so also. It would take a lot of extra time. I copy the url out of headers of spam that gets through and put it into my filter file. These are bothersome however. Is there a way that we could just mark these kind of mails as spam? I think it would be just spammers that do this. thanks Harry Vanderzand inTown Internet Computer Services --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New CMD space test info
For some reason this isn't coming up in the archives (though I know I've seen it) Can someone shoot me the config line for the new CMDSPACE ? Thanks Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Kill List not working.....
Ah, but the Kill.lst is an envelope rejection. It saves many more resources this way. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 10, 2004 2:03 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Kill List not working. Bennie, blocking spammers by their domain name only is a losing proposition. You're already using SBL... I'd suggest that you also implement the SORBS tests and the MAILPOLICE tests. Checking my own spam, we also received mail from this spammer, but we caught it without having to check for their domain name du jeur. Andrew. -Original Message- From: Bennie [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 3:18 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Kill List not working. Hello all. I was asked some time ago to add a domail to my kill list.. I added it. But the customer is still recieving spam from this domail. They sent me the headers (I have them listed below) and I see the domail in the headers. but I never see where it failed the KillList. Headers--- Received: from mail.ramthehole.com [66.110.74.50] by mail.pepperlink.net (SMTPD32-8.05) id A398669F0140; Mon, 09 Feb 2004 23:52:40 -0500 Date: Mon, 09 Feb 2004 23:57:24 -0500 Subject: Exclusive X-Soaked Model Photos From: Budapest Bukkake [EMAIL PROTECTED] To: Return-Path: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] X-Mailer: Mailer Software (rev. 01/15/2004) Message-Id: [EMAIL PROTECTED] MIME-version: 1.0 Content-type: multipart/alternative; boundary=iqxhhbldriaiwihk X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL12919 X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 66.110.74.50 with no reverse DNS entry. X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [66.110.74.50] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10 [12] X-Note: QueInControl: D6398669f014033a3.SMD (1) X-Spam-Tests-Failed: SBL, SORBS-SPAM, NOLEGITCONTENT, REVDNS, WEIGHT10 [12] X-Note: RDNS Real Origin: [No Reverse DNS][66.110.74.50] X-Note: SMTP Real From: [EMAIL PROTECTED] X-Note: SMTP Real To: X-Note: This E-mail was sent from [No Reverse DNS] ([66.110.74.50]). X-RBL-Warning: Total spam weight of this E-mail is 12. X-RCPT-TO: Status: U X-UIDL: 374908735 Here is the entry in my killl list file .ramthehole.com ID-20040204-pep007 here is the line from my GLOBAL.CFG KFROMfromfile e:\imail\declude\fromfile.txt x 15 0 KFrom WARN Line from $DEFAULT$.JUNKMAIL KFROM WARN X-RBL-Warning: This E-mail failed the KILL File test Thanks Bennie --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface
Those are both great pages, but coming from the standard user point of view, most will be confused from this. The page I was referring to was 3 or 4 radio buttons, and a 1 line explanation of each. Like NO BLOCKING - Everthing will go through, STRICT BLOCKING - Only people in your online address book can send mail to you Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Fritts Sent: Sunday, February 08, 2004 4:50 AM To: Jason Subject: Re[4]: [Declude.JunkMail] JunkMail User Friendly Interface Someone about 2 months ago had posted that they had a page built into Imail Web Messaging that had 3 or 4 custom settings, like no filter, medium High and whitelist only. One from Sanford: It can be built using the IMail Web Messaging interface, but I don't think anybody's come up with a one-size solution yet. A rather wordy sample is at http://webmail.cypressintegrated.com:8383. See the SPAManager Settings areas. Username: [EMAIL PROTECTED] Password: blue And another from Erik Hjelholt: http://www.mail-archive.com/[EMAIL PROTECTED]/msg10239.html referencing: https://ss.alberni.net/spamcontrol/Login.asp 'declude' and the password is 'junkmail' --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] JunkMail User Friendly Interface
Someone about 2 months ago had posted that they had a page built into Imail Web Messaging that had 3 or 4 custom settings, like no filter, medium High and whitelist only. IIRC, they said that they only needed to clean up their code, and they may post it for all to share. If that person is still here, is it possible to share your efforts? Thanks! Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Saturday, February 07, 2004 11:47 AM To: Joe Wolf Subject: Re[2]: [Declude.JunkMail] JunkMail User Friendly Interface Someone with some skills could probably come up with a user front end of some kind (biggest problem that comes to my mind is that there's no real web server on an Imail box. I don't know if you could use the Ipswitch features or not.) We've built several user self-configuration interfaces using IMail's built-in web server, thus preserving single sign-on, look-and-feel, and simplicity. Each project like this is unique, so there's no one prepackaged interface. Feel free to contact me off-list for further discussion. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Distributed Dictionary Attack
Try running Black ICE on the server. It does a pretty decent job of auto blocking dictionary attacks. We have it set to close and block a connection after 6 invalid users from an ip in 30 seconds Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, February 04, 2004 11:04 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Distributed Dictionary Attack The interesting thing about these messages is that the ones I've seen generally don't have multi-hop trails. They look like a zombie connecting directly to the mail server. The blocklists are great, but at that volume, I can't run Declude on the messages without killing the server. So I seem to have two options, both of which I am using: block the IPs before the server, and issue invalid user errors. One othe thing i noticed this evening that points to a coordinated effort: There is very little duplication of the to addresses. The most commonly duplicated address was used only about 150 times in a sample of 275,000 attempts. This is a small domain, one of about 500 on my system, and it has maybe eight or nine mailboxes. Country sources include a lot of Korea and Taiwan, and I have actually blocked some very large blocks of IP addresses in those places based on the source IPs being well distributed. But there are a lot coming from Canada and the US, also. I've seen a lot of the usual suspects - Comcast, Road Runner, and Rogers. -Dave --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Russian letters
Friends? :) Happy Hollidays Everyone! Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Anderson Sent: Wednesday, December 31, 2003 1:24 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Russian letters Careful if using NonEnglish. We have Spanish and French users - nonEnglish can catch them. Don't want to piss off our friends to the north or south. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 31, 2003 1:18 PM Subject: Re: [Declude.JunkMail] Russian letters Is there any way to delete the Russian type spam that you cant read because it is all in Russian but it is a nuisance. The NONENGLISH test is designed to do this. You can use it by adding a line: NONENGLISH nonenglish x x 0 0 to your \IMail\Declude\global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamDomains
Say for example I have 10,000 people using MSN.com addresses to spam me with. I add the spamdomains test and enter in @msn.com into it. Now it does well to stop the spammers, but now I am falsely tagging mail from ebay.com [EMAIL PROTECTED] making a bid inquiry. If we could have a spamdomains RDNS whitelist, then anything with a .ebay.com address is whitelisted, or whatever we put in the list. I know we can whitelist in the main .cfg file, but I'm not sure I would want to whitelist ebay from every test, just whitelist from the spamdomains test. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Wednesday, December 03, 2003 8:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains Everything is already excluded from the spamdomains test except that which you specifically included. So I'm not sure I understand what you're asking for here? Bill - Original Message - From: Jason Newland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 5:29 PM Subject: Re: [Declude.JunkMail] SpamDomains I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamDomains
Ahh, but us poor folks that have the standard version are out of luck :-( Guess I have a good reason to upgrade now. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Wednesday, December 03, 2003 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains Jason, I have a separate 'white' filter for that sort of thing :) Matt Jason Newland wrote: I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Setting up local DNSBL
I have been thinking about setting up an in-house DNSBL and would appreciate it if some kind person here could point me in the right direction on getting started. I can pretty much figure out how to create a e-mail submission for the service when I want to make updates, but I'm not to sure on the DNS setup. Thanks in Advance! Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Opinions on web interface
Would you be interested in sharing this. It looks great! Thanks! Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Grotjan Sent: Thursday, November 06, 2003 4:02 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Opinions on web interface Scot, The web interface looks good. I created something similar using ASP and a custom COM object I wrote. I uses Imail rules instead of the individual junkmail files to process the mail based on weight test. I implemented it about a month ago and so far we have over a thousand users using it and all of them are thrilled about it. I don't have a demo set up, but I have a screenshot of it if you want to see. http://www.kimbanet.com/junkmail.jpg Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMCOP Account
Typically I only send SPAMCOP e-mails that pass through our Declude filters. The theory being that now SPAMCOP will know about that address, list it, and it won't clear Declude again. I don't see the reasoning behind sending SPAMCOP thousands of e-mails per day that are already stopped by your system. The benefit of manually sending is exactly what Kami noted below. You won't inadvertently submit good guys. Also, if you poke around SPAMCOPS site, there is a program you can get called SpamSource that plugs into Outlook. Once installed/configured, all I have to do to report spam is click on the SpamSource button, and it submits to SPAMCOP. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, October 30, 2003 4:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPAMCOP Account Dan.. BE VERY CAREFUL IF YOU DO THIS... We were doing this and once someone from the list sent me an email with bunch of keywords in it.. The system automatically forwarded it to the SPAMCop account. If you do this make sure you review every spam that goes into your account and approve them knowing it is a spam and not someone that just happen to send you bunch of words in your filter file. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Thursday, October 30, 2003 4:53 PM To: Declude JunkMail Subject: [Declude.JunkMail] SPAMCOP Account Hello, All, I signed up for a free Spamcop account a few weeks ago and I've been using it to submit spam via their web-based form. In addition to allowing spam submittal via a web-based form they also give you a unique e-mail address which you can forward spam to. I was thinking about setting up Declude JunkMail to send all the mail which I would normally just DELETE because of High weight to this unique e-mail address. Before I do this I had a few questions... 1) Does anyone else do what I am describing? If so, does it work well? 2) If I want to forward all mail above a certain weight, say a weight of 45, would the ROUTETO action be the correct action to use. I don't want to keep a copy of the e-mail in my HOLD directory. 3) If ROUTETO is the correct action, when the message is sent to Spamcop what will the FROM address be? Will it be the original sender's e-mail address or a special e-mail address which DJM assigns to itself? I think that's all for now. Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Happy days are here again...
So as of Monday are we going to have a new organization running the .com / .net TLDs? lol It's about time Buh Bye Verislime Jason - Original Message - From: Joshua Levitsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 03, 2003 2:12 PM Subject: [Declude.JunkMail] Happy days are here again... I could not be happier... http://www.icann.org/correspondence/twomey-to-lewis-03oct03.htm -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OBFUSCATION filter
But, Kami just listed the revdns whitelists, wouldn't the spammer have to have a RDNS listing of something in her whitelist (not likely) to take advantage of the listing? Jason - Original Message - From: Keith Anderson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 15, 2003 10:05 AM Subject: RE: [Declude.JunkMail] OBFUSCATION filter Sorry, my fault for asking. Kami, I hope there are no spammers monitoring this list since now they know how to easily spam your e-mail domains. It is never a good idea to share your whitelists in a public forum. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Email addresses on a company webpage?
Generally speaking, what are the bots looking for? Only mailto:'s? Or are they smart enough to use a regex search and find any text of the form [EMAIL PROTECTED]? Jason Wolfe Lead Developer Netcomm, Inc. http://www.netcomm.com (859) 224-4124 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] mailbox forwarding no action
I'm pretty new to Declude Spam so I may have something setup wrong. I have -- IMail: 7.0 ?5? Declude Junkmail: 1.75 Pro Virtual Domain: mail.example.com With alias: example.com Mailbox that has forwarding on it [EMAIL PROTECTED] forwards to: [EMAIL PROTECTED] [EMAIL PROTECTED] User1 has user config file (user1.junkmail) User3 has user config file (user2.junkmail) mail.example.com has default config file ($default$.junkmail) All three config files are basically the say, with the only difference being the WHITELISTFILE settings. declude has default config file ($default.junkmail) This config file has everything turned off. ** Now if a message is sent to User1 it fails tests, the log says that it is moving the message to the spambox mailbox (this is the correct action), but it never makes it, and the users that are setup to receive the forwarded message get it. Now the final users, get the message, in the headers it says it fails but no action is taken. If I remove the forward.ima file from the User1 directory (turning off forwarding) everything behaves as it should ( the message goes into the spam box). Put the forwarding back on and it reverts bas to the problem state. Below is the debug log file, as you can see the log thinks the message is being moved to the correct place, but it never gets there. And there are no logs for the forwarded message to User2 and User3. Am I doing some wrong. If you want I can show you the config files. Thanks in advance. --Jason W. Allen --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] mailbox forwarding no action
What I don't understand, is that the logs say it is using the correct config file and then performing the correct action. But that is as far as it goes. The message doesn't actually get moved the Spambox Mailbox, but gets forwarded on to the downstream users and then settings don't pick it up. The SMTP logs, just show the message being received and then being converted to a .FWD File and forwarded to User2 User3 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 10, 2003 10:32 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] mailbox forwarding no action Virtual Domain: mail.example.com With alias: example.com Mailbox that has forwarding on it [EMAIL PROTECTED] In this case, all E-mail sent to [EMAIL PROTECTED] will use the configurations for [EMAIL PROTECTED]. that would be a per-user file \IMail\Declude\mail.example.com\user1.JunkMail or a per-domain file \IMail\Declude\mail.example.com. forwards to: [EMAIL PROTECTED] [EMAIL PROTECTED] That actually isn't relevant here -- the E-mail will be scanned based on the settings for user1. Now if a message is sent to User1 it fails tests, the log says that it is moving the message to the spambox mailbox (this is the correct action), but it never makes it, and the users that are setup to receive the forwarded message get it. Have you checked the IMail SMTP log files? They should provide some information as to what is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] mailbox forwarding no action
I have added the ., to the forward file and now a copy of the message gets moved to the spambox. But the message still goes downstream to the forwarded to Users and does not get picked up as spam. I think I follow the logic, of why this is not working: the message comes in from the outside, a copy is made to be processed by the forwarding Engine, the external (original message) gets tested, and since I don't have a copy being saved to the original recipient it doesn't do anything (since I enabled '.', it does get processed by declude and gets moved to the spambox--Correctly), the FWD Message does not get tested since it is now internal to the server, and goes to the downstream users, never getting tested, no action is taken and spam gets through. Is this the correct logic, or am I missing something? Is there a way around this, such as once the message is moved then it is no longer forwarded, or that an internal message (the FWD message that gets processed by the SMTP-FWD) gets scanned by the Junkmail? Or should I revise my whole policy about forwarding? --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 10, 2003 10:52 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action What I don't understand, is that the logs say it is using the correct config file and then performing the correct action. But that is as far as it goes. The message doesn't actually get moved the Spambox Mailbox, but gets forwarded on to the downstream users and then settings don't pick it up. What happens here is Declude JunkMail changes the recipient's address from [EMAIL PROTECTED] to [EMAIL PROTECTED], and IMail is then supposed to deliver it to the spambox account. The SMTP logs, just show the message being received and then being converted to a .FWD File and forwarded to User2 User3 Are you sure that you have a ., at the beginning of the forwarding line? Without that, IMail won't keep a copy in the original recipient's mailbox. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] mailbox forwarding no action
So in other words, If I have mailboxes with forwarding on them Spam will still get through. Disappointing... --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 10, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action I have added the ., to the forward file and now a copy of the message gets moved to the spambox. But the message still goes downstream to the forwarded to Users and does not get picked up as spam. That is the way that it should work. E-mail that is forwarded from one user to another automatically in IMail (as opposed to aliases or forwarding from a mail client) bypasses any scanning. I think I follow the logic, of why this is not working: the message comes in from the outside, a copy is made to be processed by the forwarding Engine, the external (original message) gets tested, and since I don't have a copy being saved to the original recipient it doesn't do anything (since I enabled '.', it does get processed by declude and gets moved to the spambox--Correctly), the FWD Message does not get tested since it is now internal to the server, and goes to the downstream users, never getting tested, no action is taken and spam gets through. Is this the correct logic, or am I missing something? Very close. The forwarding is actually handled by IMail after the E-mail is processed by Declude, so there is no evidence of forwarding when Declude sees the E-mail. Is there a way around this, such as once the message is moved then it is no longer forwarded, or that an internal message (the FWD message that gets processed by the SMTP-FWD) gets scanned by the Junkmail? Unfortunately, I'm not aware of any way around this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] mailbox forwarding no action
It appears that I spoke too soon... I have figured it out. I really don't want to beat a dead horse, but I really needed a solution for this. We have Addresses that need to have mail come from them, but note really receive mail, that why it needs to have a real mailbox (valid user) to send mail. Such as techsupport, etc. But these mailboxes are forwarded to multiple people, but with the configuration all the end mailboxes get a ton of spam, that's why it very important, that I find a solution. So for anybody that's interested here is the fix. For the mailbox that is currently forwarded: [EMAIL PROTECTED] Remove all the forwarding on this box. Create an Alias that has the same name as the Mailbox: [EMAIL PROTECTED] Forward this alias to the user(s) you need, to make sure that you can use the existing config files, make sure you forward to the Full Host, such as [EMAIL PROTECTED] You can also setup the forwarding to a list file, See the Imail documentation for that. There you have it. Any spam that comes in for the Alias will get redirected before in gets tested by declude, making declude think that the message came directly to the end user and test it accordingly. --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason W. Allen Sent: Wednesday, September 10, 2003 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action So in other words, If I have mailboxes with forwarding on them Spam will still get through. Disappointing... --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 10, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action I have added the ., to the forward file and now a copy of the message gets moved to the spambox. But the message still goes downstream to the forwarded to Users and does not get picked up as spam. That is the way that it should work. E-mail that is forwarded from one user to another automatically in IMail (as opposed to aliases or forwarding from a mail client) bypasses any scanning. I think I follow the logic, of why this is not working: the message comes in from the outside, a copy is made to be processed by the forwarding Engine, the external (original message) gets tested, and since I don't have a copy being saved to the original recipient it doesn't do anything (since I enabled '.', it does get processed by declude and gets moved to the spambox--Correctly), the FWD Message does not get tested since it is now internal to the server, and goes to the downstream users, never getting tested, no action is taken and spam gets through. Is this the correct logic, or am I missing something? Very close. The forwarding is actually handled by IMail after the E-mail is processed by Declude, so there is no evidence of forwarding when Declude sees the E-mail. Is there a way around this, such as once the message is moved then it is no longer forwarded, or that an internal message (the FWD message that gets processed by the SMTP-FWD) gets scanned by the Junkmail? Unfortunately, I'm not aware of any way around this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] mailbox forwarding no action
Some of the mail is not coming from a client. I have mail auto generators on some servers for certain apps, and websites. If I try to send from an alias I get relaying errors, since I can't use other settings, other then a mailfrom. So that's why I need a valid Email Address. --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Frolick Sent: Wednesday, September 10, 2003 1:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action Why do they have to have a real mail box? I send mail as aliases all the time, my support, sales, postmaster, hostmaster, webmaster, staff, etc., addresses are all aliases but I have no problem sending as them, as long as the client is configured correctly. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason W. Allen Sent: Wednesday, September 10, 2003 11:42 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action It appears that I spoke too soon... I have figured it out. I really don't want to beat a dead horse, but I really needed a solution for this. We have Addresses that need to have mail come from them, but note really receive mail, that why it needs to have a real mailbox (valid user) to send mail. Such as techsupport, etc. But these mailboxes are forwarded to multiple people, but with the configuration all the end mailboxes get a ton of spam, that's why it very important, that I find a solution. So for anybody that's interested here is the fix. For the mailbox that is currently forwarded: [EMAIL PROTECTED] Remove all the forwarding on this box. Create an Alias that has the same name as the Mailbox: [EMAIL PROTECTED] Forward this alias to the user(s) you need, to make sure that you can use the existing config files, make sure you forward to the Full Host, such as [EMAIL PROTECTED] You can also setup the forwarding to a list file, See the Imail documentation for that. There you have it. Any spam that comes in for the Alias will get redirected before in gets tested by declude, making declude think that the message came directly to the end user and test it accordingly. --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason W. Allen Sent: Wednesday, September 10, 2003 12:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action So in other words, If I have mailboxes with forwarding on them Spam will still get through. Disappointing... --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 10, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] mailbox forwarding no action I have added the ., to the forward file and now a copy of the message gets moved to the spambox. But the message still goes downstream to the forwarded to Users and does not get picked up as spam. That is the way that it should work. E-mail that is forwarded from one user to another automatically in IMail (as opposed to aliases or forwarding from a mail client) bypasses any scanning. I think I follow the logic, of why this is not working: the message comes in from the outside, a copy is made to be processed by the forwarding Engine, the external (original message) gets tested, and since I don't have a copy being saved to the original recipient it doesn't do anything (since I enabled '.', it does get processed by declude and gets moved to the spambox--Correctly), the FWD Message does not get tested since it is now internal to the server, and goes to the downstream users, never getting tested, no action is taken and spam gets through. Is this the correct logic, or am I missing something? Very close. The forwarding is actually handled by IMail after the E-mail is processed by Declude, so there is no evidence of forwarding when Declude sees the E-mail. Is there a way around this, such as once the message is moved then it is no longer forwarded, or that an internal message (the FWD message that gets processed by the SMTP-FWD) gets scanned by the Junkmail? Unfortunately, I'm not aware of any way around this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
Re: [Declude.JunkMail] autowhitelist wildcard?
So the e-mail that Mr. Koehler listed yesterday afternoon about this subject is incorrect? Darn, that would be an awesome feature. His e-mail is listed below... Personal Whitelist A personal whitelist allows you to accept email messages from any email address you want no matter how many Spam tests the message actually fails. There are three options currently available in the personal whitelist feature. You can whitelist individual email addresses, whitelist all messages from a certain domain and, if you do not want the anti-Spam service at all, you can whitelist all messages sent to your address. E-mail Options - 1. [EMAIL PROTECTED] - whitelist a single email address. 2. [EMAIL PROTECTED] - whitelist all messages from a certain domain. To whitelist all messages from hotmail.com enter [EMAIL PROTECTED] For all messages from aol.com enter [EMAIL PROTECTED] 3. [EMAIL PROTECTED] - whitelist all messages from everyone (turns off Spam filtering). Enter [EMAIL PROTECTED] to whitelist all messages sent to your address. Jason - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 11:39 AM Subject: Re: [Declude.JunkMail] autowhitelist wildcard? Is there any wildcard character that can be used in the address book addresses for the autowhitelist feature. For instance, if I was subscribed to a newsletter that was sent from [EMAIL PROTECTED], where the numbers after someone are different every time, is there some way to put it in the address book without having to whitelist [EMAIL PROTECTED] No, there are no wildcards. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] mailbox forwarding no action
See now you've confused me... Which isn't very hard. I believe I have Relay for Local Users Only (If I look in the Imail admin interface, that what it says, but it says relay by addresses in the web admin). Yet If I test relaying (by telneting in and trying to send something with a local user address), I still get a relaying error and it won't let it. To me that means I'm am not a Open relay. But I still need a local usermailbox to send from my App mailers. --Jason W. Allen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sanford Whiteman Sent: Wednesday, September 10, 2003 2:13 PM To: Jason W. Allen Subject: Re[2]: [Declude.JunkMail] mailbox forwarding no action If I try to send from an alias I get relaying errors, since I can't use other settings, other then a mailfrom. So that's why I need a valid Email Address. Please don't tell us that you're using 'Relay for Local Users'--i.e. that you're running an open relay (unless this is only exposed internally). While some apps can't handle AUTH, is there some reason that you can't relay by IP? Are these server IPs really changing all that much? -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] mailbox forwarding no action
Working on it. Thanks for the tests, I don't know what I was doing wrong. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Charles Frolick Sent: Wednesday, September 10, 2003 3:32 PM To: [EMAIL PROTECTED] Subject: RE: Re[2]: [Declude.JunkMail] mailbox forwarding no action Just relayed an email through your server from my desk. Transcript folows: Opening mail.mpgis.net... 220 gershwin.mpgis.net (IMail 7.07 36033-2) NT-ESMTP Server X1 HELO argolink.net 250 hello gershwin.mpgis.net MAIL FROM: [EMAIL PROTECTED] 250 ok RCPT TO: [EMAIL PROTECTED] 250 ok its for [EMAIL PROTECTED] DATA 354 ok, send it; end with CRLF.CRLF Sending Data... 250 Message queued QUIT 221 Goodbye You are an open relay. The ONLY acceptable settings are, relay for address or no relay. Thank you, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason W. Allen Sent: Wednesday, September 10, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: RE: Re[2]: [Declude.JunkMail] mailbox forwarding no action See now you've confused me... Which isn't very hard. I believe I have Relay for Local Users Only (If I look in the Imail admin interface, that what it says, but it says relay by addresses in the web admin). Yet If I test relaying (by telneting in and trying to send something with a local user address), I still get a relaying error and it won't let it. To me that means I'm am not a Open relay. But I still need a local usermailbox to send from my App mailers. --Jason W. Allen --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Death to Trustic Trustic Service Ending
Everyone, We have decided to close the Trustic service. As has become apparent recently, there are several issues with the system as it is designed. As such, we do not believe Trustic will reach the level of accuracy that we require. The issue of handling large ISPs that, for the most part, deal with spam complaints is one of the main flaws in the Trustic system for which we see no apparent solution. Registrations have been disabled on the site. Within a day the site itself will be taken down and replaced with a notice. The DNS blocklist will remain for a couple of weeks, but it will be configured to never return a match. Please reconfigure your mail servers to not query the blocklist. We remain confident that the problem of spam is a solvable problem. Thank you for your help with this great experiment. Mark -- Mark Fletcher Trustic, Inc http://www.trustic.com http://www.bloglines.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spamdomains com.
Title: Message I think that while the spamdomains test is wonderful, many people are trying to overuse it as a test. IMO it is there to protect against forgeries of the major e-mailservices, and it does that task great. It's usefullness declines when it is used in a greater fashion. For example, we stop a couple hundred e-mails that use aol, msn, hotmail, yahoo, etc, but we stop only 1-3 on smaller domains. Using this test for the smaller domains isn't worth the false positives that it produces. But again in the defense of spamdomains, this isn't "his" fault. It just wasn't mean for that... Jason -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd - Smart MailSent: Friday, August 01, 2003 6:45 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Spamdomains com. FYI Spamdomians failed this. Which it should have based on my SP entry ofcom.although it was a valid email. Its an invoice sent by someone to my client though intuits online invoicing system. What is everyone using for "com." Received: from mail2.smart-mail.net [65.16.167.134] by net.smart-mail.net (SMTPD32-7.07) id AC92AD90152; Fri, 01 Aug 2003 16:33:06 -0500Received: from sdm3.quickbooks.net ([208.240.241.110])by mail2.smart-mail.net (SAVSMTP 3.0.1.45) with SMTP id M2003080116330213145for [EMAIL PROTECTED]; Fri, 01 Aug 2003 16:33:02 -0500Received: from ipp3.qbn.ie.intuit.com (ipp3.qbn.ie.intuit.com [10.9.2.76])by sdm3.quickbooks.net (8.11.6/8.11.6) with SMTP id h71LX2V27979for [EMAIL PROTECTED]; Fri, 1 Aug 2003 14:33:02 -0700 (PDT)Message-ID: [EMAIL PROTECTED]Date: Fri, 1 Aug 2003 14:33:02 -0700 (PDT)From: [EMAIL PROTECTED] X-RBL-Warning: SPAMDOMAINS: Spamdomain 'com.' found: Address of [EMAIL PROTECTED] sent from invalid sdm3.quickbooks.net. Thanks, Todd
Re: [Declude.JunkMail] New spamcop style RBL..
- Original Message - From: Matt Robertson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:32 AM Subject: RE: [Declude.JunkMail] New spamcop style RBL.. 2. To send Trustic your (confirmed!) spam (typically only that which has received very heavy weighting and you are certain contains no false positives) Use the ROUTETO command in your $default$.junkmail file. For example, if ordinarily you have a WEIGHT30 test that deletes the message, i.e. WEIGHT30 DELETE Change it to WEIGHT30 ROUTETO [EMAIL PROTECTED] Where again you replace the 'X' values with your Trustic account number When I set this up, I get the following error in my SMTP log file: 07:28 11:53 SMTP-(0470) processing C:\IMail\spool\Q54b20182006c927c.SMD 07:28 11:53 SMTP-(0470) Trying mx.trustic.com (0) 07:28 11:53 SMTP-(0470) Connect mx.trustic.com [66.151.128.22:25] (1) 07:28 11:53 SMTP-(0470) 220 w02.trustic.com ESMTP 07:28 11:53 SMTP-(0470) EHLO areatech.com 07:28 11:53 SMTP-(0470) 250-w02.trustic.com 07:28 11:53 SMTP-(0470) 250-PIPELINING 07:28 11:53 SMTP-(0470) 250 8BITMIME 07:28 11:53 SMTP-(0470) MAIL FROM:[EMAIL PROTECTED] 07:28 11:53 SMTP-(0470) 250 ok 07:28 11:53 SMTP-(0470) RCPT To:[EMAIL PROTECTED] 07:28 11:53 SMTP-(0470) rl-recv: connection reset 07:28 11:53 SMTP-(0470) 07:28 11:53 SMTP-(0470) QUIT 07:28 11:53 SMTP-(0470) rl-recv: connection reset 07:28 11:53 SMTP-(0470) 07:28 11:53 SMTP-(0470) requeuing C:\IMail\spool\Q54b20182006c927c.SMD R0 T1 07:28 11:53 SMTP-(0470) finished C:\IMail\spool\Q54b20182006c927c.SMD status=3 Thanks for the help Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New spamcop style RBL..
All tiffs aside :), Can I get some clarity on the operation here? If I personally submit an e-mail that says 10.10.10.10 is a spammer IP, and that same address has 10 positives and 1 negative (Me). I understand that the IP will probably be trusted, but is there something in the background that when I do a lookup that returns a fail? Since I, the person asking has submitted the only negative. Conversely, a non-submitter would get a pass on that IP since they are going on what others are saying? Sorry if that is confusing Also, there is a TON of things on the documentation side of things that still need to be filled out on the site (yes I have sent them the recommendations),. Let's just hope they are responsive. And finally, this seems like it will get better with user participation Jason --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New spamcop style RBL..
Josh, What is the entry you have put in your config file? (If you don't mind sharing) Thanks Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Levitsky Sent: Saturday, July 26, 2003 9:11 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] New spamcop style RBL.. This is kind of cool... I'm using it now as an RBL... http://www.trustic.com/ Trustic is a new solution to the problem of unsolicited email. By aggregating recommendations from its large community of members, Trustic maintains a list of email servers that can't be trusted to prevent spam. This makes Trustic more reliable, accurate, and up-to-date than other block lists. In addition, Trustic provides an appeal process for machines listed as untrusted. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude using 50% cpu
Title: RE: [Declude.JunkMail] Declude using 50% cpu Also, can we ask what hardware / OS this is running on? Jason - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 3:03 PM Subject: RE: [Declude.JunkMail] Declude using 50% cpu Where is your DNS server you are using in Imail? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark GordonSent: Thursday, July 24, 2003 12:51 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Declude using 50% cpu On a good day we rev 19000 local deliveries + send 8000 per day. It hits the machine hard average cpu time before was around 44% then when declude was installed it jumped to over 90% average. The version is 1.75 -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 24, 2003 3:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude using 50% cpu We are evaluating declude and have noticed a considerable increase in the cpu cycles associated with mail delivery. Is there anyway have it run in an isolated cpu instance? since there are multiple instances of declude.exe running, I would guess it would be hard to lock it down. How many E-mails do you send/receive per day? What version of Declude are you running (you can find out by typing "\IMail\Declude -diag" from a command prompt)? Are you sure that it is Declude using the extra CPU cycles (by sorting the processes in the Task Manager by the "CPU" column)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Test?
Great letter Kevin, but I recently tried to explain this to a company and their engineer said that it was by design. His explanation was that they did it for security/obscurity reasons and we were applying to strong restrictions on mail delivery. Sometimes you just can't win with these people. Jason -- Original Message -- From: Kevin Bilbee [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 18 Jul 2003 15:52:25 -0700 Be careful blocking solely on RDNS and HELOBOGUS. There are many legitimate mail servers out there with ignorant DNS admins. We are lucky to have Scott, Len (on the Imail list), and DNS Stuff/Report. I have taken the approach to attempt to enlighten them with the following email. Because my users recover their own email it make doing this easier. Hi, I am Kevin Bilbee the Network Administrator at Standard Abrasives. We are having some issues receiving email from your mail server. I would appreciate it if you could help me out. Your mail server is missing a few DNS entries that are required to validate that email is coming from your server and not someone pretending to be you. About 60% of the mail coming into our server is unsolicited (SPAM) so being able to identify legitimate email is important to us. These items are outlined below. X-RBL-Warning: HELOBOGUS: Domain acsmail1.amas.nl has no MX or A records. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 194.151.97.18 with no reverse DNS entry. This is the link to the Internet Engineering Task Force site and the RFC for Common DNS Operational and Configuration Errors section 2.1. It discusses DNS and common configuration errors pertaining to mail servers. http://www.ietf.org/rfc/rfc1912.txt?number=1912 If you could forward this to your IT department or send me contact information for them, I would appreciate it. Mail from your server is not lost, it is delayed 1 day while waiting for review. If it is found to not be spam, the recipient has the option to recover the message. If they do not recover it in 14 days, it is purged from the system. I understand that mail from your server is not spam and is legitimate business email. But our spam filter cannot make that determination unless the above so human intervention is involved to complete delivery to the final recipient. After my signiture is a message with the full headers for you to review. Thank you for your assistance in this matter, Kevin Bilbee Network Administrator Standard Abrasives, Inc. I have had great results in getting legitimate admins to fix there setups my biggest problem is with admins in China and admins that think it is a security risk for their firewall to have these entries. I also had our international department review the email so as not offend people in other countries with harsh language. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Joshua Levitsky Sent: Friday, July 18, 2003 3:29 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DNS Test? Think of the companies that offer spammers a haven. If you could block everything hosted by that ISP it would be wicked nice. There's no end to the mail servers these bastards can setup, but registered DNS servers is a whole other story. I don't take mail if there's no PTR, and the HELO has no A record so these people spamming me have to use DNS servers which are harder to switch constantly because it takes 24 - 48 hours for that stuff to change. -Josh - Original Message - From: Rifat Levis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 18, 2003 6:08 PM Subject: Re: [Declude.JunkMail] DNS Test? It is seems like a intersting test , but it will do more harm to ISP , I am just thinking my case , having more than thousands domains. If 1 of those domains start doing a spam , thousands of others will have problems. The isp mail servers also . Adding a small weight can do the job :) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Nolegit test
I would like to begin using the NOLEGITCONTENT test, but the mail archives are down :(. Can someone send me the lines I need in the configs to get this going? Thanks Jason
Re: [Declude.JunkMail] Nolegit test
Thanks Scott (and Bill) We are holding on 20 right now (with very few FPs), so without divulging the details of the test, is -8 too much or too little a weight? Or should I just test test test to see what types of mail are failing/passing the test? Thanks Gents! Jason - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 27, 2003 12:16 PM Subject: Re: [Declude.JunkMail] Nolegit test I would like to begin using the NOLEGITCONTENT test, but the mail archives are down :(. Can someone send me the lines I need in the configs to get this going? You can use: NOLEGITCONTENT nolegitcontent x x 0 -8 this would go in the global.cfg file (you don't need any other lines for this test). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL
Isn't that backwards? Firewall with Fixup - ESMTP will not work, and mail defaults to ordinary SMTP transaction Firewall without Fixup -- ESMTP works fine Jason - Original Message - From: Rick Davidson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:02 PM Subject: Re: [Declude.JunkMail] AOL Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows only SMTP Anyone using Imail peering will not be able to disable ESMTP Rick Davidson Buckeye Internet Inc www.buckeyeweb.com 440-953-1900 ext: 222 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 1:48 PM Subject: RE: [Declude.JunkMail] AOL According to you guys its not the mail server it is the Firewallright? Correct. What needs to be changed on the Firewall I believe someone said it is the SMTP Fixup Protocol that needs to be turned off. and why is the current setup so bad? Two reasons: [1] It makes your server non-RFC-compliant [2] The security feature is broken (specifically, it is leaking information it was designed to hide) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration
Sorry to burst your bubble, but that's not a tarpit. You have a dynamic IP blocker. Tarpitting doesn't block, it slows the attack down, consuming more of their resources, and making their connection seem like it is stuck in a pit of tar (hence the name) Jason - Original Message - From: Rifat Levis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 7:51 AM Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration Hi Bill , I wrote a small VB program . -- Here is more details about the system. I am using the KIWI syslog server software to send the logs to the SQL You can specify in IMAIL syslogs server ip address .(IF you run KIWI on the same machine ,you have to stop IMAIL syslog ) I have wrote a small Visual Basic Program which scan the SQL database for ERR INVALID USER lines every 2 min. And my little program Open a telnet connection to the firewall ADD the ip address to block . Then the program remove the ip address after 1 hour. On my firewall i wrote a global policie group to deny access to port 25 So the software add the ip address and specify that it belong to that group lls. I decided also to integrate DECLUDE JUNKMAIL with my firewall. For weight over 20 i will block for 1 hour For weight over 30 will block for 2 hour And so on. Rifat - Original Message - From: Bill B. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 3:11 PM Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration integration Rifat, What software are you using to do the tarpitting? Are you running it on the same server as IMail, or on a separate box? Bill -Original Message- From: Rifat Levis Sent: Mon, 16 Jun 2003 02:01:45 +0300 Subject: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration People intersted in tarpitting and Declude firewall integration can read this. I just finished the tarpitting protection for my IMAIL server I am sending logs to the kiwi syslog server and forwarding it to SQL to analyse data When in a 2 min period a single ip send mail to more than 5 unknown account I am blocking the ip address on my netscreen firewall for 1 hour. The next step of this is to integrate Declude to the firewall I have 3 weight weight 10 warn weight 15 warn weight 20 delete Instead of deleting weight 20 i will forward it to an account to send data to SQL analyse it and then block it for 1 hour . NOTE : I am sure that KAMI will be interested :) Best Regards Rifat Levis --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Processes Server Load
Kami, Is your DNS that IMAIL/Declude uses local to you? Or are you using an upstream DNS? That many IPV4 tests may warrant this. We noticed a large performance boost by using a DNS on the local LAN. Just a thought - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 3:58 PM Subject: RE: [Declude.JunkMail] Declude Processes Server Load I truly wish I could explain it.. May be I am dreaming.. But what I see is Declude does not get to 100% CPU since we moved it to IMail to do IP4r. This morning for example I saw about 10 or so Declude processes.. One at 19%.. A lot at 0% and then jumping to 10% and going away some hit 100% for 1 second and disappeared. Before we were seeing 100% CPU staying for several seconds and then each one of the waiting processes hitting 100%. We could not even more the mouse.. It would move in steps.. Now we don't have that problem. Watching this is now my favorite pass time... A cup of coffee and watching CPU Declude processes.. Have to try it with beer.. Could be more fun.. But can't imagine anything be more fun! :) Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Patnode Sent: Wednesday, June 04, 2003 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude Processes Server Load Kami, I'm running ten IP4r tests, referred to in my original email as an external DB query. There seems to be a descrepency between this as a cause and Scott's answer: the Declude process should not show high CPU usage in this case. Declude uses the Sleep() command, which gives up CPU cycles to other programs (and will prevent the Task Manager from showing CPU usage in Declude during idle times, such as when Declude JunkMail is waiting for an external or DNS-based test to complete). Assuming we're all talking about the same thing, Declude continues to run as a process waiting for replies from IP4r requests but does not consume much CPU time while doing so. Does pulling out IP4r tests during an episode show a immidiate decline in CPU use? Does anyone know how the people hosting the IP4r tests feel about us slamming them with queries? Suppose I'm cruising along with 20,000 queries a day, then jump to 500,000 over a few weeks, surely that makes an impression somewhere? Is there a point were we should ask about doing more? Thanks Dan On Wednesday, June 4, 2003 1:33, Kami Razvan [EMAIL PROTECTED] wrote: Hi Dan: We had a similar problem. I posted a couple of messages regarding this very issue. We were having CPU at 100% for minutes.. in one case when a mail list hit our server with a lot of users receiving the message at the same time the CPU was at 100% for almost an hour. We could not do anything... Finally the Declude processes disappeared and all was back to normal again. What I noticed was the cause more than anything else was the IP4r tests. Declude appears to be fast in filtering and everything that it does. The IP4r tests are a different story and naturally out of Declude hands. We had a lot of them and by taking them off it brought things to normal. I stated this in an earlier posting- we are not doing all of our IP4r tests in IMail version 8. It works much faster and since it caches it seems like it works great. We have about 60 IP4r tests (majority of what is listed in Declude/junkmail/manual.htm site. We will take some off and add others as we find their effectiveness but for now we are using a lot of them and no problem. I am interested to see if this helps you if you try it. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Patnode Sent: Tuesday, June 03, 2003 9:36 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Declude Processes Server Load We added about 350 users to our 2000+ user dual server configuration in the last week and were doing pretty well until this afternoon. Suddenly the CPU load graph stopped looking like its normal Donky Kong video game simulation (up and down) and more resembled a 100% highway with a few dips. Declude processes were taking quite a while to clear before finishing, to be replaced by another. I pulled out some multi thousand line tests and it nary made a dent. Just before bringing our 3rd server into the fold, things quieted down. While I've already ordered 2 new dual processor 1U's, I want to par down (if not eliminate) the variables invovled: 1) If an external DB query slowed things down, delaying each Declude process, would Declude still show high CPU consumption while waiting and would the graph still be pegged? If not, is there any situation external to my server that would? 2) Is it possible for Declude to be consuming CPU cycles while idling for some other reason? 3) If something else is running in the background, eating cyles, does Declude 'look' like its working
RE: [Declude.JunkMail] updated spamdomains list
Rocketmail.com resolves to yahoo.com So: Rocketmail.com yahoo.com Would be a valid entry What about the following? Bigfoot.com Geocities.com Rocketmail.com Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: h:Re: [Declude.JunkMail] Declude.JunkMail Statistics
Dan, Unfortunately we don't currently have a demo/trial version of LogTool available. However, we will be adding additional screenshots to the website (http://www.netcomm.com/products/logtool) later today, which should give you a better idea of how the application works. If you have additional questions, you're also more than welcome to contact me by phone at 859 224 4124. Thanks, Jason Wolfe Lead Developer Netcomm, Inc. http://www.netcomm.com (859) 224-4124 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] h:Releasing Netcomm LogTool for Declude JunkMail
We would like to announce the release of LogTool for Declude JunkMail. This application was designed from the ground up to allow the user to quickly and easily drill-down into JunkMail's logs to assist in the fine-tuning of the filters. In a near future release, we will expand LogTool's capabilities to include the processing of Virus' log format. More information is available at: http://www.netcomm.com/products/logtool Email us off-list at [EMAIL PROTECTED] if you have any questions, comments or interest. Thanks, Jason Wolfe Lead Developer Netcomm, Inc. http://www.netcomm.com (859) 224-4124 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
NOABUSE:RE: [Declude.JunkMail] Log Analyzer - Comments Needed
I would love to try it out as well!! Sounds very usefull. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell L. Sent: Friday, February 28, 2003 6:15 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Log Analyzer - Comments Needed Keith, I have a beta available and I am looking for individuals to test it out. If you are interested the beta will be made available as early as Monday. Please let me know if you are interested. Darrell LaRock -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Thursday, February 06, 2003 4:35 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Log Analyzer - Comments Needed Darrell, That is awesome. I get those same requests from our clients weekly. I appreciate your time in writing it. Keith -Original Message- From: Darrell L. [mailto:[EMAIL PROTECTED] Sent: Thursday, February 06, 2003 11:35 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Log Analyzer - Comments Needed *Sorry if this is outside the realm in which the forum should be used. Several of my customers have started asking me for reports on what Declude is blocking for their domain or a certain user. Obtaining this information was challenging manually sifting through the logs - to say the least. I then decided to write an analyzer that could accomplish what I needed. It's a good portion of the way wrote, and I am thinking about making it public at some point when it is completely finished. However, I was looking for features that people would like that I may not have thought of at this point. Currently right now it can do the following 1.) Report on Number of messages that fails each test. 2.) Comprehensive reporting on each individual tests. Reports can be generated based on (to, from, domain, subjects, date, time). 3.) Report on individual domains and which messages failed which tests 4.) Report on individual users and which messages failed which tests. 5.) It is a console application written in C# (.net). It is self contained and does not need any external databases like SQL Server or MSDE. Things Still to be added 1.) Ability to email the reports Thanks Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.