I've been receiving reports of non-delivery of messages
between users on our mail server. For example if I host abc.com and users
between abc.com send to each other inside the building on the private IP
range.
I tracked down the problem and all the messages have SPF
FAIL in the headers and
Maybe I'm way behind here, but what is the all_list.dat file? What does it
do and how do you implement it? I have no such file in my system.
Thanks,
Joe
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 30, 2004 8:36 AM
Subject: Re:
I've had a couple of reports that my messages were
failing SPF. I sent a message to myself via a loop and am totally confused
at the message header.
The message was actually sent from my computer on
private IP 192.168.1.177 to my IMail server at 216.229.87.4. For some
reason Declude
Scott...
HOP is 0, no HOPHIGH. IPBYPASS 192.168.1.50 which is my backup spooler.
Complete Received: headers below:
Received: from smtp.fidnet.com [216.229.64.74] by mail.csimo.com
(SMTPD32-8.12) id AD2B20D0070; Thu, 22 Jul 2004 16:10:03 -0500
Received: (qmail 13061 invoked by uid 20954); 22
Jeff, I for one agree with you. This test seems worse than useless to me.
To somehow think that an IP address that was previously infected by a virus
has anything to do with SPAM is beyond me.
Seems like a dangerous test that I want no part of.
-Joe
- Original Message -
From: Jeff
Most reports are that more than 50% of all spam is now coming from
zombies, which typically are home computers that were infected by a
virus that installs a trojan horse that the spammer has control over.
-Scott
---
I don't know if that's an
Seems that Computerized Horizons should read their own press releases before
sending them to Business Wire. If a current Service Agreement is required
then the following paragraph from the Computerized Horizons pr is a lie:
Although immediately available at no charge to current Declude
Sure looks like a freebie to me. http://vil.nai.com/vil/virus-4d.asp
Is scan.exe a 32 bit app?
How do you update the pattern files?
Thanks!
- Original Message -
From: Nick Hayer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 4:26 PM
Subject: Re:
I try to look at the config files on a regular basis, but I have to print
both of them out and compare them side by side to see if Declude has made
any changes. It would be of great help to me if they would just put a
comment at the top of the file giving the revision date. I think many
others
Why don't you just create a rule for that user that says something like...
if the header contains date delete the message? You could put any phrase
in there that is in every email message.
-Joe
- Original Message -
From: Bennie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday,
I've never tried it, but couldn't you just have the
nobody ailias resolve to NUL?
It's an interesting concept that would present at
least one solution to the dictionary attacks.
I might give that a try on one of my stable domains
(no deleted users in years) just to see what it does to
OK, I'm convinced. Whoever posted it made me
think it might be a method to try. I yield to those with superior
knowledge.
-Joe
- Original Message -
From:
Matt
To: [EMAIL PROTECTED]
Sent: Thursday, February 26, 2004 2:39
PM
Subject: Re: [Declude.JunkMail] Imail
Sandy,
I'm not going to claim to be an email server expert, but here's what I
see... I could be wrong.
When you're hit with a dictionary attack we all know they send to thousands
of addresses at the domain. If the final delivery address is invalid the
server creates an Unknown User (or whatever
I'm glad that I'm not the only one with these problems! Not that I like
having the problem, but I thought there must be some kind of undetectable
Trojan on my system letting the spammers know when I add a domain or user.
Misery like company I guess.
I did happen to talk to DigiHost yesterday and
on the firewall and
intrusion detection features. We run pretty good firewalls and lock down
the servers pretty well so I see no reason for a software firewall.
-Joe
- Original Message -
From: Sanford Whiteman [EMAIL PROTECTED]
To: Joe Wolf [EMAIL PROTECTED]
Sent: Friday, February 06, 2004 6
Perhaps someone here might be able to shed some light on my problem.
I've had two cases recently where I had hosting customers move their email
services to my Imail/Declude box. Both moved from a national hosting
company and had no spam protection of any kind on their services. Both
complained
Thanks for the reply.
No dictionary attacks that I can see in the logs for these domains, but it's
possible that it happened.
The previous host was DigiHost. There was no sign of spam filtering and
it's not on their list of features or options.
Will ask one of the customers for permission to
I have been using JunkMail Pro for about a year. I only make minor changes
to the standard config files because I've never had the time to learn about
all the ever changing spam tests, etc. The only action I take on spam is to
prefix the subject with SPAM: and send it on to the user for their
Scott,
I have installed the latest files... I try and keep up with them. I think
the only changes I make are on the Weight 10 and 20 and I change the
subject. I look at the headers on a bunch of the spam messages that come
thru and most fail SORBS-DUHL, but then I see that many legit messages
Scott,
I'm not looking at the file right now, but all I do is change the Weight 10
and 20 from Warn to Subject Sapm: or whaterver the correct syntax is. The
result is that the message is sent on with the subject prefix of SPAM:
added. That's all I want to do. Then it's up to the user if they
[64.251.138.48] by brothersmaytag.com
(SMTPD32-7.15) id A47B5700112; Tue, 16 Dec 2003 07:11:23 -0600
Message-ID: [EMAIL PROTECTED]
From: Jim Miller [EMAIL PROTECTED]
To: Joe Wolf [EMAIL PROTECTED]
Subject: Enola Gay Exhibit
Date: Tue, 16 Dec 2003 07:10:28 -0600
MIME-Version: 1.0
Content-Type
Everyone thanks for the replies. I did take a look at the overflow
directory and it was empty. I cleaned out the spool directory and offloaded
all outbound to our production servers. We'll see how this works out before
digging in too far.
This server has a dedicated T1 and is saturated some of
22 matches
Mail list logo
