RE: [Declude.JunkMail] Indicate msg size in header on an authenticated whitelisted
2 years ago, I would have had a dozen replies by now and even possible a nice discussion going on. Where is everybody? John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, January 21, 2008 1:05 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Indicate msg size in header on an authenticated whitelisted I am trying to figure out how to add a line in the header of a message to indicate it is over xKB in size with that incoming message being whitelisted via authenticated sender. Example, user1 on the local Imail server sends a message to user2 on the local Imail server, hence the email is whitelisted since user1 authenticated. But the message is over 2 MB and user2 is currently traveling and using a slow broadband card. The desired action is to have a test that fails on the over 1 MB size and an inbound rule on user2 that will then move that message to a submail box called LargeFiles. This way, user2 when he connects via his Outlook does not try to download that email, instead he will be responsible for checking that folder via webmail and then if he needs it right away he can either download the attachment via webmail or move it to his normal inbox. Thoughts, Ideas, cookies? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Message authenticator
Out of the box, not that I am aware of. It is recorded in the Imail SMTP log. This however would be a good feature request for Declude. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Wednesday, January 23, 2008 5:05 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Message authenicator Is there a way in declude filters (or even in imail rules) to find who authenticated the message from the Q.smd file ? TIA --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Indicate msg size in header on an authenticated whitelisted
I am trying to figure out how to add a line in the header of a message to indicate it is over xKB in size with that incoming message being whitelisted via authenticated sender. Example, user1 on the local Imail server sends a message to user2 on the local Imail server, hence the email is whitelisted since user1 authenticated. But the message is over 2 MB and user2 is currently traveling and using a slow broadband card. The desired action is to have a test that fails on the over 1 MB size and an inbound rule on user2 that will then move that message to a submail box called LargeFiles. This way, user2 when he connects via his Outlook does not try to download that email, instead he will be responsible for checking that folder via webmail and then if he needs it right away he can either download the attachment via webmail or move it to his normal inbox. Thoughts, Ideas, cookies? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] CommTouch FP reporting
There was a discussion back in March about improving the way FPs are reported to CommTouch. What is the current recommended method for reporting FPs? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
The ATT/Yahoo/BellSouth/Ameritech/SBS conglomerate is about to force me to remove all of the entries from the spamdomains file entirely. (Did I leave any one out?) John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, October 26, 2007 10:46 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate You can but I think the limit is three. Don't forget ATT/SBC is in bed with Yahoo so their email can come through Yahoo too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Friday, October 26, 2007 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate John, Can you list multiple REVDNS on a single line when using spamdomains? For example @bellsouth.net.bellsouth. isp.att. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, August 20, 2007 10:55 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test or filtering option for authenticated messages
I'll explain what I'm doing: instead of using IMail's copyall function for archival, which BTW is very resource intensive, I use Declude's COPYTO Please explain. The Imail copyall function simply adds the copyall configured email address to the envelope of the email as it is received. As such, when the email is then processed by the Queue Manager service, it is simple another recipient. Then, the rules.ima file processing is extremely quick since it is a flat text file that is read and then what ever action is taken. In other words, there is now work to do, it is simple an added email address to the recipient list. The copyall function is used by hundreds of admins on Imail servers without any effect on resources. John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SMTP_DELIV_FAILED
Are you using DNS caching, turn that off. It is on the QueueManger service properties. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Monday, October 08, 2007 4:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] SMTP_DELIV_FAILED I can ping yahoo.com. These errors are happening all the time. They are occuring only with specific recipient domains - not all domains. Incoming traffic appears normal even from these domains. Richard Lyon wrote: As a test, try ping something on the Internet when you see this delivery message. Like Yahoo.com. On Oct 8, 2007, at 6:52 PM, Kevin Rogers wrote: I've turned on verbose logging and it appears that the listen on all IPs option did not work. But here is a better log snippet: 10:08 15:32 SMTPD(b01501a702f1) [192.168.0.4] connect 64.121.33.15 port 5672 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] EHLO [192.168.1.110] 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] AUTH 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] AUTH 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] AUTH 10:08 15:32 SMTPD(b01501a702f1) Authenticated [EMAIL PROTECTED], session treated as local. 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] MAIL FROM:[EMAIL PROTECTED] 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] RCPT TO:[EMAIL PROTECTED] 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] DATA 10:08 15:32 SMTPD(b01501a702f1) [64.121.33.15] d:\imail\spool\Db01501a702f1.SMD 558 10:08 15:32 SMTP-() Info - Adding Queue file d:\imail\spool\qb01501a702f1.smd 10:08 15:32 SMTP-(b01501a702f1) processing d:\imail\spool\qb01501a702f1.smd 10:08 15:32 SMTP-(b01501a702f1) [x] looking up healthnet.com in HOSTS and MX 10:08 15:32 SMTP-(b01501a702f1) Info - Adding healthnet.com to DNS cache - TTL = 1724 10:08 15:32 SMTP-(b01501a702f1) [Att-Blk] Got Attachment Blocking Host Info for Rogersbenefit.com 10:08 15:32 SMTP-(b01501a702f1) Trying healthnet.com (0) 10:08 15:32 SMTP-(b01501a702f1) [x] Connecting socket to service SMTP on host healthnet.com using protocol tcp 10:08 15:32 SMTP-(b01501a702f1) [x] using source IP for Rogersbenefit.com [192.168.0.4] 10:08 15:32 SMTP-(b01501a702f1) Info - Found healthnet.com in DNS Cache 10:08 15:32 SMTP-(b01501a702f1) Connect healthnet.com [204.107.47.187:25] (1) 10:08 15:32 SMTP-(b01501a702f1) 421 Service not available, closing transmission channel 10:08 15:32 SMTP-(b01501a702f1) SMTP_DELIV_FAILED 10:08 15:32 SMTP-(b01501a702f1) QUIT 10:08 15:32 SMTP-(b01501a702f1) 10:08 15:32 SMTP-(b01501a702f1) [u] closing socket (u) 10:08 15:32 SMTP-(b01501a702f1) requeuing d:\imail\spool\qb01501a702f1.smd R0 T1 10:08 15:32 SMTP-(b01501a702f1) finished d:\imail\spool\qb01501a702f1.smd status=3 Does this help? Kevin Rogers wrote: FYI - I just noticed that on the SMTP Advanced tab of Imail, the option to Enable SMTP to Listen On All IP's was NOT selected. I'm not sure if this could've been the problem, but I've now selected that option and will watch the logs. Kevin Darrell ([EMAIL PROTECTED]) wrote: Your A / PTR records look fine. mail.rogersbenefit.com. 7200IN A 207.47.22.58 58.22.47.207.in-addr.arpa. 86288 IN PTR mail.rogersbenefit.com Your listed in one RBL - backscatter so it would seem that it should not be related to spam. Can you post a more detailed smtp log for the 6863023f5c41 transaction. This would help more. You can out any addresses etc to prevent harvesting.. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers wrote: I'm not sure if this is the right place to post this issue, but here goes: We recently upgraded our server (to Server2003 - running Imail. 8.21, Declude 4.3) and we're getting a lot of delivery failures to specific domains. It looks like the error we used to get before we had a PTR record setup correctly - certain domains refusing to connect with us. But I believe our PTR record is setup correctly. We upgraded our server, and so it has a different local IP address, but the same external IP, so our PTR record shouldn't have to change. The domain is rogersbenefit.com The errors in the imail log look like this: 10:08 13:20 SMTP-(57f5021f4794) Trying LifeWiseHealth.com (0) 10:08 13:20 SMTP-(5b9502064c35) Trying healthnet.com (0) 10:08 13:20 SMTP-(66fa0818097c) Trying healthnet.com (0) 10:08 13:20 SMTP-(593902374927) Trying healthnet.com (0) 10:08 13:20 SMTP-(69ac02185d9b)
RE: [Declude.JunkMail] OT: Setting Up DNS Service on Server 2003
1) My policy and the way I setup my servers and clients is that the local DNS service on the Imail server is ONLY used for Imail and related software. I leave the OS to use what ever DNS server is used normally on the network. 2) On your forwarder question, yes, if the forward look up zone is for a domain that you are having problems with, yes, that is the problem. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Monday, October 08, 2007 5:36 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] OT: Setting Up DNS Service on Server 2003 Thanks Darrell. So if my server's local IP is 192.168.0.4 and I have simply installed the DNS service, I can change Imail's SMTP settings to include 192.168.0.4 as one of my DNS servers? In my Network Connection applet in the control panel, I can also put 192.168.0.4 as my primary DNS IP? (I also have 2 external ones from my ISP.) And I can do this without adding any forward or reverse lookup zones? On my old server, someone had setup a Forward Lookup Zone Could this be the problem with not being able to reach certain domains via SMTP (the other problem I posted earlier)? It seems like there was domain name resolution, but our connection was being halted by the recipient server - I'm not sure why DNS would be involved in that - just checking. Thanks. Kevin Darrell ([EMAIL PROTECTED]) wrote: Kevin, All you need to do is install the service and your already in caching mode. Just limit the outsides ability to query it since you will need to have recursion enabled and MSDNS does not allow you to set what ip blocks can and can not query the dns service. Any problems let me know and I can help you out. -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers wrote: Does anyone have any simple instructions on how to setup the DNS service for Windows 2003 Server? We only host 2 domains and our DNS records are hosted by Network Solutions. Our old server (windows 2000 server) had the DNS service setup already when I took over the admin, so I never had to set it up from scratch. So we're only using the DNS service to allow Imail to run more efficiently - we're not actually using the DNS service to act as the authority for these domains. As you can probably tell, the simpler the instructions, the better ;) Thanks - Kevin --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Decludeproc stops for no reason
Since Hobbies are something we do when we have the time, my hobby is sleeping. ;-) Oh, sorry, your question. When this happens, is the service actually stopped? (Is decludeproc listed in Task Manager?) When you try to restart it, what error is displayed or logged in the Windows Event log? What version of Declude? John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Hogue Sent: Wednesday, October 03, 2007 11:25 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Decludeproc stops for no reason Over the past 3 days I have had to reboot one of our mail servers at least 6 times due to the decludeproc stopping for no reason and not restarting. We run 8.21 Imail with declude and sniffer but I keep getting these stops. This was happening about once per week for a while and then it stopped but now it seems to be doing it daily. Any help on this would be appreciated. Rick Hogue I love woodworking! What is your hobby? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] What am I doing wrong with Revdns filter?
Are being caught as spam ... I have in file I call REVDNSFILE REVDNS -99 ENDSWITH .ebay.com In addition to what Darrell suggested about putting the log into debug, make sure there is no space after .com in your filter. John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RE: David, Linda...
Rename the hijack.cfg to hijack.cfg.txt. You will then need to stop and restart the decludeproc service. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gufler Markus Sent: Tuesday, September 04, 2007 6:50 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] RE: David, Linda... found a hijack.cfg file even if I hadn't used it anytime before. Could it be that with completely equal config files after upgrading from v3 to v4 hijack functionality was enabled? How could I completely disable this functionality? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FW: Problems
Post a log snippet showing the errors or send off list. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Sunday, August 05, 2007 2:19 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] FW: Problems I didn't see this message come in to the list, so I wasn't sure if it went through or not. An update: I did reinstall Declude, which did not help. Decludeproc is crashing every 1 minute. Todd -Original Message- From: Todd Richards [mailto:[EMAIL PROTECTED] Sent: Sunday, August 05, 2007 2:14 PM To: 'declude.junkmail@declude.com' Subject: Problems Happy Sunday everyone. We've got some issues with Declude. Basically, nothing is getting filtered. I didn't check mail at all yesterday, and found over 1500 junk messages in my Inbox this morning. If I look at the headers, there is nothing about Declude in them. I rebooted the mail server and when I log in via RDP, I see an error that Decludeproc.exe had an error and needed to close. I hit ok, and it does that again about 5 times. Then it goes away. When I look at the services and see that decludeproc is running. I looked at the server logs this morning and they are completely littered with error messages from decludeproc, starting on Thursday afternoon when I started having a few issues. I have sent a few messages to Declude, realizing that I probably won't hear back until tomorrow. In the meantime, I'm getting some hate mail from our end users. Anyone have any suggestions? Reinstall? Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Increase?
I actually saw it ramping up since last weekend and every day there have been a change or 2 in the spam to keep it from being caught. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Friday, August 03, 2007 2:35 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Spam Increase? Anyone else noticing an increase in spam today? It seems like stuff that was normally being caught before is showing up in my Inbox. Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Excel files in zip files spreading
I am not sure what is the purpose yet, but I am catching a lot of emails this morning with a blank subject, Thunderbird in the header, attached zip file and the zip file contains an single xls file. THESE ARE NOT LEGIT EMAILS. Any body else seeing this and know what they are, virus or spam? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Excel files in zip files spreading
Yes, I see that now. What caught me off guard was the blank subject line this time, as before the subject line contained the name of the file. Thanks. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, July 28, 2007 9:46 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Excel files in zip files spreading John, It's just another one of the viruses from the Storm botnet. Same guys as the ones sending fake greeting card viruses and PDF stock spam among other things. Matt John T (lists) wrote: I am not sure what is the purpose yet, but I am catching a lot of emails this morning with a blank subject, Thunderbird in the header, attached zip file and the zip file contains an single xls file. THESE ARE NOT LEGIT EMAILS. Any body else seeing this and know what they are, virus or spam? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fidelity Independent Adviser
First time I am seeing this one, caught by Sniffer. Any one have experience with their newsletters? Legit? Ham? Spam? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Possible Declude Memory Leak???
While I am not getting the errors you have seen, I have noticed that the number of handles is extremely high, right now it showed over 67K. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Anton Sent: Friday, July 06, 2007 3:58 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Possible Declude Memory Leak??? Hi All, We are getting the follow error in our system event log and have noticed some things relating to declude: An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system's image of the Registry. We are running 4.3.46 and are seeing decludeproc.exe reaching # of handles as high as 50,000. A reboot fixes all, but loses any registry changes since the error started. We are open to any suggestions. Thanks for any help you have! Best Regards, Chris Anton Web Solutions, Inc. Tel: 203-235- x25 [EMAIL PROTECTED] www.websolutions.net --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More accidental whitelisting
The point you have missed is that just because YOU are using Imail 2006.2 does not mean every one else is. Declude is doing exactly as it should, checking to see if an aliases.txt file exists and if so use it. As for the option of turning whitelisting based on the address book on or off, uh, ah, golly gee, that is what AUTOWHITELIST is for. As for not knowing that 2006.2 no longer uses the aliases.txt files… John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Admin Sent: Monday, May 28, 2007 10:22 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] More accidental whitelisting Hi Matt, I understood the discussion about AUTOWHITELIST ON and the web address book issue. Where I got caught was that this server doesn't use aliases.txt, but the file is just there by accidental legacy. We're in the process of replacing our old 7.15 server with a new 2006.2 server by moving to a new machine. So far, the only domain we've moved over (until we get the bugs like this worked out) is our own domain. As part of that process, I copied over our old user folders (just for our domain) to the new server. The aliases.txt file must have been in the old users folder on the old server. Where I got fooled was because apparently 2006.2 doesn't use that file any more, so when I logged into the web interface, it told me the address book was empty. And, truthfully, I (and most of our users) used IMAP access via Outlook or something similar, rather than the web interface, so I wasn't even familiar with the file. I do agree with the discussion on this point: first, the whitelisting should never apply to your own address, and, I think the whole idea of whitelisting the address book should be an option that can be turned on/off from the config file. Anyway, thank you very much for clearing up this mystery for me. Thanks! Ben - Original Message - From: Matt mailto:[EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, May 28, 2007 8:50 PM Subject: Re: [Declude.JunkMail] More accidental whitelisting Ben, This was covered early in the thread. You have AUTOWHITELIST ON in your global.cfg, and that causes Declude to whitelist whatever is in the recipient's address book (aliases.txt in all IMail versions prior to 2006). You have your own E-mail address listed in your address book, and a spammer forged your address as the Mail From. This is commonly seen by those that use AUTOWHITELIST. There is no way to stop this unless you remove your address from your address book, and this is also likely happening to your other users where they have themselves listed in their address book, as well as others on your hosted domains in the event that there are multiple recipient forging spam. There is a limited workaround for some of this using a test called BYPASSWHITELIST. You can search the archives or manual about this. The best solution if you want to keep the ability to whitelist from the address book would be for Declude to make a change to automatically exclude any recipient of the E-mail from triggering AUTOWHITELIST. This has been requested repeatedly for over 3 years and even came up again in this thread. The fact that people were quick to point out that this was likely the reason for your issue is testament to the fact that it affects a lot of people that use this functionality. Matt Imail Admin wrote: Hi All, Last week I was struggling with this mysterious accidental whitelisting. Emails addressed to me were whitelisted, even though I had (to the best of my knowledge) no whitelisting turned on for my own address. After setting the JM logging to high, I came up with the following lines: 05/28/2007 17:39:47.568 q764101a664c1.smd Past whitelisting 05/28/2007 17:39:47.568 q764101a664c1.smd Looping #0 [flags=1] 05/28/2007 17:39:47.568 q764101a664c1.smd [EMAIL PROTECTED] [EMAIL PROTECTED]@mail2.bcwebhost.net] *local* 05/28/2007 17:39:47.568 q764101a664c1.smd Opening HKEY_LOCAL_MACHINE\software\Ipswitch\IMail\Domains for [EMAIL PROTECTED] [0] 05/28/2007 17:39:47.568 q764101a664c1.smd D:\IMail\Users\ben\aliases.txt 05/28/2007 17:39:47.568 q764101a664c1.smd Doing whitelist file D:\IMail\Users\ben\aliases.txt 05/28/2007 17:39:47.568 q764101a664c1.smd Using whitelist file D:\IMail\Users\ben\aliases.txt. 05/28/2007 17:39:47.568 q764101a664c1.smd Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. 05/28/2007 17:39:47.568 q764101a664c1.smd Domain name = mail2.bcwebhost.net, User name = ben. So, for reasons I don't understand, Declude is looking at my aliases.txt file for whitelisting. I couldn't find anywhere in the configuration files for this to happen, but there it is. I don't even know how aliases.txt is created, but when I looked inside it, I found the email addresses for various random people,
RE: [Declude.JunkMail] accidental whitelisting
Put the log into debug mode. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Admin Sent: Thursday, May 24, 2007 5:42 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] accidental whitelisting Hi All, We're in the process of tesing JM 4.x as an upgrade and I ran into what I am sure is a minor mis-configuration. I find that I occassionally get messages that are clearly spam, but are whitelisted. The common characteristic is that they are sent with a from line that is my own email address, such as the following: X-Declude-Sender: [EMAIL PROTECTED] [77.85.117.187] X-Declude-Spoolname: D29db019e2105.smd X-Declude-Note: Scanned by Declude 4.2.20 for spam. http://www.declude.com/x-note.htm; X-Declude-Scan: Incoming Score [0] at 17:12:28 on 24 May 2007 X-Declude-Fail: Whitelisted, ZEROHOUR [0] Now, I checked and I don't see why this is being whitelisted. We only whitelist a handful of IP addresses, and this isn't one of them. The whitelist settings in the global.cfg file are: #=WHITELISTS === #WHITELIST HABEAS #DOMAINWHITELISTS OFF PREWHITELIST ON WHITELIST AUTH AUTOWHITELIST ON # - Domain Example - #WHITELIST FROM @declude.com # - User Example - #WHITELIST FROM [EMAIL PROTECTED] # - IP Example - WHITELIST IP 63.246.31.248 # - REVDNS Example - WHITELIST REVDNS .declude.com These are pretty much the defaults. The Autowhitelist ON command uses addresses in the web address book, so I checked those and found nothing (no addresses at all). I'm sure this is something really obvious, but could someone point it out to me? Thanks, Ben BC Web --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: server monitoring
I have switched from WhatsUp to Network Monitor by Numara Software, the same company that sells Track IT. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 21, 2007 7:47 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] OT: server monitoring Like everything else at ipswitch it has gone up in price. $1995 for the lowest price point. Kevin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Monday, May 21, 2007 6:50 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] OT: server monitoring Hi Kevin- I monitor everything in my shop for a pulse, and check web, pop, smtp, and/or imap as appropriate using Ipswitch's What's Up, 1995 version (3.5, maybe?). I get emails to my cellphone when anything goes awry. I have no idea what it costs now, but it has served my needs well, even if the setup of this old version is a bit quirky. -Dave Doherty Skywaves, Inc. 97 Webster Street Worcester, MA 01603 508-425-7176 - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, May 21, 2007 8:30 PM Subject: RE: [Declude.JunkMail] OT: server monitoring I guess I should have given more information. Things I want to do. Monitor our web and SMTP applications and send text message notifications to a cell phone and email address concurrently. Thanks for the responses so far anyone else have any experiences. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, May 21, 2007 3:06 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] OT: server monitoring I am doing research on purchasing/open source server monitoring and would like to know what Declude administrators recommend. Survey sais? Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] Changing the way industry works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: server monitoring
That is also why in my monitoring server I have a modem connected to an analog phone line. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Tuesday, May 22, 2007 5:29 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] OT: server monitoring One thing to think about... If you set up your own in-house monitoring, you probably will not get an alert if your Internet feed fails or you have a massive power problem. Outsourcing the monitoring function would eliminate these problems. -d - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, May 21, 2007 6:05 PM Subject: [Declude.JunkMail] OT: server monitoring I am doing research on purchasing/open source server monitoring and would like to know what Declude administrators recommend. Survey sais? Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] Changing the way industry works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] all_list.dat ?
I think we all fully understand that now Andrew. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, May 17, 2007 9:54 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. It's working fine here! Andrw 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:29 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available from the My Account page on Declude website. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:52 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Sure, I will see what I can do for early next week. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 16, 2007 7:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Hey, David. Any chance of seeing a refresh of all_list.dat ... It's been just about 4 months since the last one. Three or four times a year doesn't sound bad. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, January 18, 2007 9:08 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. The early report is that it's working for me. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, January 18, 2007 7:37 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available on the My Account home page of Declude. 18 Jan 07 344kB David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Tuesday, January 09, 2007 4:30 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] all_list.dat ? David (or any Declude people that may be reading), Any chance of seeing a new all_list.dat any time soon, considering the current one has a date of 6 Jul 06, and considering the additional input from this recent thread? I'm starting to see false positives caused by weights I previously gave to IANA Reserved and RIPE Unlisted. Gary Original Message From: Jay Sudowski - Handy Networks LLC [EMAIL PROTECTED] Sent: Thursday, January 04, 2007 5:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] [IANA Reserved] ? Indeed. When we obtained our own IP space from ARIN, it was from 72/8, which had been released only about 6 months prior to it being assigned to us. You wouldn't believe the number of networks that were running with 72/8 in their bogons list and were entirely blocking traffic from our network... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, January 04, 2007 3:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [IANA Reserved] ? I would be very careful with this. IANA just released (I believe in October) 96/8, 97/8, 98/8, 99/8. With the all_list.dat not being updated frequently I would tred very lightly in this area. Part of 96/8 has been handed out. Darrell - - -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: S.J.Stanaitis [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Thursday, January 04, 2007 3:29 PM Subject: RE: [Declude.JunkMail] [IANA Reserved] ? Nice. Thanks, Sam SJ.Stanaitis - Network Administrator Decorative Product Source
RE: [Declude.JunkMail] all_list.dat ?
I think we all fully understand that now Andrew. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, May 17, 2007 9:54 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. It's working fine here! Andrw 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:29 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available from the My Account page on Declude website. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:52 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Sure, I will see what I can do for early next week. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 16, 2007 7:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Hey, David. Any chance of seeing a refresh of all_list.dat ... It's been just about 4 months since the last one. Three or four times a year doesn't sound bad. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, January 18, 2007 9:08 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. The early report is that it's working for me. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, January 18, 2007 7:37 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available on the My Account home page of Declude. 18 Jan 07 344kB David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Tuesday, January 09, 2007 4:30 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] all_list.dat ? David (or any Declude people that may be reading), Any chance of seeing a new all_list.dat any time soon, considering the current one has a date of 6 Jul 06, and considering the additional input from this recent thread? I'm starting to see false positives caused by weights I previously gave to IANA Reserved and RIPE Unlisted. Gary Original Message From: Jay Sudowski - Handy Networks LLC [EMAIL PROTECTED] Sent: Thursday, January 04, 2007 5:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] [IANA Reserved] ? Indeed. When we obtained our own IP space from ARIN, it was from 72/8, which had been released only about 6 months prior to it being assigned to us. You wouldn't believe the number of networks that were running with 72/8 in their bogons list and were entirely blocking traffic from our network... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, January 04, 2007 3:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [IANA Reserved] ? I would be very careful with this. IANA just released (I believe in October) 96/8, 97/8, 98/8, 99/8. With the all_list.dat not being updated frequently I would tred very lightly in this area. Part of 96/8 has been handed out. Darrell - - -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: S.J.Stanaitis [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Thursday, January 04, 2007 3:29 PM Subject: RE: [Declude.JunkMail] [IANA Reserved] ? Nice. Thanks, Sam SJ.Stanaitis - Network Administrator Decorative Product Source
RE: [Declude.JunkMail] all_list.dat ?
I think we all fully understand that now Andrew. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, May 17, 2007 9:54 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. It's working fine here! Andrw 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:29 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available from the My Account page on Declude website. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:52 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Sure, I will see what I can do for early next week. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 16, 2007 7:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Hey, David. Any chance of seeing a refresh of all_list.dat ... It's been just about 4 months since the last one. Three or four times a year doesn't sound bad. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, January 18, 2007 9:08 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. The early report is that it's working for me. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, January 18, 2007 7:37 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available on the My Account home page of Declude. 18 Jan 07 344kB David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Tuesday, January 09, 2007 4:30 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] all_list.dat ? David (or any Declude people that may be reading), Any chance of seeing a new all_list.dat any time soon, considering the current one has a date of 6 Jul 06, and considering the additional input from this recent thread? I'm starting to see false positives caused by weights I previously gave to IANA Reserved and RIPE Unlisted. Gary Original Message From: Jay Sudowski - Handy Networks LLC [EMAIL PROTECTED] Sent: Thursday, January 04, 2007 5:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] [IANA Reserved] ? Indeed. When we obtained our own IP space from ARIN, it was from 72/8, which had been released only about 6 months prior to it being assigned to us. You wouldn't believe the number of networks that were running with 72/8 in their bogons list and were entirely blocking traffic from our network... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, January 04, 2007 3:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [IANA Reserved] ? I would be very careful with this. IANA just released (I believe in October) 96/8, 97/8, 98/8, 99/8. With the all_list.dat not being updated frequently I would tred very lightly in this area. Part of 96/8 has been handed out. Darrell - - -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: S.J.Stanaitis [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Thursday, January 04, 2007 3:29 PM Subject: RE: [Declude.JunkMail] [IANA Reserved] ? Nice. Thanks, Sam SJ.Stanaitis - Network Administrator Decorative Product Source
RE: [Declude.JunkMail] all_list.dat ?
OK, would some one at Declude give a good swift kick to your list server? John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Thursday, May 17, 2007 12:31 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? I think we all fully understand that now Andrew. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, May 17, 2007 9:54 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. It's working fine here! Andrw 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:29 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available from the My Account page on Declude website. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, May 17, 2007 9:52 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Sure, I will see what I can do for early next week. David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 16, 2007 7:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Hey, David. Any chance of seeing a refresh of all_list.dat ... It's been just about 4 months since the last one. Three or four times a year doesn't sound bad. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, January 18, 2007 9:08 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? Thanks, David. The early report is that it's working for me. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, January 18, 2007 7:37 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] all_list.dat ? New all_list.dat available on the My Account home page of Declude. 18 Jan 07 344kB David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Tuesday, January 09, 2007 4:30 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] all_list.dat ? David (or any Declude people that may be reading), Any chance of seeing a new all_list.dat any time soon, considering the current one has a date of 6 Jul 06, and considering the additional input from this recent thread? I'm starting to see false positives caused by weights I previously gave to IANA Reserved and RIPE Unlisted. Gary Original Message From: Jay Sudowski - Handy Networks LLC [EMAIL PROTECTED] Sent: Thursday, January 04, 2007 5:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] [IANA Reserved] ? Indeed. When we obtained our own IP space from ARIN, it was from 72/8, which had been released only about 6 months prior to it being assigned to us. You wouldn't believe the number of networks that were running with 72/8 in their bogons list and were entirely blocking traffic from our network... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, January 04, 2007 3:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [IANA Reserved] ? I would be very careful with this. IANA just released (I believe in October) 96/8, 97/8, 98/8, 99/8. With the all_list.dat not being updated frequently I would tred very lightly in this area. Part of 96/8 has been handed out. Darrell --- -- - -- Check out http://www.invariantsystems.com
RE: [Declude.JunkMail] PCRE
Linda, thanks for the Laugh. How are you at making coffee? I haven't had my morning cup yet. OOPS, mornings over already. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Linda Pagillo Sent: Thursday, May 10, 2007 11:59 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] PCRE I'm here with you David. No need to feel alone :) If you have any further questions, please do not hesitate to contact me either by email or call Toll free 1-866-332-5833 Ext.7008 Linda Pagillo Technical Support Engineer | Declude Your Email Security is our business Office: 978.499.2933 x7008 Toll Free: 1-866.332.5833 x7008 Fax: 978.334.0700 Email: [EMAIL PROTECTED] - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Thursday, May 10, 2007 1:28 PM Subject: [Declude.JunkMail] PCRE Ok, either everyone has left or everyone is very happy because it is kind of quite. So I thought I would post something: Using PCRE here is an expression that will only match a valid IP address. (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0- 9][0-9] ?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0- 9]|[01]?[0-9][ 0-9]?) I guess this is useful for several reasons, currently I am just using it see if there is an IP in the REVDNS entry. Any thoughts on how this could be effectivley used ? David Barker VP Operations | Declude Your Email Security is our business O: 978.499.2933 x7007 F: 978.988.1311 E: [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46
Same here, I do not see the download. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Wednesday, April 25, 2007 2:41 AM To: David Barker Cc: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 I don't see it in our interface. Only online help is listed in the interim release section. I have refreshed to clear cache and it's not there. . . . Tuesday, April 24, 2007, 2:29:47 PM, David Barker [EMAIL PROTECTED] wrote: DB DB DB I have an interim release 4.3.47 which deals with the HELO- DB this is available from the interim download location. DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker DB Sent: Tuesday, April 24, 2007 10:56 AM DB To: declude.junkmail@declude.com DB Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB DB Hopefully I will have a status on time by the end of today. DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) DB Sent: Tuesday, April 24, 2007 10:47 AM DB To: declude.junkmail@declude.com DB Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB DB DB David sent me an email this morning saying they are working on it. DB DB DB DB DB John T DB DB DB DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt DB Sent: Tuesday, April 24, 2007 7:41 AM DB To: declude.junkmail@declude.com DB Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB DB DB Have you been given any estimate when a fix will be available? DB DB DB DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) DB Sent: Tuesday, April 24, 2007 10:10 AM DB To: declude.junkmail@declude.com DB Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB DB DB In my case, I am seeing more spam get through because of filters DB using HELO were made ineffective AND more false positives do to DB white filters using HELO became ineffective. DB DB DB DB DB John T DB DB DB DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt DB Sent: Tuesday, April 24, 2007 6:55 AM DB To: declude.junkmail@declude.com DB Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB DB DB Thanks John so the most likely effect would be that more SPAM will get through if we DB DB DB DB a) have HELO based filters DB DB b) have DNSBL lookups based on HELO strings ? DB DB DB DB DB DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) DB Sent: Tuesday, April 24, 2007 3:28 AM DB To: declude.junkmail@declude.com DB Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB DB DB Just so everyone else is clear, if you are using IPBYPASS in the DB Global.CFG file, the latest version of Decludeproc.exe does not DB honor that list when it comes to the %HELO% variable. Anyone DB using that variable in their filters needs to be aware of this bug DB and review the log files to see if it is negatively affecting your filters. DB DB DB DB I have had to revert to an earlier version because of this. DB DB DB DB DB John T DB DB DB DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker DB Sent: Wednesday, April 18, 2007 10:05 AM DB To: declude.junkmail@declude.com DB Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB DB DB No changes were made to the HELO for IMail, can you send some DB log lines to verify this so I can look into it ? DB DB DB DB DB DB DB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) DB Sent: Wednesday, April 18, 2007 11:46 AM DB To: declude.junkmail@declude.com DB Subject: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 DB DB Since upgrading to 4.3.46 yesterday, I have noticed that Declude DB is not honoring the IP Skip list when it comes to what server it records for the HELO. DB DB DB DB I have a IPBYPASS line for each of my incoming gateway servers. DB DB DB DB %REVDNS% is correctly recording from the server before my gateway servers. DB DB %REMOTEIP% is correctly recording from the server before my gateway servers. DB DB %HELO% is wrongly reporting the gateway server it was received from. DB DB DB DB John Tolmachoff DB DB eServices For You DB DB [EMAIL PROTECTED] DB DB (626) 737-6003 DB DB Fax (626) 737-6004 DB DB DB DB --- DB This E-mail came from the Declude.JunkMail mailing list. To DB unsubscribe, just send an E-mail to [EMAIL PROTECTED], and DB type unsubscribe Declude.JunkMail. The archives can be found DB at http://www.mail-archive.com. DB DB --- DB This E-mail
RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46
Just so everyone else is clear, if you are using IPBYPASS in the Global.CFG file, the latest version of Decludeproc.exe does not honor that list when it comes to the %HELO% variable. Anyone using that variable in their filters needs to be aware of this bug and review the log files to see if it is negatively affecting your filters. I have had to revert to an earlier version because of this. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 18, 2007 10:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 No changes were made to the HELO for IMail, can you send some log lines to verify this so I can look into it ? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, April 18, 2007 11:46 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Since upgrading to 4.3.46 yesterday, I have noticed that Declude is not honoring the IP Skip list when it comes to what server it records for the HELO. I have a IPBYPASS line for each of my incoming gateway servers. %REVDNS% is correctly recording from the server before my gateway servers. %REMOTEIP% is correctly recording from the server before my gateway servers. %HELO% is wrongly reporting the gateway server it was received from. John Tolmachoff eServices For You [EMAIL PROTECTED] (626) 737-6003 Fax (626) 737-6004 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46
In my case, I am seeing more spam get through because of filters using HELO were made ineffective AND more false positives do to white filters using HELO became ineffective. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Tuesday, April 24, 2007 6:55 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Thanks John - so the most likely effect would be that more SPAM will get through if we a) have HELO based filters b) have DNSBL lookups based on HELO strings ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Tuesday, April 24, 2007 3:28 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Just so everyone else is clear, if you are using IPBYPASS in the Global.CFG file, the latest version of Decludeproc.exe does not honor that list when it comes to the %HELO% variable. Anyone using that variable in their filters needs to be aware of this bug and review the log files to see if it is negatively affecting your filters. I have had to revert to an earlier version because of this. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 18, 2007 10:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 No changes were made to the HELO for IMail, can you send some log lines to verify this so I can look into it ? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, April 18, 2007 11:46 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Since upgrading to 4.3.46 yesterday, I have noticed that Declude is not honoring the IP Skip list when it comes to what server it records for the HELO. I have a IPBYPASS line for each of my incoming gateway servers. %REVDNS% is correctly recording from the server before my gateway servers. %REMOTEIP% is correctly recording from the server before my gateway servers. %HELO% is wrongly reporting the gateway server it was received from. John Tolmachoff eServices For You [EMAIL PROTECTED] (626) 737-6003 Fax (626) 737-6004 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46
David sent me an email this morning saying they are working on it. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Tuesday, April 24, 2007 7:41 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Have you been given any estimate when a fix will be available? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Tuesday, April 24, 2007 10:10 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 In my case, I am seeing more spam get through because of filters using HELO were made ineffective AND more false positives do to white filters using HELO became ineffective. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Tuesday, April 24, 2007 6:55 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Thanks John - so the most likely effect would be that more SPAM will get through if we a) have HELO based filters b) have DNSBL lookups based on HELO strings ? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Tuesday, April 24, 2007 3:28 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Just so everyone else is clear, if you are using IPBYPASS in the Global.CFG file, the latest version of Decludeproc.exe does not honor that list when it comes to the %HELO% variable. Anyone using that variable in their filters needs to be aware of this bug and review the log files to see if it is negatively affecting your filters. I have had to revert to an earlier version because of this. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 18, 2007 10:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 No changes were made to the HELO for IMail, can you send some log lines to verify this so I can look into it ? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, April 18, 2007 11:46 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Possible bug after upgrading to 4.3.46 Since upgrading to 4.3.46 yesterday, I have noticed that Declude is not honoring the IP Skip list when it comes to what server it records for the HELO. I have a IPBYPASS line for each of my incoming gateway servers. %REVDNS% is correctly recording from the server before my gateway servers. %REMOTEIP% is correctly recording from the server before my gateway servers. %HELO% is wrongly reporting the gateway server it was received from. John Tolmachoff eServices For You [EMAIL PROTECTED] (626) 737-6003 Fax (626) 737-6004 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Possible bug after upgrading to 4.3.46
Since upgrading to 4.3.46 yesterday, I have noticed that Declude is not honoring the IP Skip list when it comes to what server it records for the HELO. I have a IPBYPASS line for each of my incoming gateway servers. %REVDNS% is correctly recording from the server before my gateway servers. %REMOTEIP% is correctly recording from the server before my gateway servers. %HELO% is wrongly reporting the gateway server it was received from. John Tolmachoff eServices For You mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] (626) 737-6003 Fax (626) 737-6004 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Warning re: DECLUDE - CRITICAL VIRUS SCANNING UPDATE
FYI, this was resolved about 3 hours earlier and was reported on the Declude Virus list. As others have reported, re-download the upgrade installer and the missing file will be there. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Monday, April 16, 2007 4:12 PM To: declude.junkmail@declude.com; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Warning re: DECLUDE - CRITICAL VIRUS SCANNING UPDATE I attempted to install this update on my server. The package is apparently missing a DLL. The decludeproc service would not start, and the pop-up said to contact support. The update email was issued at 5:15 PM, and Declude was closed. I left a message. I got back up and running by reinstalling the previous update and rebooting. I strongly suggest that you DO NOT install this update until Declude can figure out what's wrong with it! -Dave Doherty Skywaves, Inc. 97 Webster Street Worcester, MA 01603 508-425-7176 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Warning re: DECLUDE - CRITICAL VIRUS SCANNING UPDATE
The upgrade that came out today, 4.3.46, was specifically and pointedly only to correct a problem with the built-in AVG scanner that was created by a change AVG recently made. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Monday, April 16, 2007 7:54 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Warning re: DECLUDE - CRITICAL VIRUS SCANNING UPDATE I did so, and the upgrade went fine this time. So why did they restrict the distibution of the mod notice to the AV list when they sent individual emails to notify of the initial upgrade? This is more than annoying... -d - Original Message - From: John mailto:[EMAIL PROTECTED] T (lists) To: declude.junkmail@declude.com Sent: Monday, April 16, 2007 8:18 PM Subject: RE: [Declude.JunkMail] Warning re: DECLUDE - CRITICAL VIRUS SCANNING UPDATE FYI, this was resolved about 3 hours earlier and was reported on the Declude Virus list. As others have reported, re-download the upgrade installer and the missing file will be there. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Monday, April 16, 2007 4:12 PM To: declude.junkmail@declude.com; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Warning re: DECLUDE - CRITICAL VIRUS SCANNING UPDATE I attempted to install this update on my server. The package is apparently missing a DLL. The decludeproc service would not start, and the pop-up said to contact support. The update email was issued at 5:15 PM, and Declude was closed. I left a message. I got back up and running by reinstalling the previous update and rebooting. I strongly suggest that you DO NOT install this update until Declude can figure out what's wrong with it! -Dave Doherty Skywaves, Inc. 97 Webster Street Worcester, MA 01603 508-425-7176 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
But from what I read last night, it is only serious if some one is running a MS DNS server that is not behind a firewall or otherwise has the range of ports in question open from the Internet. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, April 13, 2007 7:08 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution FYI - This looks pretty serious and will probably affect most of us. This alert is to notify you that Microsoft has released Security Advisory 935964 - Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution - on 12 April 2007. Summary: Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code. Microsoft's initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM. Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. Recommendations: Review Microsoft Security Advisory 935964 for an overview of the issue, details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ) and links to additional resources. Customers who believe they are affected can contact Product Support Services. Contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1-866-PCSAFETY). International customers can use any method found at this location: http://support.microsoft.com/security. International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site: http://support.microsoft.com/common/international.aspx. Additional Resources: * Microsoft Security Advisory 935964 - Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution - http://www.microsoft.com/technet/security/advisory/935964.mspx * MSRC Blog: http://blogs.technet.com/msrc/ Note: check the MSRC Blog periodically as new information may appear there. Regarding Information Consistency: We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Security Advisories posted to the web are occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in the web-based Security Advisory, the information in the web-based Security Advisory is authoritative. If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant. Thank you, Microsoft PSS Security Team --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail Anti-spam
What, David, biased? Shock. Who would have thought. ;-) John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 11, 2007 9:33 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail Anti-spam None of Imails features. But then I am probably biased ;) David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 11, 2007 12:33 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Imail Anti-spam We are running IMAIL 8.22 and I am looking at the Anti-spam features. We are also running declude. Which Anti-spam features do people find good to turn on in Imail versus Declude? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam gateway/proxy...
My Imail server is behind 3 Windows 2003 servers running IIS SMTP virtual server which are acting as a gateway. They all have ORF installed and ORF is blocking about 75% of the spam and viruses coming in purely by simple rules and policies. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 11, 2007 12:27 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Spam gateway/proxy... Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SNMP / Smarter Mail 4
Better get out the fluoride toothpaste. ;) Sorry, could not resist. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Cummins Sent: Wednesday, March 21, 2007 2:09 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SNMP / Smarter Mail 4 I'll probably get ridiculed but I recently discovered the joys of SNMP and I found myself thinking wouldn't it be cool if I could use SNMP to keep track Declude performance? You know: queue sizes, number of threads, memory used, all that. I already steal and parse the handy information out of the persistent sniffer text file every few minutes, but doing an SNMP GET on a Declude OID would be really handy. ...or am I just a greedy kid in a candy store? -- Michael Cummins --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PCRE FILTERING
This was an old, old feature request/bug fix from back in the Scott days, where it was desired not include encoded base64 I requested this as a change long ago for two reasons: 1) To avoid false positives where search text matches the MIME or UUENCODE formatting 2) To provide an instant speed up in BODY and ANYWHERE processing because Declude has less text to match, in particular when MIME encoding text is being searched for, say, an encoded PDF, DOC or JPG. It may also have the additional benefit of being more accurate: 3) To provide for fewer false negatives, because the string size is more complete with the body text. Giving a third to what Andrew and Matt have said, I have a client that deals in electronic parts. Electronic part numbers take on all forms of sequences and not being able to limit body searches to non-base64 encoding which is primarily attachments has caused a lot of extra work on my part constantly having to make adjustments to counter this problem. Being able to have BODY not include attachments is coming to the point where it is no longer a feature but a requirement. John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IMail 2006.2 Known Issues with Declude...
No problems seen on my server. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Hardrick Sent: Wednesday, March 07, 2007 2:01 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] IMail 2006.2 Known Issues with Declude... Are there any Known Issues with the new version of IMail v2006.2 and Declude? Michael Hardrick TNWEB LLC Middle Tennessee ISP --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help: Domain not found
At least for the night. John T  -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Monday, February 26, 2007 8:19 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Help: Domain not found DUH !!! I read this several time and didn't catch it. I think it is time for me to retire.  Thanks   - Original Message - From: Michael Jaworski To: declude.junkmail@declude.com Sent: Tuesday, February 27, 2007 4:00 AM Subject: RE: [Declude.JunkMail] Help: Domain not found Is the example the same as the original?? Malivision is misspelled, missing an i. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Monday, February 26, 2007 7:32 PM To: declude.junkmail@declude.com; Imail_Forum@list.ipswitch.com Subject: [Declude.JunkMail] Help: Domain not found I have a client having problems sending emails to some servers No thank you rejected: Domain not found DNSSTUFF shows no major problem with malivision.com Would appreciate any help to resolve this issue   20070226 183127 127.0.0.1  SMTP (276b023cf3f9) Trying mail.com (0) 20070226 183128 127.0.0.1  SMTP (276b023cf3f9) Connect mail.com [208.36.123.68:25] (1) 20070226 183130 127.0.0.1  SMTP (276b023cf3f9) 220 spf8.us4.outblaze.com ESMTP Postfix 20070226 183130 127.0.0.1  SMTP (276b023cf3f9) EHLO mail.cefib.com 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) 250-spf8.us4.outblaze.com 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) 250-PIPELINING 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) 250-SIZE 1024 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) 250-ETRN 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) 250 8BITMIME 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) MAIL FROM:philippe @ malivsion.com 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) 250 Ok 20070226 183131 127.0.0.1  SMTP (276b023cf3f9) RCPT To:mathioye @ mail.com 20070226 183132 127.0.0.1  SMTP (276b023cf3f9) 550 philippe @ malivsion.com: No thank you rejected: Domain not found 20070226 183132 127.0.0.1  SMTP (276b023cf3f9) QUIT   --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Decludeproc.ex Faulting Applicaction
What does the Declude Junkmail or Virus log say? John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luis Alberto Arango E. Sent: Monday, February 19, 2007 7:51 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Decludeproc.ex Faulting Applicaction By the way, declude stopped scanning since the errors started. My proc is holding thousands of messages now. I have reinstall declude, installed older versions and the error keep showing up in the eventlog. Luis Arango _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luis Alberto Arango E. Sent: lunes, 19 de febrero de 2007 10:23 To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Decludeproc.ex Faulting Applicaction starting yesterday feb 18 at 3:33 am (ET) I get errors from decludeproc.exe every 10 to 15 seconds.. the error is as follows: Faulting application decludeproc.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x20202020 I am running Imail and decludeproc version 3.13 under windows 2003 Any ideas.. Luis Arango --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] NOTIFY=FAILURE,DELAY
Some one requested a delivery receipt. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Thursday, February 15, 2007 2:55 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] NOTIFY=FAILURE,DELAY Can someone explain what this failure mean ? Also, even though i sent this message from oe, and configured my server as smtp server, aparently, the isp intercepted the message, and sent it from smtp.neuf.fr Is this policy widely used ? 20070215 222434 127.0.0.1 SMTPD (dda202070335) [217.170.144.6] connect 84.96.92.11 port 39910 20070215 222435 127.0.0.1 SMTPD (dda202070335) [84.96.92.11] EHLO smtp.Neuf.fr 20070215 222435 127.0.0.1 SMTPD (dda202070335) [84.96.92.11] MAIL FROM:[EMAIL PROTECTED] 20070215 222435 127.0.0.1 SMTPD (dda202070335) [84.96.92.11] RCPT TO:[EMAIL PROTECTED] NOTIFY=FAILURE,DELAY ORCPT=rfc822;[EMAIL PROTECTED] 20070215 222437 127.0.0.1 SMTPD (dda202070335) [84.96.92.11] F:\Imail\spool\Ddda202070335.SMD 36608 20070215 222437 127.0.0.1 SMTPD (dda202070335) performing antispam checks 20070215 222458 127.0.0.1 SMTP (dda202070335) processing F:\Imail\spool\qdda202070335.smd 20070215 222459 127.0.0.1 SMTP (dda202070335) forwarded message to [EMAIL PROTECTED] using new file: ddba0968e973 20070215 222459 127.0.0.1 SMTP (dda202070335) finished F:\Imail\spool\qdda202070335.smd status=1 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
What vulnerability in 2006.1 are you referring to? AFAIK, there is none. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 9:44 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll it out quickly. - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, February 12, 2007 12:28 PM Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 It would be nice to know. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, February 12, 2007 11:05 AM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 We have not tested against IMail 2006.2 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
AFAIK, there is no change in the SMTP service in IMail 2006.2 compared to IMail 2006.1, so there will be no problem running any version of Declude on 2006.2 that runs on 2006.1. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan Sent: Monday, February 12, 2007 9:03 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Has anyone tested declude (latest version) with imail 2006.2 (it is available from the ipswitch preview forum and is scheduled for release on March 6)? Any issues? I emailed Declude support to ask if it had been tested but didn't get a response. Thanks. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
Interesting. I guess those were not previously publicly disclosed. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 11:43 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2 From the release notes - Addressed the following security vulnerabilities (identified by iDefense Labs): [IDEF2159] IMailServer.WebConnect Buffer Overflow Vulnerability [IDEF2160] IMail Server 2006 IMailLDAPService.Sync3 Heap Overflow Vulnerability [IDEF2161] IMail Server 2006 IMailLDAPService.Init3 Heap Overflow Vulnerability [IDEF2162] IMail Server 2006 IMailServer.Connect Buffer [IDEF2163] IMail Server 2006 IMailUserCollection.SetReplyTo Buffer Overflow Vulnerability Remote exploitation of an ActiveX control buffer overflow vulnerability in IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. To exploit this issue, a user would have to visit a malicious website from a computer with IMail Server installed on it.The vulnerable component is also likely installed with any IPSwitch product that includes the IMail Server. This includes products such as its Collaboration Suite packages. - Original Message - From: John T (lists) [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, February 12, 2007 2:16 PM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2 What vulnerability in 2006.1 are you referring to? AFAIK, there is none. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 9:44 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll it out quickly. - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, February 12, 2007 12:28 PM Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 It would be nice to know. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, February 12, 2007 11:05 AM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 We have not tested against IMail 2006.2 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole
Well, might be news to you but Imail has the same problem. There was discussion about this on the Imail list awhile back and IIRC Kevin said it is now on the list of features to be added. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Jaworski Sent: Wednesday, February 07, 2007 6:30 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SmarterMail Admins - Relay Hole We have been using Declude, Sniffer and invURIBL for years now with great success. But yesterday we got bit by a phish attack through SmarterMail. They used SMPT authentication to bypass all the time and money we spent on defenses against the bad guys. The root of the problem: SmarterMail is lacking simple password rules. For more of the story see: http://forums.smartertools.com/forums/27627/ShowThread.aspx#27627 Michael --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
Since you are using Declude, start using Hijack NOW! That is for starters. Review the logs to see where the IP is and block that IP. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 2:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
Going aGoogling found that the Intel LANDesk uses a file called ssm.exe and there are a couple of programs listed as monitors using it, so be careful before just deleting that file. Exactly where was the file? Since Howard is running IMail 8.15 this means that his server has been compromised ala the SMTP vulnerability that is fixed only in 8.22 (patched) and 9.1. So, it is not a virus that would be found by F-prot or Symantec, but a server hijack or comprise. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 3:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Hijack with latest Declude 4.2.23 Imail
Deccon.exe is a Declude file no longer used. You restart the DecludeProc.exe. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Wiegers Sent: Monday, February 05, 2007 8:25 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Hijack with latest Declude 4.2.23 Imail I couldn't find this information. I just upgraded to the latest Declude from 1.82 and I use to have to restart IMail deccon.exe to reset Hijack and I did find it's not used in this version. How do I now reset the counter for Hijack. Thanks, Mike --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Slipping through Declude
What version of Declude? Is that the entire message? Have you reviewed the IMail SMTP log for the message, and check of a queue run just happened to fire at that time? John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Saturday, February 03, 2007 1:09 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Slipping through Declude It has been rare, although not uncommon, that from time to time I will see emails slip through and not scanned by Declude, however, today I have gotten 5 in a row carrying the same, or similar, body information and no insertion of X-tags. I have attached a header that illustrates this. Is anyone else seeing this same type of email come through your system unscanned? I have sent this off to Declude Support for further looks. -Keith --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Specific filter for individual users
Correct. Now, some advice. I have created a script I use when ever I make changes to tests including adding or removing. This script then updates the Global.cfg file and the $default$.junkmail file as well as any other .junkmail files that are per user or per domain. If you are going to use per domain or per user .junkmail files, you may want to consider this so they do not get forgotten. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Wednesday, January 24, 2007 10:07 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Specific filter for individual users Just to be sure, I don't have to add a path that points to the xyz.com subfolder I added in the Declude folder. All I did was create the subfolder xyz.com, then copied the junkmail file and changed the name to customer.default.junkmail. Then I lowered the weights for these individual customers. Does this sound correct? Thank you, Kelly -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kelly Scotto Sent: Tuesday, January 23, 2007 4:38 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Specific filter for individual users Thank you Gary -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Tuesday, January 23, 2007 3:41 PM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Specific filter for individual users What you will have to do is set up a $default$.junkmail file for each user that wants a unique configuration. Check out http://manuals.declude.com/ProcOnlineHelp/JunkMail_4.0.8_Per-User_Configurat ion.htm Original Message From: Kelly Scotto [EMAIL PROTECTED] Sent: Tuesday, January 23, 2007 1:04 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Specific filter for individual users Can someone show an example of how to create individual filters for different users. I have a few customers who would like stronger filtering, for instance I delete at a weight of 8. For some users I would like to delete at 6. Kelly Scotto Assistant Network Administrator Speedee Cash Management 850-682-0475 ext. 1801 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows 2003 X64 Operating System
There is some one on the Imail Forum that was complaining about lack of support in Imail for x64. You may want to do a search on that to review it. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Tuesday, January 16, 2007 8:35 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Windows 2003 X64 Operating System We are looking at replacing our current Imail server. I am looking at the choice of the Windows 2003 x64 platform and I am wondering if anyone on this list is running Imail/Declude/Sniffer on that platform? If so have you encountered any problems due to the 64bit architecture? Thank you, Justin --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] roconner -can he be stopped???
There was a major problem caused by roconner on the Declude Virus list today. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Sudowski - Handy Networks LLC Sent: Thursday, January 04, 2007 10:22 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] roconner -can he be stopped??? ? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Thursday, January 04, 2007 4:30 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] roconner -can he be stopped??? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W., Kitchener, ON,N2M 1L2 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Valid Senders - Best Declude Practices
Does SmarterMail allow you to create aliases for a domain, such as [EMAIL PROTECTED] is an alias for [EMAIL PROTECTED] John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Cummins Sent: Thursday, December 28, 2006 1:44 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Valid Senders - Best Declude Practices OK. I have a box that I use as an incoming relay for about 30 or so Exchange servers that all live out in the wild. I run Smarter Mail, Declude, Message Sniffer, INVURIBL, F-Prot and all kinds of good stuff before I pass it along to the Exchange server with SmarterMail domain forwarding. I am getting my ass kicked by volume because the mail server accepts any address and forwards it along; most of which of course are addresses that don't exist. I'm building a gateway box in the near future, which will help keep the incoming fluff down a bit, I'm sure, but what I really need to do is to implement some kind of valid recipient list. I doubt that I'll be able to LDAP all over God's green earth with any kind of reliability or speed. Since the gateway won't be implemented for a few weeks, I'm been playing with things to get ready for it, namely, how to get valid sender lists from such a disparate group of Exchange servers. So. I patched together this VBscript that exports a list of exchange addresses using LDAP into a text file. It runs as a WinCron job. I created a batch file that uploads it to one of my Cold Fusion servers. That runs as a WinCron job, too. I wrote a Cold Fusion script that looks for these silly text files every so many minutes and then parses the crappy, cluttered thing into a nice clean CSV for me, and now I can do anything I want with it. I imagine that someday I'll use it in conjunction with the gateway, but hey, I have this information right now. What would be the best way to use this information with Declude? Ideally, it should be implemented on a per domain basis, in case I can't get some Exchange servers to play nice with me. Eventually I suppose it will be mandatory, I'm sure, but not right now when I am coming up with best practices, eh? So do I set up each text file for each domain as a separate filter? And then only use it in the applicable per domain junkmail file? Is that the best way to do it? Or am I making Declude work too hard? I would really love any suggestions you might have. Thanks! -- Michael Cummins --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Upgraded to Security Suite - Whitelist stopped working.
You said it is being skipped. What does the junkmail log say? John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of S.J.Stanaitis Sent: Friday, December 22, 2006 5:59 AM To: declude.junkmail@declude.com Cc: 'Linda Pagillo' Subject: [Declude.JunkMail] Upgraded to Security Suite - Whitelist stopped working. When I previously ran the 3.x version of Declude Junkmail, I used an external file for my white-list. I transferred it over to the new Security Suite but haven't had any luck, it just gets skipped and whitelisted addresses get tested like any other. In my Global.cfg file I have the line: WHITELISTFILE D:\Imail\Declude\filters\whitelist.txt In that file I have a few domains but mainly email addresses listed: [EMAIL PROTECTED] [EMAIL PROTECTED] etc... I'd check the docs but... :) Any suggestions? Thanks, Sam SJ.Stanaitis - Network Administrator Decorative Product Source E-commerce Network (877)-650-8054 x160 [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Solution for tooo much junkmail?
I'd like to be more proactive and go on an education crusade to provide folks with the knowledge of how to detect if their systems are infected and what to do about it, but I have no idea of what to look for or what software to use to fix it. You're going to educate: 1. Little ole' Mrs. Smith who only uses her computer to view pictures of her grandkids and to get email. 2. Tom the all-league quarter back football star who only does research for football scholarships. Well yeah also to chat with his friends. And do keep up on the latest tunes. 3. The geek up the street who listens to Leo Laporte and chats about how so many people are on the Internet and don't have a clue about which MB is the best for the hot on-line games and how they waste so much money on things like AV and firewalls. 4. Mrs. Jones who searches for new recopies about fried dumplings and to get the latest entertainment world gossip. 5. The small business owner who gets email and his website as part of the $35 per month DSL package at the shop but his workers don't go on the Internet so there is nothing to worry about. More power to ya. Anyone with some leads on finding the ultimate sources that's creating all these zombies?? And if you could then what? Unless you want to be a vigilante the government (politicians, courts, lawyers, no wait not lawyers they stick up for them) will just shake their finger at them and say No No No you must be good boys and girls) Remember people, if the battle against spam and viruses was that easy, the war would be over by now. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WAY OT: Registry Repair
ERD Commander will let you edit the registry directly as well. However, their licensing scheme now makes use of their more recent versions prohibitive. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, December 19, 2006 12:09 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] WAY OT: Registry Repair Hmm, I've no faith that regedit will report a permissions problem as such and not as a generic error. I noted that you said in your first post that you also tried to rename/delete the parent tree but you get an error when it gets to the Run key. Did you use the Advanced button at the level: In order to take Ownership, and apply to the children, so that you certainly have privileges? Have you tried to remove the key this way: reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /f Have you tried it as SYSTEM by closing all copies of regedit and doing this from the console session (in case you're using RDP): at 9:00AM /interactive c:\windows\regedit.exe to get a copy of regedit.exe running as the SYSTEM account? Beyond that, um, no, I've never heard of a 3rd party tool that can edit the registry file directly. If you boot from an install CD, you can choose the first Repair option to repair the various hives, but whether that does a check and correct to really fix a corrupt file, I don't know. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, December 18, 2006 9:48 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] WAY OT: Registry Repair Yes, if it was that easy. Initially I had also figured it was just a permission problem. Eventually, I looked closer and realized that I never do get any message that seems to imply permission problems - the message is always that the key cannot be opened. Even trying to acess the Permissions gives me the open error - NO chance to perform any permission functions. When I access the permissions of the parent key and try to reset the child permissions (or just Child ownership) - I get an error when indicating that it can't do so for Run. - Original Message - From: Colbeck, Andrew mailto:[EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, December 18, 2006 06:33 PM Subject: RE: [Declude.JunkMail] WAY OT: Registry Repair Andy, five will get you ten that it is the permissions that are mangled, not the key itself. Run RegEdit.exe and right-click on the Run key, then choose Permissions. Go into the Advanced button and choose to Inherit from parent... and the permissions should get fixed up. You should see: AllowUsers (local machine name) Read AllowPower Users (local machine name)Special AllowAdministrators (local machine name) Full Control AllowSYSTEM Full Control AllowCREATOR OWNER Full Control Aside from administrative error, the only times I've seen the permissions modified on this part of the registry is if the bad guys are trying to retain control of a 'bot. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, December 18, 2006 3:01 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] WAY OT: Registry Repair Hi, noticed today that HKLM\Software\Microsoft\Windows\CurrentVersion\Run no longer opens (while logged on as the workstation's admin). I can export the parent key - which will contain everything EXCEPT the run key. But, then I can neither delete or rename the run key. Renaming/deleting the parent will appear to work at first - until it reaches the Run subkey - then it will again report that it cannot access that key. So - I am suspecting that the Run key is corrupt. It can't be read, edited, deleted or renamed. I looked at some registry repair tools, but they all seem to be Registry Optimizing tools in disguise that fix logical problems in the registry (registries with too much or supposedly bad information). Does anyone know of a tool (for XP) that will allow me to eliminate this bad key from the registry index somehow so that I can just reimport the rest of the parent key? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
RE: [Declude.JunkMail] WAY OT: Registry Repair
Did you try right clicking on it and going into permissions? How about restarting in Safe Mode and then accessing it? John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, December 18, 2006 3:01 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] WAY OT: Registry Repair Hi, noticed today that HKLM\Software\Microsoft\Windows\CurrentVersion\Run no longer opens (while logged on as the workstation's admin). I can export the parent key - which will contain everything EXCEPT the run key. But, then I can neither delete or rename the run key. Renaming/deleting the parent will appear to work at first - until it reaches the Run subkey - then it will again report that it cannot access that key. So - I am suspecting that the Run key is corrupt. It can't be read, edited, deleted or renamed. I looked at some registry repair tools, but they all seem to be Registry Optimizing tools in disguise that fix logical problems in the registry (registries with too much or supposedly bad information). Does anyone know of a tool (for XP) that will allow me to eliminate this bad key from the registry index somehow so that I can just reimport the rest of the parent key? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interesting ORF stats
Now, to be fair, I am only using ORF for very simple blocking and I am only using the following list of tests, so comparing my ORF stats with Alligate is not appropriate: Malformed HELO HELO matches recipient domain Valid REVDNS Sender blacklist, either domain or email address Attachment blocking policy Valid recipient F-Prot scanning John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Sudowski - Handy Networks LLC Sent: Friday, December 15, 2006 9:48 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Interesting ORF stats Ditto! 95%+ with Alligate. -Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Friday, December 15, 2006 9:42 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Interesting ORF stats Hi John, John T (Lists) wrote: I have 3 gateway servers running IIS with ORF. These are my MX records for all my domains. ORF has identified and blocked 71% of incoming email on my primary gateway. ORF has identified and blocked 81% of incoming email on my secondary gateway. I see the secondaries get more traffic as well - although I am not sure its deliberate or its the zombies do not know better - [Regretfully I have abandoned ORF for the Alligate gateway. I am in the high nineties 96%+ with Brian's product...] -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Message Storage
The Imail CopyAll account will work, along with Imail Rules on that account. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Thursday, December 14, 2006 10:26 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] OT: Message Storage Does anybody know of a product (that doesn't cost a arm, and three legs) that will archive all email for a specific domain for x number of years? Imail CopyAll Will not work.. No way to orginize all the email, and I don't want to archive the spam... --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Interesting Discussions
Please, no one take this the wrong way, it is only meant in fun: I actually miss the twice annual entertaining discussions on the Imail forum between Scott and Len with Sandy added for spice. Popcorn anyone? ;-) John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Interesting ORF stats
I have 3 gateway servers running IIS with ORF. These are my MX records for all my domains. ORF has identified and blocked 71% of incoming email on my primary gateway. ORF has identified and blocked 81% of incoming email on my secondary gateway. (Interesting in that my primary and secondary carry the same value in their MX records although my primary handles all outgoing as well.) ORF has identified and blocked 94% of incoming email to my third gateway, which has a lower value and is on a slow IDSL line. Goes to prove spammers are still trying the lowest priority MX record to get around spam filters. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] testfailed in filters
Weight tests are last. What are you trying to do? Maybe something like this? MINWEIGHTTOFAIL 10 TESTSFAILED END CONTAINS TESTA John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Friday, December 08, 2006 11:19 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] testfailed in filters Hi all I am trying to write a filter file so it fails if: Messgae did not fail TESTA WEIGHT 10 I tried TESTSFAILED END CONTAINS TESTA TESTSFAILED 0 CONTAINS WEIGHT10 The above did not work I assume all Weight tests are added to TESTFAILED after all other test are processed? even if the filter line is after Weight10 in global.cfg. Am i correct ? and, how to achieve what i am trying to do ? TIA --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] testfailed in filters
I've requested a SKIPIFMINWEIGHT addition to filters, but no luck getting that added. I would think the code to add it would be extremely similiar to add since the SKIPIFWEIGHT for a max weight already exists. Sounds like you just flip that to a ... Scott, I do not see any difference in SKIPIFMINWEIGHT and SKIPIFWEIGHT. Please explain. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] testfailed in filters
the manual says that MINWEIGHTTOFAIL is the total weight attributed by the filter I need the weight ON STARTING the filter OOPS, your right. Forgot that. What I want, is a test of messages that did NOT fail TestA, but do have a TOTAL weight 10 To do what, run the filter or cause a failure? If it is to cause a test failure, that is then like saying if you are bad then you are really bad it kind of goes against the premise of what the foundation of the weighting system is. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] testfailed in filters
SKIPIFWEIGHT 100 would skip for weight over 100 SKIPIFMINWEIGHT 0 would skip for weight under 0. So actually, to be self explainitory, you would want: SKIPIFNOTWEIGHT 0 John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] testfailed in filters
Not really, my goal is doing some analysis on TESTA (see why high weight messages did not fail testA) , using an action on Filter2 (copy or route), not to add weight AH, now see, if you had answered my question that I posted 9 hours ago... Now that we know the WHY... Using Declude in that manner is IMHO a really poor way of using up CPU resources. You would be a lot better off to view this as a job for log analysis. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filter format question
I am trying to come up with a filter that will check to see if a HELO only contains a TLD and a domain but not a host or child domain. Example of HELO: Domain.com trigger 1.domain.comnot triggered 1.ustrigger 1.1.us trigger Basically, I want to test if the HELO contains more than one dot or period. Either that or feature request for a Declude Junkmail test type of helovalid2 where it checks to see if the HELO contains at least 2 dot or periods. (I believe helovalid checks to see if there is a least one dot or period.) John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Undocumented Directive 4.x
I used to know what sleep is. But a couple years ago Scott convinced me it is a four letter word so I stopped getting so much, keeping it to a bare minimum. Hey wait a minute, isn't he getting more of that four letter word now? John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, December 04, 2006 7:53 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Undocumented Directive 4.x That ones broken, no matter what you do you cannot get it to work. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, December 04, 2006 9:04 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Undocumented Directive 4.x NICKGOBACKTOSLEEPON :) Nick Hayer wrote: Any other undocumented's that you can share? :) -Nick David Barker wrote: Just an FYI you may find it useful, in the global.cfg: BLKLSTON Writes a text file to the \spool\blklst.txt containing the IP and weight of emails eg. 1.1.1.123 2.2.2.27 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Deborah campaign changed
FYI, from day one on Sunday, I was seeing subject lines with at least 6 different first names before wrote: so AFAIK there is no such thing as a Debora spam campaign, I have called it the wrote: campaign which Sniffer has been catching since Sunday night. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, November 30, 2006 8:41 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Deborah campaign changed I noticed the Debora spam campaign has changed in the past couple of days. Looks like it's no longer coming from addresses that start with debora. However, subject is still ending with wrote:. Body filtering may be desirable as well since most, if not all, of it is stock spam with filterable text. Has there been any progress at Declude regarding leading and trailing spaces in filter text? Last I had heard this was still something being added. Darin. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How Accurate is Sniffer?
Make sure you forward all false positives to them for review. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, November 30, 2006 9:16 PM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] How Accurate is Sniffer? You might want to run it for a little while to see what results you get. I've gotten a lot of false positives with Sniffer. Gary Original Message From: David Dodell [EMAIL PROTECTED] Sent: Thursday, November 30, 2006 10:41 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] How Accurate is Sniffer? I'm doing my 30 day trial of Message Sniffer .. at the moment it is 5 points out of 10 needed to mark something as spam. How accurate is Sniffer?Something that I can raise my weight on? David --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT?
Nope, never was that way. You want to use MAXWEIGHT for that. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Friday, November 17, 2006 7:57 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Importance: High me too. I thought the purpose of the end function was so that if the email reaches a certain weight, like 50, declude drops any further tests, thus saving precious CPU. Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com http://www.123marbella.com/ E : [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 4:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Importance: High Wow - really? When was that changed? I know that the filter test itself did not show as failed, but the WEIGHT always carried over! Take a look at Scott's reply when this feature was implemented and the weight-result of the END was being discussed: http://www.mail-archive.com/declude.junkmail@declude.com/msg14009.html [1] the E-mail will stop processing, [2] the test will *not* fail (this may change -- I'm not sure why it was set up that way), and [3] the weight will be exactly what it should have been when END was reached. And it's only logical. If you WANTED a filter to return 0, then you would simply place the 'END' lines at the BEGINNING of the Filter! If you place the 'END' line behind other lines that accumulated weight, then it clearly is the intention that the weights be COUNTED and that only any FURTHER weights not be added! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, November 17, 2006 10:06 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? The END function means END the filter and do not add any of the points for that filter. If the END condition is met it is as if the filter never ran. David B www.declude.com _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 10:00 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Hi, Can anyone confirm that the 'END' statement is functioning properly. I've been noticing/suspecting that certain test combinations had much too little weights and I finally have time to debug that. This is the entry in the GLOBAL.CFG CONTENT filter D:\IMail\Declude\CONTENTfilter.txt x 0 0 Means - the filter itself has a weight of 0 - all weights would be assigned IN the filter Here CONTENTfilter.txt: SKIPIFWEIGHT 20 MAXWEIGHT 9 TESTSFAILED 7 CONTAINS SNIFFER TESTSFAILED 1 CONTAINS SNIFFER-SCAMS TESTSFAILED 1 CONTAINS SNIFFER-PORN TESTSFAILED 2 CONTAINS SNIFFER-MALWARE TESTSFAILED 1 CONTAINS SNIFFER-OBFUSC TESTSFAILED -2 CONTAINS SNIFFER-IP TESTSFAILED 4 CONTAINS INV-URIBL-WT1 TESTSFAILED 5 CONTAINS INV-URIBL-WT2 TESTSFAILED 6 CONTAINS INV-URIBL-WT3 TESTSFAILED 7 CONTAINS INV-URIBL-WT4 TESTSFAILED END CONTAINS SPAMCOP TESTSFAILED END CONTAINS NJABLSOURCES TESTSFAILED END CONTAINS AHBLSOURCES TESTSFAILED END CONTAINS AHBLPSSL TESTSFAILED END CONTAINS SORBS-SPAM TESTSFAILED END CONTAINS SENDERDB-BLOCK TESTSFAILED END CONTAINS SBL TESTSFAILED 2 CONTAINS SNIFFER-IP As far as I can tell, the Filter works fine as long as there is only SNIFFER and/or URIBL and will return the proper weights around 7 through 9. However, if it hits the END statement is appears as if it always returns ZERO. In other words, it loses the weight that had been accumulated up to that point. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT?
END still works the way Scott intended it to work, ENDs the filter at that point with no fail. No need to add STOP. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, November 17, 2006 7:53 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Andy, The post says it's actually set up right now so that: [1] the E-mail will stop processing, [2] the test will *not* fail (this may change -- I'm not sure why it was set up that way), and [3] the weight will be exactly what it should have been when END was reached. Which means that Scott may have changed it, checking the release notes for 1.77 JM ADD filter test type now can have END in place of the weight (any match will 'turn off' test) We certainly have not changed the code. I have added the STOP suggestion to our wishlist David From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 10:42 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Importance: High Wow - really? When was that changed? I know that the filter test itself did not show as failed, but the WEIGHT always carried over! Take a look at Scott's reply when this feature was implemented and the weight-result of the END was being discussed: http://www.mail-archive.com/declude.junkmail@declude.com/msg14009.html [1] the E-mail will stop processing, [2] the test will *not* fail (this may change -- I'm not sure why it was set up that way), and [3] the weight will be exactly what it should have been when END was reached. And it's only logical. If you WANTED a filter to return 0, then you would simply place the 'END' lines at the BEGINNING of the Filter! If you place the 'END' line behind other lines that accumulated weight, then it clearly is the intention that the weights be COUNTED and that only any FURTHER weights not be added! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, November 17, 2006 10:06 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? The END function means END the filter and do not add any of the points for that filter. If the END condition is met it is as if the filter never ran. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 10:00 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Hi, Can anyone confirm that the 'END' statement is functioning properly. I've been noticing/suspecting that certain test combinations had much too little weights and I finally have time to debug that. This is the entry in the GLOBAL.CFG CONTENT filter D:\IMail\Declude\CONTENTfilter.txt x 0 0 Means - the filter itself has a weight of 0 - all weights would be assigned IN the filter Here CONTENTfilter.txt: SKIPIFWEIGHT 20 MAXWEIGHT 9 TESTSFAILED 7 CONTAINS SNIFFER TESTSFAILED 1 CONTAINS SNIFFER-SCAMS TESTSFAILED 1 CONTAINS SNIFFER-PORN TESTSFAILED 2 CONTAINS SNIFFER-MALWARE TESTSFAILED 1 CONTAINS SNIFFER-OBFUSC TESTSFAILED -2 CONTAINS SNIFFER-IP TESTSFAILED 4 CONTAINS INV-URIBL-WT1 TESTSFAILED 5 CONTAINS INV-URIBL-WT2 TESTSFAILED 6 CONTAINS INV-URIBL-WT3 TESTSFAILED 7 CONTAINS INV-URIBL-WT4 TESTSFAILED END CONTAINS SPAMCOP TESTSFAILED END CONTAINS NJABLSOURCES TESTSFAILED END CONTAINS AHBLSOURCES TESTSFAILED END CONTAINS AHBLPSSL TESTSFAILED END CONTAINS SORBS-SPAM TESTSFAILED END CONTAINS SENDERDB-BLOCK TESTSFAILED END CONTAINS SBL TESTSFAILED 2 CONTAINS SNIFFER-IP As far as I can tell, the Filter works fine as long as there is only SNIFFER and/or URIBL and will return the proper weights around 7 through 9. However, if it hits the END statement is appears as if it always returns ZERO. In other words, it loses the weight that had been accumulated up to that point. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT?
Was never changed. Look at the directives. END means end the filter. What you should have been using is MAXWEIGHT at the top, or STOPATFIRSTHIT. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 7:42 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Importance: High Wow - really? When was that changed? I know that the filter test itself did not show as failed, but the WEIGHT always carried over! Take a look at Scott's reply when this feature was implemented and the weight-result of the END was being discussed: http://www.mail-archive.com/declude.junkmail@declude.com/msg14009.html [1] the E-mail will stop processing, [2] the test will *not* fail (this may change -- I'm not sure why it was set up that way), and [3] the weight will be exactly what it should have been when END was reached. And it's only logical. If you WANTED a filter to return 0, then you would simply place the 'END' lines at the BEGINNING of the Filter! If you place the 'END' line behind other lines that accumulated weight, then it clearly is the intention that the weights be COUNTED and that only any FURTHER weights not be added! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, November 17, 2006 10:06 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? The END function means END the filter and do not add any of the points for that filter. If the END condition is met it is as if the filter never ran. David B www.declude.com _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 10:00 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Hi, Can anyone confirm that the 'END' statement is functioning properly. I've been noticing/suspecting that certain test combinations had much too little weights and I finally have time to debug that. This is the entry in the GLOBAL.CFG CONTENT filter D:\IMail\Declude\CONTENTfilter.txt x 0 0 Means - the filter itself has a weight of 0 - all weights would be assigned IN the filter Here CONTENTfilter.txt: SKIPIFWEIGHT 20 MAXWEIGHT 9 TESTSFAILED 7 CONTAINS SNIFFER TESTSFAILED 1 CONTAINS SNIFFER-SCAMS TESTSFAILED 1 CONTAINS SNIFFER-PORN TESTSFAILED 2 CONTAINS SNIFFER-MALWARE TESTSFAILED 1 CONTAINS SNIFFER-OBFUSC TESTSFAILED -2 CONTAINS SNIFFER-IP TESTSFAILED 4 CONTAINS INV-URIBL-WT1 TESTSFAILED 5 CONTAINS INV-URIBL-WT2 TESTSFAILED 6 CONTAINS INV-URIBL-WT3 TESTSFAILED 7 CONTAINS INV-URIBL-WT4 TESTSFAILED END CONTAINS SPAMCOP TESTSFAILED END CONTAINS NJABLSOURCES TESTSFAILED END CONTAINS AHBLSOURCES TESTSFAILED END CONTAINS AHBLPSSL TESTSFAILED END CONTAINS SORBS-SPAM TESTSFAILED END CONTAINS SENDERDB-BLOCK TESTSFAILED END CONTAINS SBL TESTSFAILED 2 CONTAINS SNIFFER-IP As far as I can tell, the Filter works fine as long as there is only SNIFFER and/or URIBL and will return the proper weights around 7 through 9. However, if it hits the END statement is appears as if it always returns ZERO. In other words, it loses the weight that had been accumulated up to that point. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT?
That link only shows that Scott was thinking of changing it from 0 weight to a fail which would have added the weight. That explains his point 3 in that what ever the weight of the message was before the test will remain. Remember, to add weight, the test must FAIL. He stated it did not FAIL and therefore weight was never added. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 9:29 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Hi John, Was never changed. Please read the URL I posted: http://www.mail-archive.com/declude.junkmail@declude.com/msg14009.html As you can tell, ORIGINALLY it did return the weight. He was thinking of it even FAILING the test (if there was a weight). What you should have been using is MAXWEIGHT at the top, or STOPATFIRSTHIT. Kindly, please read the sample I had posted (bottom of this message). Your reply doesn't address the issue of trying to make some sections of a test conditional. Example, the goal is to return either 1 or 2 or 3 if test1 or test2 occur with test3 - and to only add test4 and test5, if test3 is not true. SKIPIFWEIGHT 20 MAXWEIGHT 3 TESTSFAILED 1 CONTAINS test1 TESTSFAILED 1 CONTAINS test2 TESTSFAILED END CONTAINS test3 TESTSFAILED 1 CONTAINS test4 TESTSFAILED 1 CONTAINS test5 etc etc Please demonstrate how MAXWEIGHT or STOPATFIRSTHIT would do this in a single filter? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, November 17, 2006 11:34 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Was never changed. Look at the directives. END means end the filter. What you should have been using is MAXWEIGHT at the top, or STOPATFIRSTHIT. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 7:42 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Importance: High Wow - really? When was that changed? I know that the filter test itself did not show as failed, but the WEIGHT always carried over! Take a look at Scott's reply when this feature was implemented and the weight-result of the END was being discussed: http://www.mail-archive.com/declude.junkmail@declude.com/msg14009.html [1] the E-mail will stop processing, [2] the test will *not* fail (this may change -- I'm not sure why it was set up that way), and [3] the weight will be exactly what it should have been when END was reached. And it's only logical. If you WANTED a filter to return 0, then you would simply place the 'END' lines at the BEGINNING of the Filter! If you place the 'END' line behind other lines that accumulated weight, then it clearly is the intention that the weights be COUNTED and that only any FURTHER weights not be added! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, November 17, 2006 10:06 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? The END function means END the filter and do not add any of the points for that filter. If the END condition is met it is as if the filter never ran. David B www.declude.com _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 10:00 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Hi, Can anyone confirm that the 'END' statement is functioning properly. I've been noticing/suspecting that certain test combinations had much too little weights and I finally have time to debug that. This is the entry in the GLOBAL.CFG CONTENT filter D:\IMail\Declude\CONTENTfilter.txt x 0 0 Means - the filter itself has a weight of 0 - all weights would be assigned IN the filter Here CONTENTfilter.txt: SKIPIFWEIGHT 20 MAXWEIGHT 9 TESTSFAILED 7 CONTAINS SNIFFER TESTSFAILED 1 CONTAINS SNIFFER-SCAMS TESTSFAILED 1 CONTAINS SNIFFER-PORN TESTSFAILED 2 CONTAINS SNIFFER-MALWARE TESTSFAILED 1 CONTAINS SNIFFER-OBFUSC TESTSFAILED -2 CONTAINS SNIFFER-IP TESTSFAILED 4 CONTAINS INV-URIBL-WT1 TESTSFAILED 5 CONTAINS INV-URIBL-WT2 TESTSFAILED
RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT?
Any filter that I do not have as active is moved to \declude\filters\notused from \declude\filtes so that my filters folder only contains filters that I am currently using. In your example, you are putting the IF statement after the THEN statement. I am not a programmer, but IF (the test of what you want to be quantified) always comes before THEN (the result you want to occur depending upon whether the test of the quantification failed or passed, meaning did it meat the criteria which is the defined IF statement), so the first part of your example does not make any sense. You only want weight added if test3 failed, so you have to quantify that FIRST and then say what occurs by adding weight. So, you have to have to filters since both sections rely upon testing IF test3 has failed or not. What is the logic of the second part anyways, to add weight for test4 and test5 IF test1 and test2 failed? John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 10:48 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Why the requirement of single filter? Clarity? It's easier for me to follow a logic, if it's enclosed in a SINGLE source document (= filter). If the logical is spread over multiple source documents, I have to first scour the Global.CFG to see which filters are active, then inspect each one to see if by chance any one of them might have any effect. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, November 17, 2006 12:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Why the requirement of single filter? I have different combo filters created like this: ComboFilterA REM If testa and testb fail, and if testc or testd fail, add 10 ENDONFIRSTHIT TESTSFAILED END NOTCONTAINS testa TESTSFAILED END NOTCONTAINS testb TESTSFAILED 10 CONTAINS testc TESTSFAILED 10 CONTAINS testd ComboFilterB REM If testc and testd fail, and if teste or testf fail, add 20 ENDONFIRSTHIT TESTSFAILED END NOTCONTAINS testc TESTSFAILED END NOTCONTAINS testd TESTSFAILED 10 CONTAINS teste TESTSFAILED 10 CONTAINS testf IMHO, that is a much cleaner and neater way to do it. You could also use MAXWEIGHT instead of ENDONFIRSTHIT and then assign different weights to different test. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 9:29 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Hi John, Was never changed. Please read the URL I posted: http://www.mail-archive.com/declude.junkmail@declude.com/msg14009.html As you can tell, ORIGINALLY it did return the weight. He was thinking of it even FAILING the test (if there was a weight). What you should have been using is MAXWEIGHT at the top, or STOPATFIRSTHIT. Kindly, please read the sample I had posted (bottom of this message). Your reply doesn't address the issue of trying to make some sections of a test conditional. Example, the goal is to return either 1 or 2 or 3 if test1 or test2 occur with test3 - and to only add test4 and test5, if test3 is not true. SKIPIFWEIGHT 20 MAXWEIGHT 3 TESTSFAILED 1 CONTAINS test1 TESTSFAILED 1 CONTAINS test2 TESTSFAILED END CONTAINS test3 TESTSFAILED 1 CONTAINS test4 TESTSFAILED 1 CONTAINS test5 etc etc Please demonstrate how MAXWEIGHT or STOPATFIRSTHIT would do this in a single filter? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT?
OK, I understand that better but you will always be better off grouping each intent into a different combo filter. Then, you can even have a combo filter dependent upon another combo filter by why of order of list and including the name of the combo filter as an IF statement in the next one. Combo filters need to be viewed as a different type of test rather than a normal filter test. If you write down in groups want you want to do, it will be easy to then create them. Say if you want to add 12 if 4 or more rbl tests failed. You would create a combo filter like this: MINWEIGHTTOFAIL12 MAXWEIGHT12 TESTSFAILED 3CONTAINS rbl1 TESTSFAILED 3CONTAINS rbl2 TESTSFAILED 3CONTAINS rbl3 TESTSFAILED 3CONTAINS rbl4 TESTSFAILED 3CONTAINS rbl5 TESTSFAILED 3CONTAINS rbl6 TESTSFAILED 3CONTAINS rbl7 TESTSFAILED 3CONTAINS rbl8 That way, at least 4 have to hit to equal 12 before it will see this test as failing, but it will only add 12 and not more. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 2:13 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Hi John: What is the logic of the second part anyways, to add weight for test4 and test5 IF test1 and test2 failed? If you have several blacklists of the same family (e.g., multiple open-relay filters, or multiple open-proxy filters) I like to group them together. I give a big weight to the entire group (the filter itself) and then may add an increment for blacklists with few false positives (each contains clause). Simiarly with Sniffer or invURIBL. There is some overlap between those two, and there is a potential overlap between Sniffer-IP and blacklists of recent spam sources (e.g., SpamCop, MXRate-Block). I have a filter that processes my various Sniffer types and invURIBL returns. At some point, I'd like to stop and first look if certain other Blacklist Tests had fired. If so, I'm done. If not, I want to add a little extra for Sniffer-IP. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, November 17, 2006 02:41 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Any filter that I do not have as active is moved to \declude\filters\notused from \declude\filtes so that my filters folder only contains filters that I am currently using. In your example, you are putting the IF statement after the THEN statement. I am not a programmer, but IF (the test of what you want to be quantified) always comes before THEN (the result you want to occur depending upon whether the test of the quantification failed or passed, meaning did it meat the criteria which is the defined IF statement), so the first part of your example does not make any sense. You only want weight added if test3 failed, so you have to quantify that FIRST and then say what occurs by adding weight. So, you have to have to filters since both sections rely upon testing IF test3 has failed or not. What is the logic of the second part anyways, to add weight for test4 and test5 IF test1 and test2 failed? John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, November 17, 2006 10:48 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Why the requirement of single filter? Clarity? It's easier for me to follow a logic, if it's enclosed in a SINGLE source document (= filter). If the logical is spread over multiple source documents, I have to first scour the Global.CFG to see which filters are active, then inspect each one to see if by chance any one of them might have any effect. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, November 17, 2006 12:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Filter 'END' statement in 4.3.14 flushes WEIGHT? Why the requirement of single filter? I have different combo filters created like this: ComboFilterA REM If testa and testb fail, and if testc or testd fail, add 10 ENDONFIRSTHIT TESTSFAILED END NOTCONTAINS testa TESTSFAILED END NOTCONTAINS
RE: [Declude.JunkMail] AUTOREVIEW OFF
I believe it goes in the declude.cfg and any changes to the file require a restart of the Decludeproc service. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Friday, November 10, 2006 4:33 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] AUTOREVIEW OFF I have this in the declude.cfg file but I am still getting files in the review directory. I find this feature really annoying. Is this the correct command: AUTOREVIEWOFF Is this suppose to be in the declude.cfg file or global.cfg? It seems like a larger amount of those files are legit email. Thanks... --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Paid Subscription Black Lists
Message Sniffer and invURIBL are very worthwhile/ John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Anton Sent: Thursday, November 09, 2006 9:18 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Paid Subscription Black Lists Hi. Any one have any good luck with any paid subscriptions? We have been hit hard lately, and are willing to dish out some dough to get our stats back up. Please advise. Thanks! -Chris --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Re: blocking GIF attachments again ...
Yes, if you block GIF attachments in Declude Virus, if a HTML email as embedded GIFs, that email will be blocked. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Dodell Sent: Wednesday, November 08, 2006 7:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Re: blocking GIF attachments again ... -Original Message- From: Kevin Bilbee [EMAIL PROTECTED] If you are not an ISP get the commtouch ZEROHOUR addin. It will block most of the GIF attachments. The only downside I have noticed is it will also trap the chain emails that users love to send to each other. - Kevin, I can block GIF attachments with Declude Virus too. I just didn't know if there was a downside to doing this? ie does HTML mail embeed GIF's, or are they attachments too? David --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with Configuration
What I do is send those grey ones to HOLD and then use fpReview to directly view them and take appropriate action. Much faster and easier than using a mailbox. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Tuesday, November 07, 2006 11:19 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Help with Configuration Hey Everyone - We are just getting things tuned to the point where we are truly happy with the results we are seeing. What I am trying to do now is help myself monitor the close calls. I was sending everything between caught and delete to a spam mailbox so that I could check for any false positives. However, with my new success, that is getting out of hand. So what I would like to do is set up a new account to help with the overflow and allow me to really monitor the close ones. Here is my weights in my global.cfg file: WEIGHT10 WARN WEIGHT15 WARN WEIGHT19 HOLD WEIGHT32 HOLD WEIGHT60 DELETE Here is the corresponding actions that I have in my $default$.junkmail file: WEIGHT10 WARN WEIGHT15 SUBJECT **SPAM** WEIGHT19 ROUTETO [EMAIL PROTECTED] WEIGHT19a SUBJECT [%WEIGHT%] WEIGHT32 ROUTETO [EMAIL PROTECTED] WEIGHT32a SUBJECT [%WEIGHT%] WEIGHT60 DELETE My plan with the above is to send everything with a weight of 19-31 to [EMAIL PROTECTED], and everything from 32-59 to [EMAIL PROTECTED] What I am hoping to accomplish by this is to keep a closer eye on those email that might accidentally be caught. Right now, 95% of the messages are ending up in the [EMAIL PROTECTED] mailbox even if they are above the WEIGHT32 (which should then go to spam2). However, it does appear that everything over 60 is being deleted. I've checked all of the config files to make sure I have things set up right, and it does appear that way. Am I missing something, or is there something diferent that I should be doing? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Re: WEIGHT for a File Attachment
Yes, that is what the other Dave was refereeing to. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Sunday, November 05, 2006 7:25 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Re: WEIGHT for a File Attachment On Nov 5, 2006, at 3:42 PM, Dave Doherty wrote: One way, where X is the weight you wish to assign: BODYXCONTAINSContent-Type: image/gif; Be careful with this because a lot of legit emails contain GIFs. Thank you Dave ... I run with very few users so not concerned about them, and they have all been informed. Are GIF embed in HTML email, or someplace I need to be concerned? Thank you. David --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Can someone help?
Accessing the services page requires authentication to the OS since specific credentials are required to start/stop services. If you have tweaked the IIS security for the IAdmin page, this may be what is happening. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, November 02, 2006 9:34 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Can someone help? Hey guys, I know this isn't an Imail list, but i really need some help. I'm running Imail 2006.1 on Windows 2003 server SP1. I can log into my WebAdmin interface with no problem, but if i try to manage my Imail services, i get a page can't be displayed. I can click on anything else in the WebAdmin screen and it takes my to it with no problems, i just can't get to my services. I think it has something to do with IIS, but i'm lost and tired. Could someone please help me with this? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Can someone help?
To turn on auditing (which I never understand, why it's not turned on by default in Windows) - MS gives you quite a run-around: First, in the NT 4.0 days, auditing could easily use up resources and create a huge security log file depending upon the configuration of the security log file. Second, auditing can produce a lot of data, even if configured very narrowly, that one then has to wade through. - Windows Explorer - go to the root directories of each disk, properties, security, Advanced, Auditing, add the Everyone user and mark the failed checkmarks for the complete list of accesses (I personally also audit successful change permissions and take ownership). Apply this and let it propagate to all subfolders. - Local Security Policy - to to Local Policies, Audit Policies and turn on all failures. (I personally also audit successful account management and audit policy changes). Actually, what I do for my servers and for client, is in the Default domain policy (local security policy if no domain,) enable those auditing policies that are appropriate (not all are needed for normal business) AND enable both success and failure on object access. NOTE that auditing of object access is the ONLY auditing that requires 2 steps. All other auditing takes affect without further intervention. Then, only when needed, (or if by company policy they want to track changes to files in a particular folder such as say payroll data sheets) I go to the folders properties that I want to audit and enable auditing again for what is needed only. Once I am done auditing, I disable on that directory. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson (1802-1882) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] bad header mods by Declude
Hello Herb and welcome to the Declude JunkMail list. This is a known issue with spam that has improper coding in the header and has been discussed at length. Here are some links to the existing discussions: http://www.mail-archive.com/declude.junkmail@declude.com/msg30444.html http://www.mail-archive.com/declude.junkmail@declude.com/msg30003.html http://www.mail-archive.com/declude.junkmail@declude.com/msg29909.html In a nut shell, Declude (and fpReview) are expecting certain code (that must be there accourding to RFC) to tell where the headers start and end and so forth but some of that code is missing. Declude is well aware of the problem and David Barker has stated that he is raising the priority of getting this fixed. John T eServices For You Life is a succession of lessons which must be lived to be understood. Ralph Waldo Emerson -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herb Guenther Sent: Wednesday, October 25, 2006 8:02 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] bad header mods by Declude Hi All; We have been having a problem with Declude not modifying the true subject and header on many spam messages. Sniffer and a number of the other tests catch the message, but Declude is adding a header stub to the bottom of the message source, and not the real header. Since we have our system set up to pre-pend Probable SPAM: to the subject line all of these messages go right thru the email clients filters. We are running the latest version of Declude, 4.3.14 with Smartermail. I have submitted several samples and let the folks know at Declude, but have not had any feedback. When mentioning it on the message sniffer mail list others are also experiencing this as well. Have other Declude customers seen this and what information does Declude need to work on this problem? Thanks, Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] bad header mods by Declude
Gee, some one not reading posts to the list for the last week? John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herb Guenther Sent: Wednesday, October 25, 2006 8:02 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] bad header mods by Declude Hi All; We have been having a problem with Declude not modifying the true subject and header on many spam messages. Sniffer and a number of the other tests catch the message, but Declude is adding a header stub to the bottom of the message source, and not the real header. Since we have our system set up to pre-pend Probable SPAM: to the subject line all of these messages go right thru the email clients filters. We are running the latest version of Declude, 4.3.14 with Smartermail. I have submitted several samples and let the folks know at Declude, but have not had any feedback. When mentioning it on the message sniffer mail list others are also experiencing this as well. Have other Declude customers seen this and what information does Declude need to work on this problem? Thanks, Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
The Auto whitelist IMail 2006 is the issue I was referring to a few days ago in regards to wanting users that SMTP AUTH to be whitelisted. Were you were saying that this was working with 2006 and Declude 4.x? WHITELIST AUTH line in the Global.cfg is working as expected. The Auto Whitelist that I have heard is not working is the one that whitelists incoming based upon from address in the Imail contact address book. John T eServices For You Seek, and ye shall find! --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
Darin, let me put it plainly. If you put WHITELIST AUTH line in the Global.cfg file any user the sends out through your server via smtp and who authenticates to the server will be Whitelisted. In other words, SMTP AUTH whitelisting is and has been working. I have provided clear proof and others have posted like wise. The issue of AUTOWHITELIST via the Imail users contact address book is for incoming email from the internet to your users. That is what is not working. Questions? John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, October 25, 2006 8:20 AM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Ahh, so I was correct. SMTP AUTH is still an issue. That in itself is a showstopper for us to move to IMail 2006 and Declude 4.x How soon until Declude will read this and auto whitelist, David? IMail 2006 was released a year ago. The following from your list are showstoppers for us to exercise our soon to expire, and as yet unused, SA and upgrade to Declude 4.x *Line Terminator Problem *Auto whitelist Imail 2006 *Reported Memory Leaks Decludeproc crash on zero pointers *Zip vulnerability *Attach function bug (forward as attachment) *When there is a MIME header mismatch Declude assumes it is an executable *Yahoo CAL emails have header problems which cause improper blocking *Encoded attachments not correctly detected - long base64 Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 25, 2006 11:10 AM Subject: RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned IMail changed their addressbook from text files to a database in 2006 currently Declude does not read the databse. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, October 25, 2006 10:44 AM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned John T, The Auto whitelist IMail 2006 is the issue I was referring to a few days ago in regards to wanting users that SMTP AUTH to be whitelisted. Were you were saying that this was working with 2006 and Declude 4.x? Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 25, 2006 10:35 AM Subject: RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Here is a preliminary list, not all have been verified and several are currently being worked on: (Note these does not include Declude adds for new functionality) Email me if you are aware of a known issue that is not on this list. *Line Terminator Problem *Auto whitelist Imail 2006 *Reported Memory Leaks Decludeproc crash on zero pointers *Zerohour test doesn't operate as other tests *Zip vulnerability *Attach function bug (forward as attachment) *When there is a MIME header mismatch Declude assumes it is an executable *Incorrectly filtering Object Data Vulnerability for MSOffice generated emails *Attached web pages seen as .com files *Yahoo CAL emails have header problems which cause improper blocking *Encoded attachments not correctly detected - long base64 *Prewhitelist is not skipping custom filters *Whitelisting messages in lower Log levels *SmarterMail order of Domains listed in xml for aliases David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, October 23, 2006 10:35 AM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Thanks, David. We appreciate your efforts. Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, October 23, 2006 10:26 AM Subject: RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned I will see what I can do to bring together a list of known issues. Just give me some time (days) and I will get it posted. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
RE: [Declude.JunkMail] RE: Declude's To-Do List
Exactly. It needs to be either available at a reasonable price of all of us to use or it should not show up in the headers of those that are prevented from using it. Goes back to my point when it first became available: Declude wetted our appetite about ZEROHOUR and then when it became available told a big group of us NO NO NO you can't have it! NYA NYA NYA! John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 25, 2006 12:14 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] RE: Declude's To-Do List I agree, ZEROHOUR needs to fuction like all the other tests. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, October 25, 2006 2:59 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] RE: Declude's To-Do List I agree, the openness is refreshing. Also, it shouldn't be forgotten that most of these bugs existed back in the the Scott days, but for the most part weren't known to be bugs. BTW, I too would like to see that X-Declude-RefID removed when it isn't used, and maybe Declude should consider approaching this header the exact same way as all of the others it inserts; fully customizable with variables, and different for incoming and outgoing E-mail. All that would need to be done is add a %DecludeRefID% to the list and leave it at that, no packing of this header by default. Matt Andy Schmidt wrote: Hi, Thanks for posting! Openness is a great confidence builder! Seeing that problems are at least being recognized goes a long way to giving me some small flicker of hope that things at Declude might turn around yet. Now your corporate management has to prove themselves by demonstrating that they are finally serious about fulfilling the service contracts we purchased by not allowing crucial problems to remain open for yet another year. They cannot keep holding out their hands each year, if the money is not spent on the intended purpose. Fixing the Auto-Whitelist with a simple MDAC SQL query against the Imail 2006 Workgroupshare database is no rocket science. It might take a day - but not a year. PS: This is a minor issue and probably doesn't deserve to be on your list - but I never got a reply on how to suppress the empty and unwanted X-Declude-RefID: header. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 25, 2006 10:36 AM To: declude.junkmail@declude.com Subject: RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Here is a preliminary list, not all have been verified and several are currently being worked on: (Note these does not include Declude adds for new functionality) Email me if you are aware of a known issue that is not on this list. *Line Terminator Problem *Auto whitelist Imail 2006 *Reported Memory Leaks Decludeproc crash on zero pointers *Zerohour test doesn't operate as other tests *Zip vulnerability *Attach function bug (forward as attachment) *When there is a MIME header mismatch Declude assumes it is an executable *Incorrectly filtering Object Data Vulnerability for MSOffice generated emails *Attached web pages seen as .com files *Yahoo CAL emails have header problems which cause improper blocking *Encoded attachments not correctly detected - long base64 *Prewhitelist is not skipping custom filters *Whitelisting messages in lower Log levels *SmarterMail order of Domains listed in xml for aliases David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, October 23, 2006 10:35 AM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Thanks, David. We appreciate your efforts. Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, October 23, 2006 10:26 AM Subject: RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned I will see what I can do to bring together a list of known issues. Just give me some time (days) and I will get it posted. David B www.declude.com -Original Message- From:
RE: [Declude.JunkMail] RE: Declude's To-Do List
To be sure, my next post to the list is not at you. It is for your bosses. John Tolmachoff Owner, eServices For You [EMAIL PROTECTED] 626-737-6003 Fax 626-737-6004 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 25, 2006 12:14 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] RE: Declude's To-Do List I agree, ZEROHOUR needs to fuction like all the other tests. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, October 25, 2006 2:59 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] RE: Declude's To-Do List I agree, the openness is refreshing. Also, it shouldn't be forgotten that most of these bugs existed back in the the Scott days, but for the most part weren't known to be bugs. BTW, I too would like to see that X-Declude-RefID removed when it isn't used, and maybe Declude should consider approaching this header the exact same way as all of the others it inserts; fully customizable with variables, and different for incoming and outgoing E-mail. All that would need to be done is add a %DecludeRefID% to the list and leave it at that, no packing of this header by default. Matt Andy Schmidt wrote: Hi, Thanks for posting! Openness is a great confidence builder! Seeing that problems are at least being recognized goes a long way to giving me some small flicker of hope that things at Declude might turn around yet. Now your corporate management has to prove themselves by demonstrating that they are finally serious about fulfilling the service contracts we purchased by not allowing crucial problems to remain open for yet another year. They cannot keep holding out their hands each year, if the money is not spent on the intended purpose. Fixing the Auto-Whitelist with a simple MDAC SQL query against the Imail 2006 Workgroupshare database is no rocket science. It might take a day - but not a year. PS: This is a minor issue and probably doesn't deserve to be on your list - but I never got a reply on how to suppress the empty and unwanted X-Declude-RefID: header. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 25, 2006 10:36 AM To: declude.junkmail@declude.com Subject: RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Here is a preliminary list, not all have been verified and several are currently being worked on: (Note these does not include Declude adds for new functionality) Email me if you are aware of a known issue that is not on this list. *Line Terminator Problem *Auto whitelist Imail 2006 *Reported Memory Leaks Decludeproc crash on zero pointers *Zerohour test doesn't operate as other tests *Zip vulnerability *Attach function bug (forward as attachment) *When there is a MIME header mismatch Declude assumes it is an executable *Incorrectly filtering Object Data Vulnerability for MSOffice generated emails *Attached web pages seen as .com files *Yahoo CAL emails have header problems which cause improper blocking *Encoded attachments not correctly detected - long base64 *Prewhitelist is not skipping custom filters *Whitelisting messages in lower Log levels *SmarterMail order of Domains listed in xml for aliases David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, October 23, 2006 10:35 AM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Thanks, David. We appreciate your efforts. Darin. - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Monday, October 23, 2006 10:26 AM Subject: RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned I will see what I can do to bring together a list of known issues. Just give me some time (days) and I will get it posted. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, October 23, 2006 10:19 AM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and
RE: [Declude.JunkMail] bad header mods by Declude
I forgot 1 + 1 = 2. My bad. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, October 25, 2006 9:48 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] bad header mods by Declude John, FYI - Herb was not a member of this list last week. He was a member on the Sniffer list and asked a Declude question and someone recommended he join this list. Haven't you been reading the Sniffer list? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: John T (Lists) [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, October 25, 2006 11:32 AM Subject: RE: [Declude.JunkMail] bad header mods by Declude Gee, some one not reading posts to the list for the last week? John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herb Guenther Sent: Wednesday, October 25, 2006 8:02 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] bad header mods by Declude Hi All; We have been having a problem with Declude not modifying the true subject and header on many spam messages. Sniffer and a number of the other tests catch the message, but Declude is adding a header stub to the bottom of the message source, and not the real header. Since we have our system set up to pre-pend Probable SPAM: to the subject line all of these messages go right thru the email clients filters. We are running the latest version of Declude, 4.3.14 with Smartermail. I have submitted several samples and let the folks know at Declude, but have not had any feedback. When mentioning it on the message sniffer mail list others are also experiencing this as well. Have other Declude customers seen this and what information does Declude need to work on this problem? Thanks, Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: imail q files magically dissapearing
Only problem his, how do you know what the recipient email address is without parsing either the Declude or SMTP logs? Oh, BTW, no the to address in the headers is not always the email address the message is destined to. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Tuesday, October 24, 2006 12:45 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] OT: imail q files magically dissapearing Importance: High Hi Darrell, In your fpreview programme (which is pretty useful) how about making it when you return to queue, it gives an option to recreate the q file? I have made a small command line vbs script which does it but its still time consuming to enter the data one by one but cuts down the time have to create one manually. I wrote this last night very quickly becasue I have about 250 legitimate mails which are broken and have to fix them one by one. It very basic but does the job for me today. --- start script Set ArgObj = WScript.Arguments filename=ArgObj(0) Sender=ArgObj(1) Recipient=ArgObj(2) Spoolfolder=c:\imail\spool\ Qfilename=Q filename .smd Dfilename=D filename .smd Filename=Spoolfolder Qfilename '== 'write the q file first '== Set fso = CreateObject(Scripting.FileSystemObject) set fname=fso.CreateTextFile(Filename,true) Set fso=nothing Set fname=nothing '== 'now write the content of the q file '== Set fso = CreateObject(Scripting.FileSystemObject) Set fname = fso.OpenTextFile(Filename, 8, True) fname.write QC:\IMail\spool\ Dfilename vbCRLF fname.write Hmail.mail2.123marbella.com vbCRLF fname.write S Sender vbCRLF fname.write R Recipient vbCRLF Set fso=nothing Set fname=nothing set ArgObj = Nothing --end script Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 24, 2006 8:19 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] OT: imail q files magically dissapearing Craig, fpReview loads the D* file. If you are having failures in the SMTP transaction you will have broken files (i.e. the Q* file does not exist OR is prefaced with t*). I am not sure what Imail version your running but have seen others report a signifigant increase in broken connection files in 2006. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Craig Edmonds To: declude.junkmail@declude.com Sent: Monday, October 23, 2006 6:12 PM Subject: [Declude.JunkMail] OT: imail q files magically dissapearing On one of my imail servers, my spool folder is slowly filling up with D files. I am using fpreview to view the files in the spool and there are currently 180 or so emails. when i try to return to queue I get an error saying that the q file could not be found, whch isa bit strange becasue many many of the emails are local to the server. When I look in the /spool there is a not a single q file anywhere. Any ideas whats happening? Has sniffer or declude gone nuts? Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com . --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Different issue - Process flow question
1. Is it not true that when properly installed and running, that Declude handles EVERY message that passes through the mail server? Every message that (in the case of Imail) SMTPD32 service hands it. 2. There is only one GLOBAL.CFG. Correct. 3. Every message processed should attempt to run every external test. (That's why many external tests accept the current weight as a parameter so it can bail out early if the current weight meets or exceeds the external test's set bail out weight) But regardless of whether the external test decides to bail early, it should still get invoked. Isn't that correct? Correct EXCEPT AND UNLESS you have in the Global.Cfg file PREWHITELIST and set to ON. In that case, further tests are NOT run and processing is completed at that point. John T eServices For You Seek, and ye shall find! --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
But Declude let RfcNoCr.eml pass straight through without calling the virus scanners, because Declude did NOT see an attachment. Also, because Declude did not see an attachment, Declude did not ban the .EXE extension. OK, question. What happened then when that message got to your email client? John T eServices For You Seek, and ye shall find! --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] picture spam
Chris, you need to learn what your company is doing. As a hosting service provider, I am specifically prevented from using CommTouch unless I want to spend several thousand dollars using the Declude gateway product. $195 is quite acceptable if I was allowed to pay it. Sorry to burst your bubble but I am not being allowed the option to implement or not John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of chris Sent: Thursday, October 12, 2006 7:11 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] picture spam A one time cost of 195.00 is not a large portion of your revenue and it is your option to not implement this or not Chris From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Thursday, October 12, 2006 9:57 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] picture spam ...and give a large part of our revenue to Commtouch? Provide a feasible way to justify the additional costs for our existing customers and service contracts! THEN we could talk about Commtouch. BTW: even if it's hard work to maintain a reliable spam filter it's not an impossible thing. years of contribution from our own researches, creation of text filters, publication of new spam and filter signs, developement of - in declude long time and still missing - additional external tests allowed and still allows us to have reliable filters and no image spam in my inbox. The question is why Declude has become a competitor of our work from what it was some years ago: an excellent tool for us admins to do our own hard work. Looking at your pricing I can see anywhere limitations based on users. What if I have a single gatewayed domain? Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of chris Sent: Thursday, October 12, 2006 3:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] picture spam Guys, Commtouch hasnt missed any, stop making things hard on yourselves.. Chris From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, October 11, 2006 5:17 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] picture spam Sorbs-DUL and NJABL Dynablock look to be the best. Although they miss lots. 5-10's has been discontinued. - Original Message - From: Dave Marchette To: declude.junkmail@declude.com Sent: Wednesday, October 11, 2006 3:53 PM Subject: RE: [Declude.JunkMail] picture spam Thanks all for the various suggestions. Agreed- combo is the way to use that test, for sure. A bit OT, but what is the popular and accurate DUL database these days? How accurate is fiveten at DUL lookups? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Wednesday, October 11, 2006 12:49 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] picture spam I combo thegraphics hit (jpg, gif or png) with: 1. bad DNS - None or timeout 2. bad language (eastern European iso-8859-2) or Cyrillic (koi8-r or iso-8859-5), etc 3. cmdspace 4. good DUL IP lists/tests 5. having forged your local domain. I still get 5-10 a day. It is a pain. - Original Message - From: Dave Marchette To: declude.junkmail@declude.com Sent: Wednesday, October 11, 2006 12:08 PM Subject: [Declude.JunkMail] picture spam Has anyone figured out a reasonable way to use Declude to minimize picture spam? Sniffer is missing most. They are sent from fresh hosts, so RBLs dont catch them, and there is no target, so INVuribl misses them as well. Associates of ours are using Barracuda to stop most successfully, so it is at least possible. Ideas are welcomed. Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To
RE: [Declude.JunkMail] Licensing problem after upgrade
Global.cfg is still used the same way. Declude.cfg is used for program type configurations as well as license code (which are removed from the separate Global.cfg, virus.cfg, hijack.cfg files.) John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Thursday, October 12, 2006 8:26 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Licensing problem after upgrade The declude.exe is old (2005). Is this ok. What file is used and for what. Declude.cfg and Global.cfg - Original Message - From: John T (Lists) To: declude.junkmail@declude.com Sent: Wednesday, October 11, 2006 1:23 AM Subject: RE: [Declude.JunkMail] Licensing problem after upgrade The delivery app is still declude.exe. Create a new text file in you imail\declude director and call it declude.cfg. Add a line CODE -x-xx-xx- replacing the xxx-xx with your code. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, October 10, 2006 9:22 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Licensing problem after upgrade do not have a declude.cfg. What should be in it and where should it go. Do i just rename my global.cfg What about this. Also the IMAIL Delivery Application is still set to Declude.exe is this correct. Should it change to the Decludeprocess.exe - Original Message - From: Jeff Frantz To: declude.junkmail@declude.com Sent: Tuesday, October 10, 2006 11:52 PM Subject: RE: [Declude.JunkMail] Licensing problem after upgrade Fred, Your license code should go in the declude.cfg file. -Jeff From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, October 10, 2006 10:59 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Licensing problem after upgrade I just upgraded from 3.x to the current version. Nothing will run. All I see in the diags.txt is FATAL ERROR: Product license key not in configuration INVALID KEY Where do I put the update Key? Thanks. Fred --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Licensing problem after upgrade
The delivery app is still declude.exe. Create a new text file in you imail\declude director and call it declude.cfg. Add a line CODE -x-xx-xx- replacing the xxx-xx with your code. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, October 10, 2006 9:22 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Licensing problem after upgrade do not have a declude.cfg. What should be in it and where should it go. Do i just rename my global.cfg What about this. Also the IMAIL Delivery Application is still set to Declude.exe is this correct. Should it change to the Decludeprocess.exe - Original Message - From: Jeff Frantz To: declude.junkmail@declude.com Sent: Tuesday, October 10, 2006 11:52 PM Subject: RE: [Declude.JunkMail] Licensing problem after upgrade Fred, Your license code should go in the declude.cfg file. -Jeff From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, October 10, 2006 10:59 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Licensing problem after upgrade I just upgraded from 3.x to the current version. Nothing will run. All I see in the diags.txt is FATAL ERROR: Product license key not in configuration INVALID KEY Where do I put the update Key? Thanks. Fred --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] CBL:CBL
It can also be set in the SMTP service Advanced properties section through the IAdmin. John T eServices For You Seek, and ye shall find! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, September 26, 2006 1:06 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:CBL The current hotfix for IMail Server 2006 includes a registry setting that allows you to set a fixed domain name in your outbound HELO/EHLO. Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Shacklett Sent: Tuesday, September 26, 2006 12:30 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] CBL:CBL Well, I looked in our archive but I forgot to look in the Imail list archive. This appears to be exactly what I'm not experiencing. They've been prompt to reply, so at least I'm not sitting dead in certain waters in the meantime. Thanks, Darrell. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, 26 September 2006 12:48 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] CBL:CBL If you run Imail that puts you at risk for being listed on the CBL :) See- http://www.mail-archive.com/imail_forum@list.ipswitch.com/msg1 06753.html Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. John Shacklett writes: I've discovered that my mailserver has been listed on CBL. I asked to be delisted, and they complied, but I'm right back on *SNAP* just like that. Assuming for the moment that I'm not at risk for the vulnerability covered by MS06-040, and that nothing infected me before I loaded that patch, what else puts us at risk? John. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FIND command question
I the course of normal business, I often use the FIND command when investigating false positives and reported missing email and such to search the logs. However, I just found out a big problem with this. Apparently, the FIND command is case sensitive in that if you say FIND @somedomain.com it will not find it if there is a capital in there. I recently found this out when repeatedly trying to find an incoming email and telling the client it was never received and then the send FINALLY provided their end of the logs and guess what, the email address as they sent it was in all capitals. Question, what is the best quick way to search the logs via command line for a string and not have the search be case sensitive? John T eServices For You Seek, and ye shall find! --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
