RE: [Declude.JunkMail] Phishing attempt- site is live
We received a bunch for Royal Bank of Canada accounts as well this week, trying to take advantage of the major software glitch RB experienced last week no doubt. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.twu.ca/technology -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, June 08, 2004 2:23 PM To: Kami Razvan Subject: Re: [Declude.JunkMail] Phishing attempt- site is live We've had this one in Sniffer for a while. They were originally going after Sun Trust: Rule ID - 99546 Created - 2004-03-22 From Source - http://200.97.91. Rule Type - Numbered Link Origin - Spam Trap Original Rule Name - suntrust phishing Current Strength - 2.68760205 _M On Tuesday, June 8, 2004, 4:11:28 PM, Kami wrote: KR Hi; KR The site is live.. a definite phishing attempt. KR KR http://200.97.91.210/citi/;Activate KR KR Regards, KR Kami KR === KR KR Received: from 82-33-98-143.cable.ubr10.azte.blueyonder.co.uk KR [82.33.98.143] by foroosh.com KR (SMTPD32-8.11) id A0842A350272; Tue, 08 Jun 2004 14:08:04 -0400 KR Received: from 50.106.132.64 by 82.33.98.143; Tue, 08 Jun 2004 KR 13:00:46 -0600 KR Message-ID: [EMAIL PROTECTED] KR From: [EMAIL PROTECTED] [EMAIL PROTECTED] KR Reply-To: [EMAIL PROTECTED] [EMAIL PROTECTED] KR To: * KR Subject: [35~]Activate Bill Pay KR Date: Tue, 08 Jun 2004 20:05:46 +0100 KR MIME-Version: 1.0 KR Content-Type: multipart/alternative; KR boundary=--23927787921753605107 KR X-Originating-IP: 12.5.20.80 KR X-RBL-Warning: IPNOTINMX: KR X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. KR X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. KR X-RBL-Warning: FIVETEN-SPAM: KR 143.98.33.82.blackholes.five-ten-sg.com. KR X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] KR X-RBL-Warning: BROADBAND: Message failed BROADBAND test (line 236, KR weight 9) KR X-RBL-Warning: COUNTRY: Message failed COUNTRY test (line 221, KR weight 1) KR X-RBL-Warning: IPLINKED: Message failed IPLINKED test (line 187, KR weight 13) KR X-Declude-Sender: [EMAIL PROTECTED] [82.33.98.143] KR X-Declude-Spoolname: D00832a350272ffb3.SMD KR X-Note: KR == KR X-Note: Spam Score: 35 [BLOCKED ON 20+ DELETED ON 60+] KR X-Note: Scan Time: 14:08:11 on 06/08/2004 KR X-Note: Spool File: D00832a350272ffb3.SMD KR X-Note: Server Name: KR 82-33-98-143.cable.ubr10.azte.blueyonder.co.uk KR X-Note: SMTP Sender: [EMAIL PROTECTED] KR X-Note: Reverse DNS IP: KR 82-33-98-143.cable.ubr10.azte.blueyonder.co.uk [82.33.98.143] KR X-Note: Recipient(s): * KR X-Note: Country Chain: [IANA Reserved]-UNITED KINGDOM-destination KR X-Note: KR == KR X-Note: This E-mail was scanned filtered by Declude [1.79i8] for SPAM virus. KR X-Note: Spam and virus blocking services provided by KR ClickandPledge.com KR X-Note: KR == KR X-RCPT-TO: *** KR Status: U KR X-UIDL: 331480131 KR KR 23927787921753605107 KR Content-Type: text/html; KR Content-Transfer-Encoding: quoted-printable KR KR /fontfont size=3D2brbrtd class=3Dsmalltext Dear KR Citibank customer,br We've upgraded our service so you can KR schedule fund transfers. And with ou= r improvedbrBill Pay, you KR can now pay bills on one screen. We will requi= re all Citibank KR customers to signup for this, pleasebrfill in your card KR information now to avoid extr= a upgrade fees being withdrawn from KR your account later on. KR brbr KR font color=3Dred* ALL CITIBANK CUSTOMERS ARE REQIRED TO ACTIVATE KR = BILL PAY */font brbr bClick on the link below to active KR Bill Pay:/bbr a href=3Dhttp://200.97.91.210/citi/;Activate KR Bill Pay/a /font KR KR KR KR 23927787921753605107-- KR KR --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership
Oops, sorry all. I meant to reply directly to Sandy. Too many emails open. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Edge Sent: Thursday, April 15, 2004 2:15 PM To: [EMAIL PROTECTED] Subject: RE: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership Hi Sandy, Thanks for the info. I did see the message and will be having a look at it as well. My big hurdle will be to try to find something that will allow me to migrate existing email from Imail to an Exchange 2003 server. Its all in the pros and cons what if stage right now. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, April 14, 2004 8:42 PM To: Richard Edge Subject: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership We are likely going to be moving from Imail for our student email server to an Exchange 2003 server (as a mate to the staff faculty server). You might then be interested in MilterSink (announced earlier), which will incorporate limited support for Declude (all tests, but not all actions, are expected to be available). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership
Hi Sandy, Thanks for the info. I did see the message and will be having a look at it as well. My big hurdle will be to try to find something that will allow me to migrate existing email from Imail to an Exchange 2003 server. Its all in the pros and cons what if stage right now. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, April 14, 2004 8:42 PM To: Richard Edge Subject: Re[2]: [Declude.JunkMail] Notification to customers of change of ownership We are likely going to be moving from Imail for our student email server to an Exchange 2003 server (as a mate to the staff faculty server). You might then be interested in MilterSink (announced earlier), which will incorporate limited support for Declude (all tests, but not all actions, are expected to be available). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] smime.p7s Description: S/MIME cryptographic signature
RE: [Declude.JunkMail] Notification to customers of change of ownership
Scott, First, congratulations on the changes. I would certainly be interested in a gateway product from your company as a few changes are occurring here as well. We are likely going to be moving from Imail for our student email server to an Exchange 2003 server (as a mate to the staff faculty server). I have become somewhat disappointed with Imail and Ipswitch as we have had a couple of serious bugs with attachments of late that I feel have not been dealt with seriously enough by Ipswitch. This is what is prompting the change. Both bugs were problems dealing with Imail's handling of attachments. This was pretty critical for an academic institution that relies on email attachments for students to send in assignments and faculty that needs to send course materials to students. The first bug you are aware of and actually let me know that it was a known bug in Sept.. 2003 and wasn't fixed until December 2003 affecting the whole first semester. The second is a bug with multipart/mixed attachments that I reported as critical in January and now it is the end of the school year and still no news of a fix. I have only praise for your product and support and if I had to leave Imail, my regret would be losing Declude and therefore I was quite excited to see your message about a potential gateway product. Sorry for the rant, but after repeated inquires to Ipswitch with no response and now seeing an upgrade release (8.1) but still no fix for 8.05, I am just a little frustrated and *very pleased* that you weren't purchased by Ipswitch. Anyway congrats and I will continue to monitor for news of a gateway product so that I can continue to offer top quality anti-spam and virus protection for my users by a company that provides what I consider to be the best product and support in the entire industry. Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, April 12, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Notification to customers of change of ownership Have you already started considering which other MTA's you will try to integrate with? No decisions have been made yet, but it looks like a gateway product (which would be compatible with all SMTP servers) may be the way that we go. I want to suggest Xmail Server (http://www.xmailserver.org). I have looked at making Declude work with it before, but never found the time to write the middleware needed. I like Xmail for it's speed and configurability, and the next release will add integrated IMAP finally. I also like the suggestion of MS SMTP service, but either dealing with sinks used in MS SMTP is very difficult or developers think admins are suckers, I have never seen a cheap addin for MS SMTP, even simple ones. Of course, feel free to correct me if they do exist. Thanks for the suggestions -- we will take a note of this. Another question, will there be any consideration in making Declude multi-platform? It is something that we are giving serious thought to. At this point, it isn't a high priority -- but something that is being considered as we do development work. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] X-Spam-Prob: 0.999929 Header
Today as I was going through the spam on hold after making some changes in Declude's spam configuration yesterday I noticed a new X header in several of the messages as follows: X-Spam-Prob: 0.29 Has anyone seen this? Is it a new Declude header (I had also updated to the current beta version) or added by other email server's spam detection software. We are currently using Imail 7.14 and Declude 1.70 beta for our students. Richard Edge System Administrator Computing Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BASE64 test
I see a test in the more recent Declude config files called BASE64, but cannot find any documentation of what this test does and why it would be used. I know what Base64 encoding/decoding is, but maybe someone could enlighten me as to why it would be a good test to use and what it checks for. I did check through this list but only found a couple of messages that did not answer my questions. Richard Edge System Administrator TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.ucs.twu.ca http://www.ucs.twu.ca FAQ: http://www.ucs.twu.ca/resources/faq.htm http://www.ucs.twu.ca/resources/faq.htm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.