[Declude.JunkMail] Spam tests
I received a forwarded email with these headers today. Don't know which spam filter product generated them, but they look like some neat tests: * 0.3 NO_REAL_NAME From: does not include a real name * 0.9 FROM_ENDS_IN_NUMS From: ends in numbers * 0.6 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN) * 0.0 CONGRATULATIONS BODY: Congratulations - you've been scammed? * 0.1 LINES_OF_YELLING_2 BODY: 2 WHOLE LINES OF YELLING DETECTED * 0.0 LINES_OF_YELLING BODY: A WHOLE LINE OF YELLING DETECTED * 0.6 SUBJ_ALL_CAPS Subject is all capitals * 2.2 FROM_HAS_ULINE_NUMS From: contains an underline and numbers/letters * 1.6 NIGERIAN_BODY1 Message body looks like a Nigerian spam message 1+ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MTLDB effectiveness
I can't say that I am overwhelmed with the effectiveness of the MTLDB test thus far. Every single email I have seen come through my server with the MTLDB test triggered on it has been a false positive - in fact, it seems that user not found automated messages originating from the mail servers various ISP's (including HOTMAIL) are a favorite of MTLDB. Is it possible that users with infected machines are sending through their own ISP's servers, and those servers' IP addresses are then being listed in the MTLDB, causing it to show false positives on any mail coming from those servers? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RR.COM
Does anyone know how to expedite getting removed from AOL/Netscape/Compuserve's IP spam list? I have no idea how we got there, but they have been blocking mail from every domain on my server for almost two weeks now. I can guarantee we've never sent any spam their way, or any way, for that matter. Attempting to send email to any of those domains ends up with this result: 20031216 000133 127.0.0.1 SMTP (0384324F) Trying aol.com (0) 20031216 000133 127.0.0.1 SMTP (0384324F) Connect aol.com [205.188.156.154:25] (1) 20031216 000133 127.0.0.1 SMTP (0384324F) 554-(RLY:B2) The information presently available to AOL indicates this 20031216 000133 127.0.0.1 SMTP (0384324F) 554-server is transmitting unsolicited e-mail to AOL. Based on AOL's 20031216 000133 127.0.0.1 SMTP (0384324F) 554-Unsolicited Bulk E-mail policy at http://www.aol.com/info/bulkemail.html 20031216 000133 127.0.0.1 SMTP (0384324F) 554-AOL cannot accept further e-mail transactions from this server. 20031216 000133 127.0.0.1 SMTP (0384324F) 554-Please have your ISP/ASP or server admin call AOL at 1-888-212-5537, 20031216 000133 127.0.0.1 SMTP (0384324F) 554 or visit http://postmaster.info.aol.com for more information. 20031216 000133 127.0.0.1 SMTP (0384324F) SMTP_DELIV_FAILED They don't even give us a chance - we connect, and they dump us instantly. Calling them at that number gives you not much more than a promise that they'll look into it and get back to you, i.e. they won't bother and will never call you back. The postmaster web site doesn't help much. I'm at a bit of a loss. Hmmm. I just did a test from my mail server. I did a manual telnet to a few different AOL listed MX servers on port 25, and got this: 220-rly-ya02.mx.aol.com ESMTP mail_relay_in-ya2.4; Tue, 16 Dec 2003 17:55:45 -0500 220-America Online (AOL) and its affiliated companies do not 220- authorize the use of its proprietary computers and computer 220- networks to accept, transmit, or distribute unsolicited bulk 220- e-mail sent from the internet. Effective immediately: AOL 220- may no longer accept connections from IP addresses which 220 have no reverse-DNS (PTR record) assigned. I was able to do a manual HELO, RCPT FROM, MAIL TO, DATA and successfully send an email. The server has only one IP bound, so it can't be because it's using a different IP address. What gives? At 04:31 PM 12/16/2003, Bill wrote: Hi, FYI, rr.com has finally removed my IP from their spammer list as of today. It took 4 requests dating back to 11/18. I only knew we were no longer being blocked because one of my customers told me a message got through. My log file from today verified this to be true. I never did receive and messages from them other than the auto-responses. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Morgan Sent: Friday, December 12, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] RR.COM Hi, We are having a problem sending e-mail to any user at rr.com. Our messages are refused as spam. I have checked all of the databases that they say they use and we are not listed in any of them. Over the last three weeks, I have sent several messages to [EMAIL PROTECTED] (the address that they say to use for problems like this) but have only gotten automated responses confirming receipt of the message. Has anyone else had a problem with rr.com? If so, how did you resolve it? Thanks, Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RR.COM
At 06:39 PM 12/16/2003, Matthew Bramble wrote: Your HELO (nerosoft.com) doesn't match your reverse DNS domain (mail.netbound.com). This could be the result of some idiot at AOL rejecting your E-mail based on those things not matching. The HELO changes depending on the virtual domain sending the email. If [EMAIL PROTECTED] has his acme.com domain hosted as a virtual domain on my mail server, and he sends an email, it gets sent out with a HELO acme.com. The RDNS can only have one value - and that one IP address could represent hundreds of different domains. The switch should be easy enough to test out this theory. Try changing your domain in IMail to netbound.com for just a second and see what happens. The reverse DNS change just takes a bit longer to propagate, though that might be a good idea to do for the long-term. Generally speaking, reverse DNS is used for E-mail filtering and nothing else of importance, so choose to match mail over all other things. I sent an email from a netbound.com address to an AOL address. It got rejected just as quickly. In fact, the AOL SMTP server terminates the connection before my server even gets a chance to send an HELO! Please let the list know if this works, though I'm just stabbing in the dark of course. I've seen places as large as GM block on just reverse DNS alone, which is pretty stupid in my book, and that warning from AOL's HELO has been there for months at least, and shows that they have at least considered this idiotic move. Matt Scott MacLean wrote: Does anyone know how to expedite getting removed from AOL/Netscape/Compuserve's IP spam list? I have no idea how we got there, but they have been blocking mail from every domain on my server for almost two weeks now. I can guarantee we've never sent any spam their way, or any way, for that matter. Attempting to send email to any of those domains ends up with this result: 20031216 000133 127.0.0.1 SMTP (0384324F) Trying aol.com (0) 20031216 000133 127.0.0.1 SMTP (0384324F) Connect aol.com [205.188.156.154:25] (1) 20031216 000133 127.0.0.1 SMTP (0384324F) 554-(RLY:B2) The information presently available to AOL indicates this 20031216 000133 127.0.0.1 SMTP (0384324F) 554-server is transmitting unsolicited e-mail to AOL. Based on AOL's 20031216 000133 127.0.0.1 SMTP (0384324F) 554-Unsolicited Bulk E-mail policy at http://www.aol.com/info/bulkemail.html 20031216 000133 127.0.0.1 SMTP (0384324F) 554-AOL cannot accept further e-mail transactions from this server. 20031216 000133 127.0.0.1 SMTP (0384324F) 554-Please have your ISP/ASP or server admin call AOL at 1-888-212-5537, 20031216 000133 127.0.0.1 SMTP (0384324F) 554 or visit http://postmaster.info.aol.com http://postmaster.info.aol.com/ for more information. 20031216 000133 127.0.0.1 SMTP (0384324F) SMTP_DELIV_FAILED They don't even give us a chance - we connect, and they dump us instantly. Calling them at that number gives you not much more than a promise that they'll look into it and get back to you, i.e. they won't bother and will never call you back. The postmaster web site doesn't help much. I'm at a bit of a loss. Hmmm. I just did a test from my mail server. I did a manual telnet to a few different AOL listed MX servers on port 25, and got this: 220-rly-ya02.mx.aol.com ESMTP mail_relay_in-ya2.4; Tue, 16 Dec 2003 17:55:45 -0500 220-America Online (AOL) and its affiliated companies do not 220- authorize the use of its proprietary computers and computer 220- networks to accept, transmit, or distribute unsolicited bulk 220- e-mail sent from the internet. Effective immediately: AOL 220- may no longer accept connections from IP addresses which 220 have no reverse-DNS (PTR record) assigned. I was able to do a manual HELO, RCPT FROM, MAIL TO, DATA and successfully send an email. The server has only one IP bound, so it can't be because it's using a different IP address. What gives? At 04:31 PM 12/16/2003, Bill wrote: Hi, FYI, rr.com has finally removed my IP from their spammer list as of today. It took 4 requests dating back to 11/18. I only knew we were no longer being blocked because one of my customers told me a message got through. My log file from today verified this to be true. I never did receive and messages from them other than the auto-responses. Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Morgan Sent: Friday, December 12, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] RR.COM Hi, We are having a problem sending e-mail to any user at rr.com. Our messages are refused as spam. I have checked all of the databases that they say they use and we are not listed in any of them. Over the last three weeks, I have sent several messages to [EMAIL PROTECTED] (the address that they say to use for problems like this) but have only gotten automated responses confirming receipt of the message. Has anyone else had a problem with rr.com? If so, how did you resolve it? Thanks, Bill --- [This E-mail
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts
This may be a crutch solution, but it is what we have implemented, and our customers seem to like it. I wrote a small port redirection program that runs on the mail server. It listens on a specific port number, and when it receives a connection, opens a connection on the mail server on port 25, and acts as an intermediary between the two. Our customers reconfigure their clients to connect on this port number other than 25, it skips around the various ISP's port 25 blocking, they get to use our SMTP server, and noone is the wiser. At 12:21 AM 12/13/2003, Matthew Bramble wrote: Dave Doherty wrote: Matt, I went through a lot of the same arguments with my StarPower customers. Once they understand that security and spam control requires that they use StarPower's SMTP service, they are very cooperative and happy to make the adjustments. We are fanatical about customer service, and I will have a tech talk a customer through the email setup, even if it takes an hour. I think you are assuming too much about your customers being happy under those arrangements. Maybe your outbound SMTP server is problem free, but the ISP's that are implementing such things are far from problem free in my experience, and I hate getting calls about why someone's E-mail isn't reaching it's destination when we aren't handling their outbound traffic. We also provide virus scanning on outbound traffic, which such a configuration defeats. I see this approach in the same light as closing down the highways because people speed. It punishes customers and providers that play by the rules, whereas only a small number are sending spam or have computers that are compromised to do so. Because I need direct access to my SMTP server for monitoring, I absolutely have to have a provider that allows SMTP traffic through. If the majority of ISP's played by the rules that you do, SMTP would be broken for all practical purposes as far as I'm concerned. If you ask around, most here don't consider blocking on DUL lists to be a wise thing to do, though using that in a weighting scheme is a decent idea. It's pretty clear that even Scott is being blocked by Road Runner's servers because of a poor implementation of a DUL list that includes his IP space even though it is static and business-class. Blocking outbound SMTP is even worse than blocking by DUL. I'm sure that many around here have had similar issues with large ISP's that improperly have tagged their IP space as being dynamic. I know that this practice negatively affects my business, and it's quite difficult to explain to a non-technical customer why this is, and never once has one of them been happy that their ISP has chosen to do so. Maybe you aren't aware of this affecting your business, but I, along with several of my LAN integrator friends, would absolutely not recommend an ISP that blocks outbound SMTP traffic because of the problems that it causes me, and the perception that such an implementation is a lazy way of fighting spam. And as far as my experience goes, none of the ISP's doing this that I have encountered went about this in a fully responsible manner. They all chose to make a change and then have me take the calls and do the diagnosis and call them for verification instead of alerting their customers as to the issues. This also starts encroaching into the areas of censorship and policing ones customers. Once you start getting involved with disallowing SMTP, you remove legitimate objections to blocking file sharing networks, and could even make yourself liable for such things. The industry has taken a very purposeful approach to this by usurping as much responsibility as possible. They don't want to become the Internet's police force, and costly defenses of John Doe's by places like Yahoo and Verizon were not intended to protect criminals, but instead to protect their businesses from liability and burden. The RIAA has even gone after universities for file sharing, and this implicates the universities as being liable for the actions of their students. If you know anything about public colleges, then you should know that they generally have a huge aversion to any form of blocking because of the implications. After one student at my old school got arrested for child porn, a friend of mine who was the sys admin, removed all such groups from their news server, figuring that it wouldn't make for good publicity if they found the guy got it off of their own servers...well, when the guy's boss got wind of this, he forced him to add all of the groups back in. The view here is that it was a can of worms that they wanted nothing to do with as a proactive measure, and their job was not to enforce either moral standards nor the law itself. Spam is of course a serious problem, and one of the problems is that it causes ISP's to limit access to my servers by my own clients. I assure you that I am not the only one that feels this way, and it does affect your business, though maybe not measureably...it
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts
You just have to be careful - I set up SMTP relay for addresses to accept connections from every IP in our group except for the IP of the mail server itself, so that our web servers can send mail without using SMTP AUTH. If you put the IP of the mail server in the relay for addresses list - or use a group that includes the mail server, you basically create an open relay - given, a relay using a nonstandard port number, but an open relay nonetheless. Exclude the mail server's IP, and it works properly, requiring SMTP AUTH from outside connections through the redirector. The mail server (and web messaging server and monitor) seem to have no issues with its own IP being excluded from the list. So yes, it works using SMTP AUTH - as long as the client use SMTP AUTH, it sends it right through. I had thoughts of actually marketing this as a product at some point, and wrote it as such - perhaps I should get off my arse and do it? Would there be interest in such a thing? At 06:09 PM 12/13/2003, Matthew Bramble wrote: That sounds like a nice crutch to have available. Much better IMO than setting up such a thing on a different server as IMail would seem to require. Am I correct in assuming that you can still secure things by way of SMTP AUTH without needing to accept every message coming into that port? And more importantly, would you be willing to share your fine work :) Matt Scott MacLean wrote: This may be a crutch solution, but it is what we have implemented, and our customers seem to like it. I wrote a small port redirection program that runs on the mail server. It listens on a specific port number, and when it receives a connection, opens a connection on the mail server on port 25, and acts as an intermediary between the two. Our customers reconfigure their clients to connect on this port number other than 25, it skips around the various ISP's port 25 blocking, they get to use our SMTP server, and noone is the wiser. At 12:21 AM 12/13/2003, Matthew Bramble wrote: Dave Doherty wrote: Matt, I went through a lot of the same arguments with my StarPower customers. Once they understand that security and spam control requires that they use StarPower's SMTP service, they are very cooperative and happy to make the adjustments. We are fanatical about customer service, and I will have a tech talk a customer through the email setup, even if it takes an hour. I think you are assuming too much about your customers being happy under those arrangements. Maybe your outbound SMTP server is problem free, but the ISP's that are implementing such things are far from problem free in my experience, and I hate getting calls about why someone's E-mail isn't reaching it's destination when we aren't handling their outbound traffic. We also provide virus scanning on outbound traffic, which such a configuration defeats. I see this approach in the same light as closing down the highways because people speed. It punishes customers and providers that play by the rules, whereas only a small number are sending spam or have computers that are compromised to do so. Because I need direct access to my SMTP server for monitoring, I absolutely have to have a provider that allows SMTP traffic through. If the majority of ISP's played by the rules that you do, SMTP would be broken for all practical purposes as far as I'm concerned. If you ask around, most here don't consider blocking on DUL lists to be a wise thing to do, though using that in a weighting scheme is a decent idea. It's pretty clear that even Scott is being blocked by Road Runner's servers because of a poor implementation of a DUL list that includes his IP space even though it is static and business-class. Blocking outbound SMTP is even worse than blocking by DUL. I'm sure that many around here have had similar issues with large ISP's that improperly have tagged their IP space as being dynamic. I know that this practice negatively affects my business, and it's quite difficult to explain to a non-technical customer why this is, and never once has one of them been happy that their ISP has chosen to do so. Maybe you aren't aware of this affecting your business, but I, along with several of my LAN integrator friends, would absolutely not recommend an ISP that blocks outbound SMTP traffic because of the problems that it causes me, and the perception that such an implementation is a lazy way of fighting spam. And as far as my experience goes, none of the ISP's doing this that I have encountered went about this in a fully responsible manner. They all chose to make a change and then have me take the calls and do the diagnosis and call them for verification instead of alerting their customers as to the issues. This also starts encroaching into the areas of censorship and policing ones customers. Once you start getting involved with disallowing SMTP, you remove legitimate objections to blocking file sharing networks, and could even make yourself liable for such things. The industry has taken
Re: [Declude.JunkMail] Hardware Recommendation's
I've had BIND 4, 8 and 9 running on my IMail 6, 7 and 8, both master and slave, for years, with no problems ever. Well...no problems relating to the interaction of IMail and DNS. :) At 11:33 AM 12/12/2003, Burzin Sumariwalla wrote: I thought it was a no-no to have DNS running on your Imail server. Is it? At 09:50 AM 12/12/2003, you wrote: This server will have Imail installed, Windows 2000 Server, Windows DNS, Declude Junkmail Pro and Declude Virus Pro, Fprot. -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: TuCows response to ICANN re: Verisign SiteMunger
Some interesting results based on the poll TuCows sent to its resellers: http://icann.org/correspondence/noss-to-twomey-03oct03.htm
RE: [Declude.JunkMail] Attacks prompt shutdown of antispam lists lists
It wouldn't make sense to repeatedly download what was essentially the same list with small changes. It would make much more sense to have one large file to download once, followed by a distribution of small diff files to apply to the main file, containing any additions/deletions since the previous diff file. If this was done in a distributed way, almost like DNS, where anyone could get it from anyone else, there would simply be too many systems running it to make it possible to kill it via DDOS. At 02:52 PM 9/26/2003, Markus Gufler wrote: DNS blacklist databases are very much larger than the Sniffer rule set files. A textfile containing only IP-Addresses can by zipped down to around 1/3 of his size. A file containing 200 Ips has an original size of 3,1 kB The zipped file has 1,1 kB (Probably the zip algoritmus will work bether for larger files because there are more equal 3-digit-strings.) Multiplicating it by 100.000 assuming a blacklist containing 20 million bad IPs would create a 110 MB file. But this 20 million IP's are a initial value. I have no exact idea but I assume there should be something between 1000 and 1 new/removed IPs per day. If my theory has no errors we can expect daily updates between 0,5 and 5,5 MB. That shouldn't be a problem. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MPCM?
I am getting TONS of this crap on my server. All kinds of different messages, all with the little MPCM blurb at the top. I set up two filters in my Wordfilter test to catch it: BODY 10 CONTAINS mpcmffa.com BODY 10 CONTAINS MPCM However, it is not catching it - in fact, the only wordfilter entry I have that is being caught is this one: SUBJECT 5 CONTAINS guaranteed This message is also tripping my SUBJECTCHARS test: SUBJECTCHARSsubjectchars50x40 So at a very minimum, this message should have a weight of 9. I have a WEIGHT5 test: WEIGHT5weightrangexx59 So this message should be triggering this test, but it is not. What is going on? Why can't I catch these messages? Received: from mta1.adelphia.net [68.168.78.175] by netbound.com (SMTPD32-8.01) id A675B980520; Thu, 25 Sep 2003 14:39:49 -0400 Received: from s3z2x8 ([67.23.51.103]) by mta1.adelphia.net (InterMail vM.5.01.05.32 201-253-122-126-132-20030307) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 25 Sep 2003 14:43:27 -0400 Message-ID: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Errors-to: [EMAIL PROTECTED] Organization: Mahlon Rissler Enterprises From: Mahlon Rissler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Hi Fellow List Member, NOW, Need MORE energy?, GUARANTEED! Date: Thu, 25 Sep 2003 14:39:44 -0400 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (492) X-RBL-Warning: IPNOTINMX: X-RBL-Warning: SUBJECTCHARS: Subject with at least 50 characters found. X-Declude-Sender: [EMAIL PROTECTED] [68.168.78.175] X-Note: This E-mail was sent from (timeout) ([68.168.78.175]). X-Failed-Spam-Test: WORDFILTER, IPNOTINMX, SUBJECTCHARS X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 362370212 Dear Internet Friend, Thank you for posting your link to my page at the MPCM FFA Network on September 24, 2003, located at http://mpcmffa.com/cgi-bin/p.cgi?mrmpffa/index.html This message is a notification that your ad was successfully posted on my page. To read the Posting Service Agreement which you agreed to at the time of posting please visit http://mpcmffa.com/cgi-bin/post.cgi?u=mrmpffa Your posting will have been either manual or via a submission service such as WorldPromoter or SearchEngineBlaster. To remove yourself and ban your email address from future use of our FFA Network just visit the link below: http://mpcmffa.com/cgi-bin/remove.cgi Please allow up to 7 days for the emails to stop. -- Hey Friend, I received your name as someone who may be interested in a home business. My name is Mahlon Rissler and I have been using Seasilver for about 2 months now with very good results. It gives me more energy, and my dizzy spells have been greatly reduced.( I had an MRI, and the doctors didn't know what to do about my dizzy spells) so I started taking Sea Silver. Thank God that I feel much better now. Here is an ad that I use in my Network Marketing, that you may copy, if you wish. You may also sign up in my downline, if you so desire. I am signed up right under Mark Joyner. Thank you. Mahlon Rissler - - - - - - - - - - - - - - - - - - - - - - - - - - Headline: NOW, Need MORE energy?, GUARANTEED! Hey Friend, Need more ENERGY? Hate gaggling down vitamin pills? Try Seasilver. A great tasting liquid nutritional supplement. 60 day unconditonal money back guarantee. Free shipping too!. Only $39.95 Please visit http://www.myseawealth.com/mahlon/opportunity === I also had business cards made, with this same ad copy. When you sign up, you will get your own Website, with your own unique URL that you can use to advertise your Sea Silver Business. Wishing you much better health and much wealth. Sincerely, Mahlon Rissler [EMAIL PROTECTED] P.S. should you have any questions, please feel free to email us. Thanks. Please remember, we are just an email away. === Now, FreeAdGuru, approved by Mark Joyner, GUARANTEED! Just received from Stephan Ducharme. Here is what the Tiger Woods of online marketing says about me: --- Testimonial --- Mark Joyner here: Stephan sold more products of mine than all of my top affiliates could in a one week period. My affiliates are some of the best and most renowned online marketers in the world. To put it bluntly I was blown away. Stephan is a mentor to follow. If there is anyone to learn from, its Stephan Ducharme, the Free Ad Guru. Mark Joyner Founder of StartBlaze and ExitBlaze and Best selling author. --- end of testimonial --- Click here: http://www.freeadguru.com/cgi-bin/i.pl?c=ai=8615 Caring for your success, Mahlon Rissler Authorized Affiliate. = NOW, Discover tht AMAZING FR*EE Advertising System... Advertise Directly to 362,797 Targeted Leads -- 100% FREE! Finally! A
Re: [Declude.JunkMail] MPCM?
At 04:03 PM 9/25/2003, R. Scott Perry wrote: Are there any spaces/tabs after MPCM on that line? Does the line end properly (if it is the last line in the file, and you use Notepad, can the cursor go to the line below it)? The lines are fine - no spaces/tabs, and they are in the middle of the file. If you view the source of the E-mail, are there any HTML comments (v1.75 or later is needed do filter E-mail with anti-filter HTML comments)? No HTML comments at all. What I would recommend is adding [%WEIGHT%] to the line in your global.cfg file that lists the spam tests that the E-mail failed, so you can see the weight. Right now, all we know is it is either less than 4 or greater than 9. :) Note that some of the tests default to a negative weight if E-mail does *not* fail them (such as IPNOTINMX and NOLEGITCONTENT). Right. I may be using old math, but it seems that Declude is adding strangely. Here's another message, from this very list: X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (284) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (50) X-RBL-Warning: ANTIGIBBERISH: Message failed ANTIGIBBERISH test (52) X-RBL-Warning: SUBJECTCHARS: Subject with at least 50 characters found. X-Declude-Sender: [EMAIL PROTECTED] [24.107.232.14] X-Note: This E-mail was sent from cpe-24-107-232-14.ma.charter.com ([24.107.232.14]). X-Failed-Spam-Test: WORDFILTER, GIBBERISH, ANTIGIBBERISH, SUBJECTCHARS X-Total-Spam-Weight: -2 Note I added the weight line at the bottom as you suggested, showing the total weight of this message as -2. WORDFILTER line 284 contains: BODY 3 CONTAINS to unsubscribe - this is valid, as that text appeared in the message. So we're at 3 to begin with. GIBBERISH and ANTIGIBBERISH were both included for valid reasons. They cancel each other out, so we're still at 3: GIBBERISH filter D:\IMail\Declude\Gibberish.txt x 4 0 ANTIGIBBERISH filter D:\IMail\Declude\AntiGibberish.txt x -4 0 SUBJECTCHARS adds 4, so now we're at 7: SUBJECTCHARSsubjectchars50x40 So why does the total spam weight end up as -2?
Re: [Declude.JunkMail] MPCM?
At 05:10 PM 09/25/2003, Matthew Bramble wrote: Scott MacLean wrote: *sigh* you're right again, Scott. Still doesn't explain why it's not catching my previous wordfilter lines. I'm going to watch this one some more. Keep checking your math for the other message :) NOLEGITCONTENT nolegitcontent x x 0 -5 Subtract that from 9 and it falls below your WEIGHT5 test. Been there, done that. BTW, that seems to be a lot of weight to subtract for passing NOLEGITCONTENT and IPNOTINMX if you are failing at 10. I score -1 and -2 respectively. Lots of spam will pass the NOLEGITCONTENT test. I'm not actually failing at 10 - I insert warnings of 10, 15, 20 and 30, and let the clients decide what they want to filter/hold/delete. We don't do anything other than put warnings in the headers for them to filter on.
Re: [Declude.JunkMail] Cannot whitelist
At 07:52 AM 7/29/2003, R. Scott Perry wrote: Anyone care to try to take a crack at this? I have unsuccessfully been trying to whitelist this weekly email for months. In my $default$.junkmail file, I have: WHITELISTFILE D:\IMail\Declude\Whitelist.txt Are you running v1.75 (which is required for the WHITELISTFILE option)? Yes. Is the E-mail that you are trying to whitelist using the $default$.JunkMail file (IE no per-user/per-domain settings, and not outgoing E-mail)? Yes, it is incoming email, and it is not using per-user/per-domain settings. Are any E-mails being whitelisted by the test (if not, the test itself may not be set up properly; Yes, other emails are being whitelisted by the test. if so, it is probably the specific entries for this one E-mail that need to be changed)? That's what I was hoping someone might come up with. And in the D:\IMail\Declude\Whitelist.txt file, I have these lines: sparklist.com .sparklist.com nova.sparklist.com @nova.sparklist.com angustel.ca @angustel.ca These have been added over time trying to get this thing to whitelist, with no luck. Any ideas why? X-Declude-Sender: [EMAIL PROTECTED] [216.91.57.182] There were reports on some versions of Declude JunkMail before 1.75 that whitelisting would not work properly on longer return addresses such as this. We haven't had any such reports with 1.75, so if you aren't on 1.75, I would recommend upgrading to it. I'm definitely running 1.75. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] Massive flood of uncaught spam
Aha. Secondary DNS that Declude was pointed to (BIND 9.2.2) had died, and the daemon that watches it to restart it, wasn't. Thanks, Bill. At 03:05 AM 07/28/2003, Bill Landry wrote: I have not noticed an increase this weekend, myself, but maybe others have. Is it mainly your DNS based tests that are failing or is it pretty much all tests across the board? If it's your DNS tests that are failing, check to see if the DNS server that IMail is configured to use is working and responding to queries (or, if you have a name server defined in your Global.cfg file, check that one). What do you see in your log file, are there any errors being reported? Bill - Original Message - From: Scott MacLean [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 27, 2003 9:45 PM Subject: [Declude.JunkMail] Massive flood of uncaught spam Starting Friday night, most of the users of the various domains on my server have been complaining of a massive flood of spam. I would say the spam traffic I have seen has easily tripled or quadrupled this weekend. It's unreal. I myself have received over 800 spam emails in the past 24 hours. The main problem is that Declude is catching much less of it than it usually does. The only tests they are failing is IPNOTINMX, and not much else. The spam is not from a single source - it seems like all the spammers suddenly decided to send tons of this crap out at once, and whatever they have done is sidestepping my Declude setup. Is anyone else seeing this? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] Massive flood of uncaught spam
Scott, the problem here was that my DNS server had died. My IMail config lists two DNS servers - primary and secondary - to use for lookups. Presumably if it doesn't get a reply from the primary, it will try the secondary. In this case, the primary died and Declude didn't use the secondary for lookups (although IMail did). Is this correct? At 03:05 AM 07/28/2003, Bill Landry wrote: I have not noticed an increase this weekend, myself, but maybe others have. Is it mainly your DNS based tests that are failing or is it pretty much all tests across the board? If it's your DNS tests that are failing, check to see if the DNS server that IMail is configured to use is working and responding to queries (or, if you have a name server defined in your Global.cfg file, check that one). What do you see in your log file, are there any errors being reported? Bill - Original Message - From: Scott MacLean [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 27, 2003 9:45 PM Subject: [Declude.JunkMail] Massive flood of uncaught spam Starting Friday night, most of the users of the various domains on my server have been complaining of a massive flood of spam. I would say the spam traffic I have seen has easily tripled or quadrupled this weekend. It's unreal. I myself have received over 800 spam emails in the past 24 hours. The main problem is that Declude is catching much less of it than it usually does. The only tests they are failing is IPNOTINMX, and not much else. The spam is not from a single source - it seems like all the spammers suddenly decided to send tons of this crap out at once, and whatever they have done is sidestepping my Declude setup. Is anyone else seeing this? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] Cannot whitelist
Anyone care to try to take a crack at this? I have unsuccessfully been trying to whitelist this weekly email for months. In my $default$.junkmail file, I have: WHITELISTFILE D:\IMail\Declude\Whitelist.txt And in the D:\IMail\Declude\Whitelist.txt file, I have these lines: sparklist.com .sparklist.com nova.sparklist.com @nova.sparklist.com angustel.ca @angustel.ca These have been added over time trying to get this thing to whitelist, with no luck. Any ideas why? X-Persona: NoSpam Received: from nova.sparklist.com [216.91.57.182] by nerosoft.com (SMTPD32-6.06) id AF563E305B2; Mon, 28 Jul 2003 10:12:38 -0400 Date: Mon, 28 Jul 2003 07:11:21 -0700 Subject: Telecom Update #392, July 28, 2003 To: [EMAIL PROTECTED] From: Angus TeleManagement Group [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit List-Unsubscribe: mailto:[EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-RBL-Warning: WORDFILTER: Message failed WORDFILTER test (274) X-RBL-Warning: WEIGHT15: Total weight between 15 and 19. X-Declude-Sender: [EMAIL PROTECTED] [216.91.57.182] X-Note: This E-mail was sent from nova.sparklist.com ([216.91.57.182]). X-Failed-Spam-Test: BLACKLIST, WORDFILTER, NOLEGITCONTENT, WEIGHT15 X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 338337210 Status: U ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Massive flood of uncaught spam
Starting Friday night, most of the users of the various domains on my server have been complaining of a massive flood of spam. I would say the spam traffic I have seen has easily tripled or quadrupled this weekend. It's unreal. I myself have received over 800 spam emails in the past 24 hours. The main problem is that Declude is catching much less of it than it usually does. The only tests they are failing is IPNOTINMX, and not much else. The spam is not from a single source - it seems like all the spammers suddenly decided to send tons of this crap out at once, and whatever they have done is sidestepping my Declude setup. Is anyone else seeing this? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Imail v6 and Windows Update
Q328310 At 10:05 AM 7/17/2003, Jeff Maze - Hostmaster wrote: Hello, Was wondering if anyone knew what the Microsoft update it was that caused the display of the IMail manager to be shifted and un-readable. Dang new people installed it and now I can't edit any of the entries, etc. Thanks.. Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] KillListGen Utility
At 01:00 AM 06/09/2003, David Dodell wrote: Huh? Link is broken? You should be able to get it here: http://www.nerosoft.com/Download/KillListGenInst.exe Thanks Scott. I was following a link from the Declude website Scott, can you please fix the link on the Declude website? It's pointing to the wrong place. What address were you sending email to? On your main webpage it shows [EMAIL PROTECTED] but it is really linked to [EMAIL PROTECTED] ... and that bounces user unknown. Thanks, got that fixed now. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
RE: [Declude.JunkMail] spamdomains list
At 01:36 PM 5/30/2003, John Tolmachoff \(Lists\) wrote: If someone has a comprehensive spamdomains listing they are happy with,could they post it for others to analyze/use? Uh, see the orginal post that started this thread. I would, except the list archives are still down. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Year 2020
The best program I have ever found that does this is D4Time. I like it so much I replaced my own home-grown written program with it. It's small, extremely accurate, and reliable. You can set it to run every xx minutes, stay resident, run only at boot and exit, whatever you want. And it's absolutely free. /plug off http://www.thinkman.com/dimension4/index.html At 02:16 PM 3/27/2003, Colbeck, Andrew wrote: I had a program that checked a time server every day to keep the time accurate. On more than one occasion I saw the date get changed to the year 2020 and the year 4040. I don't use time server programs any more. WXP has a SNTP client built in. Use: net time /setsntp:tick.ucla.edu net stop w32time net start w32time and you're in business. WNT and W2K can both use the (totally different) w32time.exe and w32time.ini from the NT Server Resource Kit. For dollars, my favourite is the inexpensive shareware Tardis2000 from HC Mingham-Smith at: http://www.kaska.demon.co.uk/ Run a NTP server internally against an internet source, and then provide it to your servers and clients, either with a time service, or by putting a net time \\server /set /yes line in your login scripts. You can also use net time in your login scripts to obtain the time from the NT Domain. DHCP also allows you to publish a time server, but Windows DHCP clients ignore that feature. And of course, tick.ucla.edu is not the only time source on the Internet. There's probably a source that is near you that is a public source. Use more than one. Here's one page that is a useful list: http://tycho.usno.navy.mil/ntp.html Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] Spam floods
I have one domain on my server who for a while, had a nobody alias in place, so it would accept any email sent to it, regardless of the address. Somehow it has gotten on public spam lists - someone generated a ton of bogus addresses @domain.com (not the real domain, obviously) and it's obviously being sent around or sold as part of a spam email list. As a result, he was getting almost 10,000 spams a day, most of which were being caught by Declude. However, several times a day we would have idiot spammers who were connecting and attempting to send 20-30 messages a second, which was totally crippling my server. I had him remove the nobody alias, so at least there's no longer the load on the server of Declude trying to spam check and virus check every piece of spam these idiots were sending. However, at least once a day I still have some idiot spammer connecting and crippling my server for half an hour or so, attempting to send 20-30 messages a second. The IP addresses are always spoofed, so I can't block it that way. They tie up all available inbound SMTP connections, so the SMTP server appears dead to my REAL clients, and any valid mail they should be receiving doesn't get through. As well, it puts both CPUs in the server up to 100% rejecting the mail, slowing the server down for everyone else. SMTP logs are filled with thousands of entries like this: 20030227 091017 127.0.0.1 SMTPD (003A0640) [217.82.173.37] RCPT TO: [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (003A0640) [217.82.173.37] ERR domain.com invalid user [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (000D0584) [217.82.59.117] RCPT TO: [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (000D0584) [217.82.59.117] ERR domain.com invalid user [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (00280604) [217.82.59.117] RCPT TO: [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (00280604) [217.82.59.117] ERR domain.com invalid user [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (002D055A) [217.82.173.37] RCPT TO: [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (002D055A) [217.82.173.37] ERR domain.com invalid user [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (01650418) [217.81.250.86] RCPT TO: [EMAIL PROTECTED] 20030227 091017 127.0.0.1 SMTPD (01650418) [217.81.250.86] ERR domain.com invalid user [EMAIL PROTECTED] Any ideas what I can do about this? Is there anything I can do? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] how much is junk?
I have a user that receives over 10,000 spam emails a day. I personally get about 500 spam to 50 real emails a day. Of those, typically around 5-10 get past Declude. At 02:46 PM 2/13/2003, Helpdesk wrote: on 2/13/03 2:36 PM, paul wrote: Ok guys, what do you see in ratio of junk vs good mail per day? Spam messages account for over 75% of our incoming messages (we're an ISP). Later, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] Comments
Now that we have the Comments tag, I now find spam with tons of these peppered throughout: font color=#5D5AC3 Not really comments, as they are functional, but they're put randomly throughout the email. Functional, but pointless. Any ideas? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Comments
No, the font command is embedded specifically to cause pattern-matching junk mail scanners to miss the email. I am seeing messages like this: font color=#5D5AC3Buy my wonderful prodfont color=#5D5AC3uct it will do mirafont color=#5D5AC3cles and make you younger while enlargfont color=#5D5AC3ing your proboscis and eliminfont color=#5D5AC3ating wrinkles, while you make a million dollars sitting at hofont color=#5D5AC3me talking to wonderful Rusfont color=#5D5AC3sian women just waiting to speak to you. At 08:26 AM 2/4/2003, Bonno Bloksma wrote: Now that we have the Comments tag, I now find spam with tons of these peppered throughout: font color=#5D5AC3 Standard HTML stuff I think. Not really comments, as they are functional, but they're put randomly throughout the email. Functional, but pointless. Any ideas? The whole idea behind the Comments tag was to flag e-mail that has been made unique by inserting lots of comments which usually are identical in one e-mail but different in between mails. That way they don't get caught by pattern recognizers, however, Declude would catch them by simply counting the number of comments, which *should* not be to high. Let's leave the rest of the stuff alone, in my opion it would only burden Declude with stuff it is not supposed to handle anyway. What would you do with those mail that change the color, delete them, put them on hold? Or.. do you think these color statments are used in the same way the comment tags are being used, with several tags after one another and the last having the correct color? Met vriendelijke groet, Bonno Bloksma --- [This E-mail scanned for viruses by Declude Virus using f-prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Trouble adding latest beta version
Try renaming the existing version and then copying in the new version. At 10:07 AM 1/24/2003, Jim Rooth wrote: I copied the filed from the web, but when I try to copy it to the Imail folder I get a sharing violation. I stopped all services in Imail and still get the sharing violation. The only thing open on the server is Explorer so I can see the files. Any ideas? I even tried to delete the existing file but it says it is in use... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] Updated KillListGen utility
For those using my KillListGen utility automatically download Tom's spam list and append it to their own, I have posted an updated version here: http://www.nerosoft.com/Download/KillListGenInst.exe This version is identical to the previous version, with one exception: It will accept multiple ListURL parameters in the KillListGen.txt config file. When it sees more than one, it will download and append all of them in turn: ' URLs to retrieve lists of current spam addresses/domains ListURL=http://www.imagefxonline.net/apps/delog/fromfile.txt ListURL=http://www.anotherfile.com/whatever.txt This allows using other lists in addition to Tom's. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] Fwd: Updated KillListGen utility
Sorry, it was suggested to me that some newer members might have no idea what I am talking about. I wrote the utility below that retrieves one or more files via the web, appends it to a local file, and writes it out to another file. This allows the use of local blacklists added to regularly updated public blacklists. It is free for anyone who wishes to use it. The file (once installed) is called KillListGen.exe. When run, it looks for a configuration file called KillListGen.txt in the same directory as the executable. The KillListGen.txt is pretty well self-documenting, a sample file is below. Any questions, please ask. Sample KillListGen.txt file: ' Configuration file for Kill List Generator - [EMAIL PROTECTED] ' URLs to retrieve lists of current spam addresses/domains ListURL=http://www.imagefxonline.net/apps/delog/fromfile.txt ListURL=http://www.anotherfile.com/whatever.txt ' Source file of local addresses you wish to keep on the list permanently. ' Comment out if no local address list is used. SourceFile=c:\IMail\Declude\Source.txt ' Destination file that IMail reads which will be combined Source file and retrieved lists DestFile=c:\IMail\Declude\Destination.txt For those using my KillListGen utility automatically download Tom's spam list and append it to their own, I have posted an updated version here: http://www.nerosoft.com/Download/KillListGenInst.exe This version is identical to the previous version, with one exception: It will accept multiple ListURL parameters in the KillListGen.txt config file. When it sees more than one, it will download and append all of them in turn: ' URLs to retrieve lists of current spam addresses/domains ListURL=http://www.imagefxonline.net/apps/delog/fromfile.txt ListURL=http://www.anotherfile.com/whatever.txt This allows using other lists in addition to Tom's. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] An optional web interface for DecludeJunkMail?
Being that it is obviously a Windows application, would it not make more sense to simply publish a configuration API (object), and let the users decide what sort of interface they want to use to connect to it? At 08:43 AM 12/18/2002, R. Scott Perry wrote: In response to additional info and questions please see below. When could we anticipate an ETA? It's too early for an ETA, sorry. ***Regarding end user spam control via e-mail subscribe method. This would be a nice option, but I would prefer Web interface for our customers and ability to modify that page with instructions, graphics, support info, etc. I know a lot of pros, cons, opinions here from others, but I am customer driven. How about the option of both methods? Both methods may be a possibility. However, the web interface would take priority, unless it seemed that the E-mail option would be useful to a lot of people. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] OT: MS update
Slightly off this topic, but I just learned the hard way that if you have intentions of continuing to use the server-based IMail 6 administration program, do NOT install Microsoft update Q328310. You'll get something like this as a result: http://www.nerosoft.com/Test/IMail.gif At 11:09 AM 12/17/2002, Craig Gittens wrote: I don't mean to cross you and it is a question out of it's time seeing as you haven't made any decisions yet but what about functionality and extensibility of your proprietary platform? Are we in for another IWEBMSG and are you going to hire a whole new team to support coding features/upgrades for this? I see this as being your expense where you would have almost none using existing free technologies such as IIS. Remember that you are dealing with Win32 admins here and yes you can't please all the people all the time but you can sure come close by injecting your new project into our Win32 subset of experience. What you could do is just forward to the list the new found bugs and patches for IIS from Microsoft and other 3rd party security companies for those who don't keep up-to-date. *guilty* Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, December 17, 2002 11:47 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] An optional web interface for Declude JunkMail? I agree that the flat files work well for Junkmail itself. However, a web GUI will be very hard to do without the 'masters' kept in a database. Without a database you'll run into file locking problems and it will be harder to deal with single records. That's why we try stay away from the bleeding edge technology -- there's a reason they use the word bleeding. It will actually be easier for us to use a flat file than to use a database. use IIS (a lot of people don't want to use it, for security reasons). This is pretty much a moot point as both IIS and Apache have the same security risks. IIS just gets more press. G We won't use Apache either. or any special technologies (such as dot NET, ASP, CF, etc.). We would need to create something that would work on all servers, and not have any special requirements. That's going to be hard. Not for us. G You really only have two choices that could cover most of the bases. ASP or PHP both are available in the Win and Unix worlds. Win32 admins will prefer ASP. Sorry, I should have included PHP in that list (which is amazingly flexible, BTW). We're not talking about something the typical pre-bubble We need to show them something to collect our $10 million funding company would produce. We actually wrote a web scripting language well before ASP was available, and wrote our first web server back when people thought that dynamic content on a web page was a web page that was updated by hand every few hours. If we require ASP or PHP, we're going to require something that a number of our customers either don't have or won't have. Many of our customers would not even think of installing IIS or Apache on a mailserver. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] KillListGen
oops. Sorry about that guys, fumble fingers caused that. It's back up, but I've moved it to where I should have put it in the first place to keep it from being deleted: http://www.nerosoft.com/Download/KillListGenInst.exe ...and for anyone who has a few minutes to kill, and wants a good laugh: http://www.nerosoft.com/Files/Vanessa.wmv At 01:44 PM 11/27/2002, Thomas Juliano wrote: The link for the Killlistgenerator.exe is dead. Can someone post this file or email it to me? Here is the master link http://www.nerosoft.com/ perhaps you could contact them about it. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Wordfilter bypassed
The sneaky buggers are at it again. I've been getting more and more emails that don't fail any tests at all, but should be caught as spam due to multiple wordfilter hits. I had a look at the message (HTML) source, and found this: Hum!--nnbvmx--an Gr!--d--owth Hor!--fjkg--mone Th!--sdkf--erapy Scott, is it possible that the wordfilter, when looking at HTML source messages, can be made to disregard HTML comments, as above? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
RE: [Declude.JunkMail] Are spammers idiots??
And of course, a fair bit of the spam at times seems to be selling spamming services or spamming software itself. :) At 04:41 PM 11/14/2002, R. Scott Perry wrote: I saw a recent television news magazine piece about spam, where a businessperson described it as the crack cocaine of marketing; certain desperate/foolish people know it's bad, but they just can't resist the temptation. That's my line of thought on the issue. The idea of sending 10,000,000 E-mails for $500 or so, getting a .1% response rate for a $5 product bringing in $50K is very appealing to that $5/hour McDonalds worker (you know, the one that lost $5 photocopying all those chain letters a few years ago -- of course he didn't lost the whole $9, since he never sent $1 to the 4 people on the list). If spammers really were making money, we would know about it. Some of them would brag about it. But the only people I ever hear bragging are the ones that *send* the spam. My guess is that most spammers make no money (or just enough so that they can make some spare change when they can't work overtime at McDonalds). But the suckers are told that they'll make $50K (If you don't believe me, look at your inbox -- do you think there would be all those spams there if they weren't making money), and just believe it must be true. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] Wordfilter in BASE64?
I just saw an email that *should* have been caught several times over with various BODY CONTAINS filters, but wasn't - instead, it caught BASE64. Does Declude decode the BASE64 body and then apply the wordfilter? Because it seems like it might not. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Wordfilter in BASE64?
That's what I suspected. Has anyone seen HTML Base64 segments that *weren't* spam? Are there any email clients that actually put out such a thing? At 08:14 AM 9/25/2002, Madscientist wrote: Declude does not decode base64, rather it simply detects html base64 segments which are highly likely to be spam. _M ]-Original Message- ]From: [EMAIL PROTECTED] ][mailto:[EMAIL PROTECTED]]On Behalf Of Scott MacLean ]Sent: Wednesday, September 25, 2002 8:10 AM ]To: [EMAIL PROTECTED] ]Subject: [Declude.JunkMail] Wordfilter in BASE64? ] ] ]I just saw an email that *should* have been caught several times over with ]various BODY CONTAINS filters, but wasn't - instead, it caught BASE64. ]Does Declude decode the BASE64 body and then apply the wordfilter? Because ]it seems like it might not. ] ]___ ]Scott MacLean ][EMAIL PROTECTED] ]ICQ: 9184011 ]http://www.nerosoft.com ] ]--- ][This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] This one slid right through
I'm at a loss as to how this one got through. My applicable wordfilter entries: BODY 10 CONTAINS To unsubscribe from our broadcast BODY 10 CONTAINS www.himailer.com SUBJECT 9 CONTAINS HiMailer BODY 9 CONTAINS HiMailer My whitelist shows absolutely nothing remotely similar to anything in the headers of this message. My X-Failed-Spam-Test shows None. Any ideas would be welcome. X-Persona: Root Received: from interspancanada.com [61.230.99.125] by netbound.com (SMTPD32-6.06) id A92842302AA; Tue, 20 Aug 2002 03:00:56 -0400 From: download your free [EMAIL PROTECTED] Subject: Want to boost your sales with Internet Marketing? Try HiMailer. Content-Type: text/html Date: Tue, 20 Aug 2002 00:43:05 +0800 X-Priority: 3 X-Library: Indy 9.0.3-B Message-Id: [EMAIL PROTECTED] X-Note: This E-mail was sent from 61-230-99-125.HINET-IP.hinet.net. ([61.230.99.125]). X-Failed-Spam-Test: None X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 321932383 Status: U Download Trial Version For FREE Product :HiMailer Support :WIN95/98/NT/2000/ME/XP Monthly data access fee for member Only US$19.00 For all registered members. Download Now Want to reach the greatest number of potential clients at the convenience of a few clicks? Wonder how you can market your product to a select group of customers at the lowest cost? Congratulations! You've been selected to receive an exclusive offer of the most effective marketing software you will ever use for promoting your product - HiMailer. HiMailer's product features include: ¡P a proprietary database of over150 million subscribers worldwide, growing at more than 1 million ¡@new subscribers each day; ¡P an innovative, powerful search engine that enables you to select target customers based on multiple ¡@parameters; ¡P an easy-to-use email system that allows sending your product messages to your custom-generated ¡@mailing lists with just a couple of clicks. For a limited time only, first-time users are invited to experience the power of HiMailer for FREE. Don't wait, come visit www.himailer.com and download your free trial version of HiMailer. To unsubscribe from our broadcast, please click here REMOVE. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] BLARSBL:Spam pretending to be fromspamcop - anyone else get these.
When I reported this to SpamCop, I got the following response: Reply-To: Ellen [EMAIL PROTECTED] From: Ellen [EMAIL PROTECTED] To: System Administrator [EMAIL PROTECTED] Subject: Re: Your site will be shut down Date: Tue, 13 Aug 2002 08:05:30 -0400 Hi -- The email you received did not come from SpamCop. Someone is forging emails/reports to appear like they are coming from SpamCop. It's been going on for more than a week now. Today's deluge appears to be coming from IP: 63.164.145.33, 65.67.149.57 and 64.224.17.31. Please see: www.julianhaight.com/forgery.shtml for updated information. Sorry for the cut and paste response, but we've been dealing with these at the rate of 200 per hour :-( Thanks and our apologies. Ellen At 10:46 AM 8/13/2002, Chuck Schick wrote: My abuse mail boxes all had spam this morning pretending to be from spam cop. These has titles like - Your site will be shut down We will block you from millions of users Your network is being compromised It gave out the phone number for Julian Haight of spam cop. Looks like some spammer is trying to attack spam cop. Maybe spamcop is too effective. Anyone else get these - they all came from IP address 65.67.149.57. I have included a header below. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com Headers of the spam Received: from mx2.spamcop.net [65.67.149.57] by adlime.com (SMTPD32-6.06) id A7C81B060312; Tue, 13 Aug 2002 00:31:36 -0600 X-Mailer: X-Mailer: Mailloop 5.0 MIME-Version: 1.0 X-Encoding: MIME Content-Type: multipart/alternative; boundary==_NextPart_38887646058174503 To: [EMAIL PROTECTED] Date: Tue, 13 Aug 2002 02:32:49 -0500 From: [EMAIL PROTECTED] Subject: We will block you from millions of users Message-Id: [EMAIL PROTECTED] X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?65.67.149.57 X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Note: Total spam weight of this E-mail is 6. X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 320720476 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Downloadable list
At 04:36 PM 8/12/2002, Tom wrote: I liked this idea so much (of a downloadable spam domain file) that I wrote a small utility that automatically downloaded the full list, incorporated it into my own list and wrote out a combined list. Anyone who wants to use it is welcome: http://www.nerosoft.com/Files/KillListGenInst.exe Cool idea, but that does place more pressure on me to keep the list up to date... Well, you can always point the URL to someone else's online list. :) Hm, that said, perhaps it should be able to handle multiple source lists, to combine them all... PS: I hope you don't mind if I download it and post it on our web site. http://www.imagefxonline.net/apps/delog That is as soon as I get a chance. Perhaps Scott will do the same. Of course, go right ahead. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
RE: [Declude.JunkMail] Morning update for the Declude Killlist 08/09/02
I liked this idea so much (of a downloadable spam domain file) that I wrote a small utility that automatically downloaded the full list, incorporated it into my own list and wrote out a combined list. Anyone who wants to use it is welcome: http://www.nerosoft.com/Files/KillListGenInst.exe Once installed, it creates a config file named KillListGen.txt that must be in the same directory as the EXE file. It looks like this: ' Configuration file for Kill List Generator - [EMAIL PROTECTED] ' URL to retrieve list of current spam addresses/domains ListURL=http://www.imagefxonline.net/apps/delog/fromfile.txt ' Source file of local addresses you wish to keep on the list permanently. ' Comment out if no local address list is used. SourceFile=c:\IMail\Declude\Source.txt ' Destination file that IMail reads which will be combined Source file and retrieved list DestFile=c:\IMail\Declude\Destination.txt The first line ListURL specifies the URL to download the list from. The second line SourceFile specifies the local path of a file containing your own address/domain list that you want incorporated into the final list. The third line DestFile specifies the local path of the destination file it's all written to, and should be the Blacklist file that Declude is looking for. I've got mine running on a schedule, updating twice a day. At 06:17 PM 8/9/2002, Tom wrote: You can download the full list from the following URL: http://www.imagefxonline.net/apps/delog/fromfile.txt This list is not provided by the authors of DECLUDE. However, it is just an optional file you can use to block potential or known spam sites. To get more information on using Blacklists with Declude please visit the following URL: http://www.declude.com/JunkMail/manual.htm Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] Passed spam filters
oops. I thought; no WAY this would be on my whitelist. Turns out I had lycos.com on the whitelist. Thanks. At 08:35 AM 7/18/2002, R. Scott Perry wrote: I have the following two filters set: SUBJECT 10 CONTAINS limited time grants SUBJECT 4 CONTAINS $ SUBJECT 4 CONTAINS ,000 However, the following message got through without triggering anything. Any idea why? Subject: LIMITED TIME Grants. Up to $156,000! The first suspect is a whitelist. If that isn't the problem, I would ask if you have seen any of the filters working properly, to see if it may be a problem with the setup of the filters, rather than this specific E-mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Couple of problems
Just noticed a couple files in my root directory: DECLUDE.GP1 DECLUDE.GP2 The first file contains the following: |È (Error 5 at 41889c v1.55) (attempt to read at 5a8010) (0041889C 0012C87C ( ) C:\IMail\Declude.exe) (0040EA37 0012C88C ( ) C:\IMail\Declude.exe) (0040B6CC 0012FF80 (0002 005B0AA0) C:\IMail\Declude.exe) (004247F7 0012FFC0 ( ) C:\IMail\Declude.exe) (77E8D326 0012FFF0 (00424743 ) C:\WINNT\system32\KERNEL32.dll) Qaad80ee Testing whitelist #12595 0 . The second file contains binary data. Within the binary data is a reference to the file C:\IMail\spool\Qaad80ee.SMD. That file no longer exists in the spool directory. The datestamp on the DECLUDE.GP1 and .GP2 files is 7/6 at 4:31 am. Looking in the vir0706.log file at 4:31 shows this entry: 07/06/2002 04:31:23 Qaad80ee Scanned: Virus Free [MIME: 1 147] I am running 1.55 with current F-Prot scanner and files, DOS only. I know that's not a whole lot to go on. Any idea what caused the problem? Second question: My dec.log files are filled with this line. Nine copies of this line appear for every message processed. 07/06/2002 04:30:34 Warning, misconfiguration in 10; expecting action Any clue what I should be looking for? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Interesting new spam
I just saw an interesting new method of getting spam through without being rejected. The body of the message (HTML code only) was not separated from the header by a CR/LF CR/LF - only a single one, so the advertising body was actually part of the header. My Eudora read and rendered the message OK, showing the HTML spam body underneath headers. However, Declude added its warnings to the bottom of what it thought was the message header, which my Eudora filters did not pick up as being in the header, hence it did not get filtered. The result looked like this: Date: Wed, 19 Jun 2002 12:30:50 -0700 From: NERO, Get Perfect 'Bank Rated' Credit Status! [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: NERO, Get Perfect 'Bank Rated' Credit Status! Quickly and Easily Improve YOUR Credit to PERFECT 'Bank' Rated Credit Status!Click here now for FULL FREE details! © 2002 All rights reserved. Unsubscribe X-RBL-Warning: OSSRC: [1] netpalace, see http://spews.org/ask.cgi?S919 X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?65.172.10.207 X-RBL-Warning: WEIGHT10: Weight of 20 reaches or exceeds the limit of 10. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] External Question
You can do it, but it's dangerous if not done right. Make this declaration: Private Declare Sub ExitProcess Lib kernel32 (ByVal uExitCode As Long) Then, when you want to exit and return an errorlevel, do the following: ExitProcess 3 This will kill your VB program instantly and return the errorlevel 3 - but you MUST make sure that you have first manually unloaded all forms, objects, closed all files, databases, released memory and resources etc., as the cleanup routines normally run by the VB runtime when the program exits are not called. If you leave something loaded, you will end up with a memory leak at best. At 10:04 AM 6/7/2002, Tom Schwarz wrote: Visual Basic 6.0 question (yes, it does relate) I am trying to code a simple external program that will be called by declude but I cannot figure out how to return a value to Declude when done. Scott told me how to do it in C but I cannot find it in VB. Anybody know how to return a value to the calling program in Visual Basic? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Web Board...
http://www.mail-archive.com/declude.junkmail%40declude.com/ http://www.mail-archive.com/declude.virus%40declude.com/ At 03:14 PM 6/7/2002, Mark Smith wrote: Scott, Have you considered moving the online support to a forum like WebBoard? I have a WebBoard (http://www.webboard.com) server that I would be more than happy to host it on (no charge). WebBoard allows NNTP viewing/posting, SMTP posting and list sending, as well as HTML viewing. You could continue the existing method of email digest but add some features. The only reason that I'm asking is that being able to search previous threads would be a great deal of help. Let me know. Cheers Mark Smith NETrends Systems. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Relaying configuration WAS HELP: I justgot listed on ORDB
I got around the SMTP filtering issue by setting up a small daemon on my server that accepted connections on port 125 (could be any port, I just picked 125) and redirects the connection to port 25. It's multi-threaded and lets people connect directly to your server to send mail even if their port 25 is blocked by their ISP. At 05:06 PM 03/31/2002, Eje Gustafsson wrote: A little netiq please.. Trim your posts. The original message was 11.2k for less then 1k worth of comment... Just want to chimn in and say that MSN also blocks outbound smtp and you have to use their mailservers. But on top of that you HAVE to use SPA smtp authentication which is something evil that microsoft have come up with. I use a mail client called The Bat! and it would NOT function with MSNs mailservers. Only app I managed to find that worked was Outlook Outlook Express. Now talk about cornering your clients... Sunday, March 31, 2002, 10:27:34 AM, you wrote: DB Auth should work, then, unless there was some change in 7.xx. To be DB sure, setup a test virtual server and try it from a dial-up. Have your DB Imail logs set to debug, so you can see what's happening during the DB test. DB What we do here is use relay for addresses and Auth. However, since DB we use an external database with Imail 6.xx, we have to assign an IP DB to every mail host that needs Auth. That may be fixed in 7.xx, but I DB haven't heard for sure. DB Moreover, we really encourage our users to use the SMTP of their DB dial-up provider, since many (like Earthlink) block port 25 traffic to DB IP's which are not on their net. DB Sunday, March 31, 2002, 9:16:42 AM, Jim Rooth [EMAIL PROTECTED] wrote: JR I am using the Imail Database on v7.06 JR Family, God, and Corps...all else are mere details JR Jim Rooth JR http://www.usmcfew.com/3516 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
RE: [Declude.JunkMail] Relaying configuration WAS HELP: I justgot listed on ORDB
I used FPipe - it's free: http://www.foundstone.com/knowledge/assessment.html As far as I know, it should be able to do it for port 80 as well. I've had it running for several months with no problems at all, with a fair amount of traffic across it. At 07:56 PM 03/31/2002, Timm Jasper wrote: Scott MacLean Writes: I got around the SMTP filtering issue by setting up a small daemon on my server that accepted connections on port 125 (could be any port, I just picked 125) and redirects the connection to port 25. It's multi-threaded and lets people connect directly to your server to send mail even if their port 25 is blocked by their ISP. What was the program, and will it do the same for port 80? ie: web messaging -- Timm Jasper -- Systems Administrator -- TQCi Internet -- 301-863-6121 ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] HELP: I just got listed on ORDB
I know this is slightly off-topic for here, but has anyone had problems with entering subnet masks in the Relay for addresses? When I enter individual IP addresses here, the server works fine, requiring SMTP AUTH for anyone not connection from one of the listed IP's. However when I enter our subnet mask, the server opens wide, letting anyone send email from or to anyone, like an open relay. At 10:23 AM 3/28/2002, R. Scott Perry wrote: I have my IMail set to Relay for local hosts only To make sure that you are not an open relay, you can either use IMail's Relay for addresses (in which case you would enter a list of safe IP addresses that your users may come from; anyone not coming from those safe IPs would need to use SMTP AUTH), or No mail relay (which really means that everyone must use SMTP AUTH). Note that relay setting apply only to outgoing E-mail, so no matter what your settings are, your users will still be able to get mail. Any other relay options will allow spammers to send mail through your server. In the case of Relay for local hosts, IMail will allow spammers to send unlimited spam if they pretend to be using a return address on one of your domains. Are you running Declude Hijack (which would limit the amount of mail that a spammer could send)? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] HELP: I just got listed on ORDB
oops. Sorry, that's what I meant. 216.13.3.192 for the IP and 255.255.255.192 for the netmask, just as you said. When doing so, it acted as an open relay to any connection. At 01:17 PM 3/28/2002, R. Scott Perry wrote: I have the top 64 IP's of a class C, so I was using 216.13.3.192 for both. If you use 216.13.3.192 as the IP, and 255.255.255.192 as the netmask, it should work. A netmask should (except in the most unusual cases, such as if one person got odd IPs in a given range whereas someone else got the even IPs) be a binary number of all 1's followed by all 0's. By using 216.13.3.192 as the netmask, you'll get unusual results. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] HELP: I just got listed on ORDB
I'm running 6.06. Can anyone else running 6.06 confirm this behavior? At 01:46 PM 3/28/2002, R. Scott Perry wrote: oops. Sorry, that's what I meant. 216.13.3.192 for the IP and 255.255.255.192 for the netmask, just as you said. When doing so, it acted as an open relay to any connection. Ah, that's not good. Unless there was an oversight somewhere, that sounds like a bug in IMail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] Hide the X-RBL-Warning in Eudora
Add the following line to your Eudora.ini file: TabooHeaders=X-RBL-Warning At 10:41 AM 2/13/2002, Korey Verlsteffen wrote: Any one know of a way to hide the X-RBL-Warning line in Eudora? All of the other mail clients we use hide it except for our Eudora users. Korey --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com