Darin-I had to #DOMAINWHITELISTS OFF# turned off prewhitelist for footer32 5/12/7#PREWHITELIST ONMaybe a couple of other Global settings as well I can't quite remember.Jay-Original Message-From: "Darin Cox" [EMAIL PROTECTED]Sent 6/26/2007 1:19:17 PMTo:
on 2/10/06 2:36 PM, mail-lists wrote:
Got it on Tuesday...
Same here.
Greg
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
on 8/18/05 3:08 PM, Matt wrote:
Agreed on the splitting idea. Keep one DNS firewalled from the outside world
and for use just by your clients and their address space, and then another one
that only resolves what you host and is open to everyone.
I guess I was on the right path. I did change
Any dns experts on the list?
Last week I noticed our one dns server was running at 100% cpu and using
nearly all its available memory. Reboot. Problem goes away until next day.
Repeat, etc. I determined that an outside entity was hammering the dns
server. Blocked them at the main router. Problem
on 8/18/05 1:49 PM, Markus Gufler wrote:
Are they
querrieng info's about domain names you're hosting or are this requests for
completely other domains and your server does the lookup and report the
result to the client.
The second case (other domains).
From what I've been able to determine,
on 8/9/05 10:28 AM, Richard Farris wrote:
Is there a good IP Blacklist that can be downloaded everyday that is
constantly updated..thanxs..I noticed that all the spam I got today was from
the same block 216.41.254.0/24
SBL is a good list to use.
Info on 216.41.254.0/24 -
on 7/26/05 1:34 PM, Sanford Whiteman wrote:
. . . so hopefully Sandy can tell me how to allow ldap2aliases to
reference another port.
When using the -s option to specify the LDAP server, append the port:
-s 1.2.3.4:1389
Sandy,
That seems to work however I'm getting the size limit
on 7/27/05 7:23 AM, System Administrator wrote:
This current problem occurs when trying to use ldap2aliases on mx1 for
information on hosting2 (hosting2 is using port 1389).
Never mind. I rebooted hosting2 and now I don't get the size error on either
mx computer.
Thanks,
Greg
---
This E-mail
on 7/25/05 5:11 PM, Sanford Whiteman wrote:
Any ideas?
Add this line
sizelimit -1
to the OpenLDAP slapd.conf.
Excellent idea!
Thanks,
Greg
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
I'm trying to start the ldap service on another imail server (win2000) and
it won't start (I'd like to run ldap2aliases on it). Changing the ldap port
in imail to 1389 allows the ldap service to start. Port scanning, I see ldap
(port 389) is running, so something else must be using it. Anyone have
on 7/26/05 11:49 AM, System Administrator wrote:
I'm trying to start the ldap service on another imail server (win2000) and
it won't start (I'd like to run ldap2aliases on it).
For those following along -
I've discovered that Active Directory uses port 389 in Win2000. I haven't
located any
When testing with 10 or so e-mail addresses I didn't get any error messages.
Now that I've unchecked the hide from information services on 900+
addresses for the same domain I get the following error message when running
ldap2aliases -
the size limit for this request was exceeded
80072023
line
on 7/19/05 12:50 PM, Richard Farris wrote:
I got hit again with these two
[69.60.97.208]
209.97.209.0/24
Is there anyone out there that runs an ISP that is seeing the same thing..and
if so other than blacklisting the IP, how do you stop it...this is twice in a
few days I have been
on 4/12/05 2:33 PM, Technical Support wrote:
Has anyone else had this issue before,
and if so, what can be done to fix it?
Yes, one of my servers is listed somewhere (sorbs I think).
Setup an outbound rule in IMail, any message from
[EMAIL PROTECTED] with a subject of undeliverable mail gets
on 1/26/05 1:55 PM, Dan Geiser wrote:
It looks like Excite, MyWay.com, iWon, Ask Jeeves are all somehow
intermingled.
The Excite Network owns both.
http://www.senderbase.org/search?searchString=ExciteNetwork.com
http://www.senderbase.org/search?searchString=myway.com
Greg
---
[This E-mail
Does anyone have an external program that can check the length of urls in
e-mail messages?
Not having a good day -
Slightly related ... I sure miss the old days, when the new
(interim/beta/release) versions of Declude included new spam fighting
tools/commands. It used to be that I felt like we
on 11/11/04 10:33 AM, Dan Geiser wrote:
I can seem to reach www.dnsstuff.com or backup.dnsstuff.com. Are you
current having issues?
I can't get there either, and I've been trying for an hour+.
Greg
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
A single .gif with the standard phish.
Greg
1u364325j3s543897032362548.gif
Description: Binary data
Is there anyway that Declude can let us know the number of recipients for a
message? I know it can tell from the bypasswhitelist test but I don't think
I can get to or use that information.
For example, if a message has a subject that contains your bank account
and was sent to more than one
Some messages are arriving here which produce a declude log entry that
doesn't have anything in the to field. I don't think this is a declude
problem. Is there a way to detect this type of message in a test?
10/21/2004 23:35:51 Q800f52ce00d6a0c6 Subject: True Value R XD
10/21/2004 23:35:51
on 10/5/04 12:21 PM, Dan Horne wrote:
I agree. While a body filter may not be the most EFFICIENT way, it is
definitely the most EFFECTIVE way. Like Chuck, I can't weight SpamDomains
high enough to hold, and even if I could, what if the message gets negative
points from something else like
1. Any plans to add an exact matching ability to the filter tests?
ie. - body 1 containsexact Testing This
which wouldn't catch the phrase testing this in a message.
2. If a message body had
Attention Sir,
I am Steve
would the filter line
body 1 contains ,I am Steve
be a match? If not,
on 8/13/04 9:55 AM, Bonno Bloksma wrote:
Read the archives. A mesage cannot be *both* deleted and send to someone
else. A copy to action is just adding an extra recipient to the smtp
envelope. As soon as that has been done the delete action will delete it
all, including the just modified
I'd like to get a copy of all message that fail a certain test. I have a
copyto action working for messages that fall below our delete weight but
I'm not receiving messages that are over the delete weight. Is there anyway
that I can get a copy of all messages that fail that test, no matter what
on 8/13/04 9:18 AM, Bud Durland wrote:
I belive the remedy is to create a second test, of the same type with
the same criteria, and make COPYTO the action for that new test
I'm currently doing that. Apparently, the over the delete weight messages
get deleted before the copyto takes place.
on 7/14/04 12:41 PM, Colbeck, Andrew wrote:
Dave, if you move your reporting level from MID to HIGH, you will see a log
line for every hit in your filter files.
Your log files will also be 5 times larger.
What you want to see used to be viewable at loglevel mid but was changed for
some
on 6/24/04 6:07 PM, Imail Admin wrote:
Is it possible to make the weight of a test conditional?
Here is my thinking: we've been having problems with our own users getting
zapped by the CMDSPACE test. We are running IMail 7.15, so we don't have
access to the whitelist auth option. We can
on 6/23/04 11:16 AM, Greg Foulks wrote:
Anyone using the AutoWhite application from eServices? Care to give
feedback as to how well/poorly it works?
We've been using it for many months and it works well. It does exactly what
it's supposed to do.
Greg
---
[This E-mail was scanned for viruses
Is there any way that filter #2 can see if filter #1 reached it's maxweight
or see if filter #1 scored a particular weight for a message?
Example -
filter #1 runs (each filter line is weighted 10, maxweight=40)
filter #2 -
TESTSFAILED 100 CONTAINS filter1:40
TESTSFAILED -30 CONTAINS
on 5/26/04 3:49 PM, Kami Razvan wrote:
http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229
Time to add new filters..
I believe a minweighttofail type command in a filter would catch these
easily. In the following example, if 4 or more filter lines matched the
contents of
on 5/21/04 11:30 AM, Scott Fisher wrote:
Can the maxweight / minweight be changed in the middle of a filter?
I can't really think of a reason to use it, just curious.
maxweight 3
subject 5 contains URGENT REQUEST
I don't know, but I'd guess not.
I saw your post a few weeks ago about a
on 5/21/04 1:57 PM, Scott Fisher wrote:
Someone else countered with a number of lines failed that sounded interesting.
I'll call it MINFAILURES
You would only score the filter if the number of matched lines was equal to or
exceeded the MINFAILURES value.
I believe my version is more
on 5/13/04 2:16 PM, R. Scott Perry wrote:
So if you know the answers to questions on the list that I might have
otherwise answered, feel free to answer them.
Does that mean we can approve feature requests that we know you'd like? ;)
Enjoy your time away from us,
Greg
---
[This E-mail was
on 4/21/04 2:35 PM, ISPHuset Nordic wrote:
And how do you can the spam if it's a legitime user?
We delete it. Spam is spam no matter who sends it.
Later,
Greg
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
on 4/20/04 3:16 PM, Matt wrote:
NOTCONTAINS would be incredibly helpful for lots of filters, though of course
all forms of NOT filters would be good addition, but NOTCONTAINS is the most
flexible and therefore capable, especially to defeat a counterbalancing filter
so that it doesn't credit
on 4/21/04 11:17 AM, John Tolmachoff (Lists) wrote:
Why are you so much different than other ISPs that you can not force
authentication?
Try to imagine having to contact thousands of subscribers and walk them
through changing their settings. Even if we only took a minute to help each
on 4/16/04 8:39 AM, Kami Razvan wrote:
I know this has been discussed in the past but I am not sure if any solution
is available.
If one person has [EMAIL PROTECTED] in the address book it appears that an email
sent to this person and many others will be whitelisted for all.
We have a
on 4/14/04 10:57 AM, TC Online Support wrote:
I was
wondering if there was a way to skip the Anti-Gibberish Test if the
Gibberish is not triggered. (This goes to all the test that contain an
Anti- test)
If/when we get a NOTCONTAINS filter command a lot of things like this could
be done very
on 4/9/04 1:32 PM, Rick Davidson wrote:
Is it possible to make it so that if a whitelisted TO address is included
with many recipients that only that one particular address is whitelisted
and not everyone in the To field?
Whitelist To [EMAIL PROTECTED]
recieve an email to [EMAIL
Scott,
Any plans to add notcontains to the filtering system?
I'd like to use the cmdspace test but can't. If I could create a filter ...
TESTSFAILED END NOTCONTAINS CMDSPACE
HEADERS -xx CONTAINS 12.4.184.
HEADERS -xx CONTAINS 12.4.185.
HEADERS -xx CONTAINS 12.4.186.
I could
on 2/18/04 2:51 PM, R. Scott Perry wrote:
o JM ADD New test spf added for SPF support.
How do you turn off the separate logs for spf (spf.log and spf.none)?
Greg
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
What would be the best way to setup IMail/Declude to bounce or reject all
e-mail messages from rr.com subscribers? If possible, in that bounce or
reject message I'd like to add a note telling the sender to have someone at
rr.com call us to discuss the problem.
Here's why I want to do this. They
on 1/23/04 6:54 PM, R. Scott Perry wrote:
Actually, with the latest interim release, if you use LOGLEVEL MID, you'll
get the IP without all those Msg failed lines.
And if you need to see the Msg failed lines and had loglevel mid in the
beta or last released version of Declude you'll need to
on 1/26/04 8:06 AM, R. Scott Perry wrote:
Let me ask people: do you think that it would be better to have the Msg
failed lines in LOGLEVEL MID?
Yes (or add a midh level that is mid + msg failed lines).
Greg
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
on 1/12/04 9:59 AM, Larry Craddock wrote:
Good point and I do agree with one minor counter point ... we have little to
no feedback about how *the police are handling the situation.
Plus how many spam messages will be whitelisted while the police
investigate the incident and the courts go
on 1/7/04 6:35 AM, Matthew Bramble wrote:
BADHEADERS will FP a whole lot more,
Over 95% of the outgoing messages from our subscribers are failing the
CMDSPACE test (75+ messages in about 50 minutes of use). The only pattern I
can see is messages from IMail web are not failing the test.
Greg
on 1/7/04 7:49 AM, Jonathan wrote:
Imail web stuff never gets scanned anyway, does it? I thought it hit
imail1.exe directly ..
I think you're correct. I should have said that a message from a
[EMAIL PROTECTED] address (the default address in our web e-mail)
doesn't seem to fail the cmdspace
on 1/7/04 9:39 AM, Matthew Bramble wrote:
FP to report.
Here's what I'm seeing.
The Outlook, Outlook Express and Eudora programs are all on the same XP
computer.
New message from Outlook to me. Failure.
Reply message from Outlook to me. Failure.
New message from Outlook Express to me.
on 12/12/03 12:49 PM, Bill Morgan wrote:
We are having a problem sending e-mail to any user at rr.com. Our
messages are refused as spam. I have checked all of the databases that
they say they use and we are not listed in any of them. Over the last
three weeks, I have sent several messages
I'm curious as to what others are doing concerning the weight assigned to
the revdns test. How much weight do you assign to your revdns test, as a
percentage of your hold or delete limit? Our percentage is currently at 25%
(10/40).
Thanks,
Greg
---
[This E-mail was scanned for viruses by
on 9/18/03 9:38 PM, R. Scott Perry wrote:
Thanks a bunch for both new features. Are you planning on doing anything
in the future with the IP's that you are collecting, i.e. new
functionality like creating a blacklist? Or is this just being done to
facilitate that test?
We haven't decided
on 9/19/03 7:51 AM, R. Scott Perry wrote:
One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in
our config or .eml files and if Declude Virus sees a forging virus it would
not send the warning messages automatically. That way we wouldn't have to
manually update what is
on 9/19/03 1:55 PM, R. Scott Perry wrote:
o Adds a bypasswhitelisting test type that can be used in rare
cases when whitelist bypassing is necessary.
Used where and how?
Used only as a last resort. :)
Here's how we use it and why.
We're an ISP and we allow users to use the
If an alias has been setup and it has it's own xx.junkmail file (and all
the actions in that file are warn with no holds or deletes), will an
incoming message to that alias be judged by that alias junkmail file or the
junkmail file for the address the alias points to?
Thanks,
Greg
---
[This
on 7/23/03 10:13 AM, R. Scott Perry wrote:
If an alias has been setup and it has it's own xx.junkmail file (and all
the actions in that file are warn with no holds or deletes), will an
incoming message to that alias be judged by that alias junkmail file or the
junkmail file for the
my $0.02
Maybe change WARN action to put:
X-RBL-Warning: TESTNAME DNS test returned txt record
... or to use the example:
X-RBL-Warning: ORBZIN: Open relay. Please see http://orbz.org/?165.252.48.3
X-RBL-Warning: ORBZOUT: Open relay. Please see http://orbz.org/?165.252.48.3
You have given us a
BODYSTART
BODYEND
:-)
- Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Thursday, January 31, 2002 8:45 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] header confusion
The HEADER action is misleading - it
57 matches
Mail list logo