RE: [Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS
Okay, but why is CATCHALLMAILS even coming into play? I had it commented out (always have). It has never shown up as a warning in the headers before. Just started showing up. If you don't want the CATCHALLMAILS test to run at all, you would need to comment it out of the global.cfg file -- the $default$.JunkMail file just determines which actions to take. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS
Okay, but why is CATCHALLMAILS even coming into play? I had it commented out (always have). It has never shown up as a warning in the headers before. Just started showing up. Thanks, Katie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, February 10, 2004 4:15 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS >As of today I've got something odd going on with our Declude >Junkmail. Any assistance would be great appreciated! > >A great many emails are failing HELOBOGUS and CATCHALLMAILS (which is >commented out in my default junkmail file). All E-mails fail CATCHALLMAILS. So that isn't an issue. >Here is one example header: > >Received: from eciexchange.ECI [63.160.64.141] by mail.centric.net with ESMTP > (SMTPD32-8.05) id A3421E7500AE; Tue, 10 Feb 2004 10:22:10 -0700 This E-mail had a HELO/EHLO of "exiexchange.ECI", which isn't a valid host name, so it appropriately failed the HELOBOGUS test. >DSBL DELETE >ORDB DELETE >SPAMCOP DELETE >DSN DELETE >NOABUSE WARN >NOPOSTMASTER WARN >BADHEADERS SUBJECT >HELOBOGUS WARN >MAILFROMWARN >PERCENT DELETE >REVDNS WARN >SPAMHEADERS SUBJECT >AHBL DELETE >DSBLMULTI DELETE >NJABL DELETE >RSL DELETE >SBL DELETE >SORB-SMTP DELETE These are very strict settings. Note that we normally recommend using the weighting system -- otherwise, you will likely see a fair amount of legitimate mail get blocked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS
As of today I've got something odd going on with our Declude Junkmail. Any assistance would be great appreciated! A great many emails are failing HELOBOGUS and CATCHALLMAILS (which is commented out in my default junkmail file). All E-mails fail CATCHALLMAILS. So that isn't an issue. Here is one example header: Received: from eciexchange.ECI [63.160.64.141] by mail.centric.net with ESMTP (SMTPD32-8.05) id A3421E7500AE; Tue, 10 Feb 2004 10:22:10 -0700 This E-mail had a HELO/EHLO of "exiexchange.ECI", which isn't a valid host name, so it appropriately failed the HELOBOGUS test. DSBL DELETE ORDB DELETE SPAMCOP DELETE DSN DELETE NOABUSE WARN NOPOSTMASTER WARN BADHEADERS SUBJECT HELOBOGUS WARN MAILFROMWARN PERCENT DELETE REVDNS WARN SPAMHEADERS SUBJECT AHBL DELETE DSBLMULTI DELETE NJABL DELETE RSL DELETE SBL DELETE SORB-SMTP DELETE These are very strict settings. Note that we normally recommend using the weighting system -- otherwise, you will likely see a fair amount of legitimate mail get blocked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Perplexed -- false positives on HELOBOGUS AND CATCHALLMAILS
Title: Message As of today I've got something odd going on with our Declude Junkmail. Any assistance would be great appreciated! A great many emails are failing HELOBOGUS and CATCHALLMAILS (which is commented out in my default junkmail file). Here is one example header: Received: from eciexchange.ECI [63.160.64.141] by mail.centric.net with ESMTP (SMTPD32-8.05) id A3421E7500AE; Tue, 10 Feb 2004 10:22:10 -0700content-class: urn:content-classes:messageMIME-Version: 1.0Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printableSubject: test message at 10:20X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0Date: Tue, 10 Feb 2004 10:24:41 -0700Message-ID: <[EMAIL PROTECTED]>X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: test message at 10:20Thread-Index: AcPv+sQ9Ad5U9lRhT8C4qVudgOLZJw==From: "Ken DeCosta" <[EMAIL PROTECTED]>To: <[EMAIL PROTECTED]>X-RBL-Warning: HELOBOGUS: Domain eciexchange.ECI has no MX or A records.X-Note: This E-mail was scanned by Centric Internet Services for spam.X-Spam-Tests-Failed: HELOBOGUS, CATCHALLMAILSX-RCPT-TO: <[EMAIL PROTECTED]>Status: UX-UIDL: 349899319 Here's my default config (I just changed action on HELOBOGUS from delete to warn a few minutes ago): DSBL DELETEORDB DELETESPAMCOP DELETEDSN DELETENOABUSE WARNNOPOSTMASTER WARNBADHEADERS SUBJECTHELOBOGUS WARNMAILFROM WARNPERCENT DELETEREVDNS WARNSPAMHEADERS SUBJECTAHBL DELETEDSBLMULTI DELETENJABL DELETERSL DELETESBL DELETESORB-SMTP DELETE #SNIFFER BOUNCE WEIGHT10 DELETE#WEIGHT15 DELETE#WEIGHT20 DELETE ## The following tests are commented out by default because they are not commonly# used (or require a subscription).# #BADWHOIS WARN#BLARS WARN#CATCHALLMAILS WARN#COMPU WARN#DEVNULL WARN#DORKS WARN#DORKZTL WARN#DSBLALL WARN#DUL WARN#FIVETENDUL WARN#FIVETENOPTIN WARN#FIVETENOTHER WARN#FIVETENSRC WARN#FLOWGO WARN#GUARDBLOCK WARN#GUARDBULK WARN#GUARDDUL WARN#GUARDMULTI WARN#GUARDSINGLE WARN#GUARDSRC WARN#HEUR WARN#INTERSIL WARN#IPWHOIS WARN#NJABL WARN#NJABLDUL WARN#POSTFIXGATE WARNRBL WARN#RSS WARN#SELWERD WARNSPAMBAG WARN#SPAMTR WARN#SUMMIT WARN#V6NET WARN#VISI WARN#WIREHUB-DNSBL WARN#WIREHUB-DYNA WARN#ZTA WARN #RBL WARN#DUL WARN#RBL+DUL WARN#RSS WARN#RBL+RSS WARN#DUL+RSS WARN#MAPSALL WARN