RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
John, Can you list multiple REVDNS on a single line when using spamdomains? For example @bellsouth.net .bellsouth. isp.att. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, August 20, 2007 10:55 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
You can but I think the limit is three. Don't forget ATT/SBC is in bed with Yahoo so their email can come through Yahoo too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Friday, October 26, 2007 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate John, Can you list multiple REVDNS on a single line when using spamdomains? For example @bellsouth.net .bellsouth. isp.att. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, August 20, 2007 10:55 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
The ATT/Yahoo/BellSouth/Ameritech/SBS conglomerate is about to force me to remove all of the entries from the spamdomains file entirely. (Did I leave any one out?) John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, October 26, 2007 10:46 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate You can but I think the limit is three. Don't forget ATT/SBC is in bed with Yahoo so their email can come through Yahoo too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Friday, October 26, 2007 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate John, Can you list multiple REVDNS on a single line when using spamdomains? For example @bellsouth.net.bellsouth. isp.att. Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Monday, August 20, 2007 10:55 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
I'm interested in finding this out too - we had a few legit emails get caught the last 2 days primarily due to the SPAMDOMAINS test coming from a bellsouth.net address that went thru an ATT server Randy A. From: John T \(lists\) [EMAIL PROTECTED] Sent: Monday, August 20, 2007 11:06 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SPAMDOMAINS update for the att conglomerate Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS update for the att conglomerate
Does anyone have an updated listed for SPAMDOMAINS test for the AT T conglomerate? I know there is .att. and bellsouth.com and sbc.com but what else is there that could originate from an att.com REVDNS? John T --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamdomains test
Does the Spamdomains tests use the mailfrom or the From: address to compare to the revdns. I'm betting it is the mailfrom address. Thanks Stu --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains test
Stu, The spamdomains test uses the mailfrom address. Declude derives all its sender and recipient information from the envelope, not the message headers. David Franco-Rocha Declude Technical / Engineering - Original Message - From: [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, January 06, 2006 10:50 AM Subject: [Declude.JunkMail] Spamdomains test Does the Spamdomains tests use the mailfrom or the From: address to compare to the revdns. I'm betting it is the mailfrom address. Thanks Stu --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] spamdomains
Hi, Can someone explain why this rule failed: Spamdomains: @msn.com.hotmail. - X-RBL-Warning: SPAMDOMAINS: Spamdomain '@msn.com' found: Address of [EMAIL PROTECTED] sent from invalid bay104-dav2.bay104.hotmail.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS and No Reverse DNS
Scott, When using the SPAMDOMAINS test we have the option to put a string in the second column which will also pass the test, e.g... .hotmail.com .msn.com like ".msn.com" is in the above example. I have a couple of SPAMDOMAINS where I would like to have "No Reverse DNS" bea viable alternative to the domain but still block on everything else. Can I just put that string "No Reverse DNS" in second column to pass through domains which only match "domain.com" and "No Reverse DNS"? I hope that makes sense. Thanks, Dan Geiser [EMAIL PROTECTED]
Re: [Declude.JunkMail] SPAMDOMAINS and No Reverse DNS
I have a couple of SPAMDOMAINS where I would like to have No Reverse DNS be a viable alternative to the domain but still block on everything else. Can I just put that string No Reverse DNS in second column to pass through domains which only match domain.com and No Reverse DNS? Unfortunately, that will not work -- the SPAMDOMAINS tests will not work with IPs that have no reverse DNS entry. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS and No Reverse DNS
Would this alternative filter work? TESTSFAILED END NOTCONTAINS REVDNS MAILFROM 1 ENDSWITH.msn.com # ok it is from msn and there is no revdns Ah, good thinking -- that should work. You might also want to add a line: REVDNS END CONTAINS.msn.com to make sure that the test is not triggered if .msn.com appears in the reverse DNS entry. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS entry for Suntrust
Hi; Does anyone know the spamdomain entry for Suntrust Bank? @Suntrust.com .suntrust.com Is it different from above? I have not seen a legit email from Suntrust to use as a guide. Regards, Kami
[Declude.JunkMail] Spamdomains
Is there a way to change the Spamdomains test to test the first rather than last? Our main e-mail address is hosted by another company and automatically forwarded to me and the Spamdomains test is showing the forwarded location. John Olden - Systems Administrator Champaign Park District --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains
It sounds like the problem is that Declude JunkMail is scanning the first hop (the forwarding server), which it should not be doing. If that is the case, you should be using the IPBYPASS option to let Declude JunkMail know that the forwarding server is not the true source of the E-mail. David Franco-Rocha Declude Technical Support - Original Message - From: John Olden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 10, 2004 11:13 AM Subject: [Declude.JunkMail] Spamdomains Is there a way to change the Spamdomains test to test the first rather than last? Our main e-mail address is hosted by another company and automatically forwarded to me and the Spamdomains test is showing the forwarded location. John Olden - Systems Administrator Champaign Park District --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains
I do already have IPBYPASS set for this first hop. I don't have a current example message in the hold folder so I'll have to double check it as another one gets caught to make sure the IP address hasn't changed. John Olden - Systems Administrator Champaign Park District - Original Message - From: David Franco-Rocha [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 10, 2004 11:15 AM Subject: Re: [Declude.JunkMail] Spamdomains It sounds like the problem is that Declude JunkMail is scanning the first hop (the forwarding server), which it should not be doing. If that is the case, you should be using the IPBYPASS option to let Declude JunkMail know that the forwarding server is not the true source of the E-mail. David Franco-Rocha Declude Technical Support - Original Message - From: John Olden [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 10, 2004 11:13 AM Subject: [Declude.JunkMail] Spamdomains Is there a way to change the Spamdomains test to test the first rather than last? Our main e-mail address is hosted by another company and automatically forwarded to me and the Spamdomains test is showing the forwarded location. John Olden - Systems Administrator Champaign Park District --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [MSGID=Df63b0156003cd9c0.SMD] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamdomains prodigy.net.mx
I had a legit email fail Spamdomains for prodigy.net. Received: from mail2.smart-mail.net [65.16.167.134] by net.smart-mail.net (SMTPD32-7.15) id A31D87E00DE; Fri, 02 Jul 2004 08:29:01 -0500 Received: from smtp.prodigy.net.mx ([148.235.52.27]) by mail2.smart-mail.net (SAVSMTP 3.1.0.29) with SMTP id M2004070208282915807 for user; Fri, 02 Jul 2004 08:28:29 -0500 Received: from smtp.prodigy.net.mx (nlpproxy07 [148.235.52.27]) by smtp.prodigy.net.mx (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id [EMAIL PROTECTED]; Fri, 02 Jul 2004 08:28:57 -0500 (CDT) Received: from personalhxmswl (dsl-200-78-93-113.prodigy.net.mx [200.78.93.113]) by smtp.prodigy.net.mx (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with SMTP id [EMAIL PROTECTED]; Fri, 02 Jul 2004 08:28:57 -0500 (CDT) Date: Fri, 02 Jul 2004 08:28:41 -0500 X-RBL-Warning: SPAMDOMAINS: Spamdomain 'prodigy.net' found: Address of [EMAIL PROTECTED] sent from invalid . My spamdomains entery is - prodigy.net What would I change this to so that it does not fail Spamdomains. Thanks, Todd --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains prodigy.net.mx
I had a legit email fail Spamdomains for prodigy.net. X-RBL-Warning: SPAMDOMAINS: Spamdomain 'prodigy.net' found: Address of [EMAIL PROTECTED] sent from invalid . The problem here is that there appears to be no reverse DNS entry for the IP that Declude JunkMail used. What IP did Declude JunkMail use (I'm guessing 148.235.52.27?)? You should have an X-Declude-Sender: header with the IP in it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains prodigy.net.mx
Scott, AX-Declude-Sender: [EMAIL PROTECTED] [148.235.52.27] Todd - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 02, 2004 11:11 AM Subject: Re: [Declude.JunkMail] Spamdomains prodigy.net.mx I had a legit email fail Spamdomains for prodigy.net. X-RBL-Warning: SPAMDOMAINS: Spamdomain 'prodigy.net' found: Address of [EMAIL PROTECTED] sent from invalid . The problem here is that there appears to be no reverse DNS entry for the IP that Declude JunkMail used. What IP did Declude JunkMail use (I'm guessing 148.235.52.27?)? You should have an X-Declude-Sender: header with the IP in it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains prodigy.net.mx
AX-Declude-Sender: [EMAIL PROTECTED] [148.235.52.27] That's strange -- that IP does have a reverse DNS entry, and it is set up properly. My guess is that they were having DNS problems where their DNS servers were sending invalid data, which would account for the blank reverse DNS entry that Declude JunkMail saw. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains test
Thanks Bill. I checked the archives and found one from Nov.28,2003 ... just got it setup. thanks again, Larry Craddock - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 28, 2004 12:34 AM Subject: Re: [Declude.JunkMail] Spamdomains test - Original Message - From: Larry Craddock [EMAIL PROTECTED] Thanks everyone. Now that I understand how to use the test, does anyone have a spamdomains.txt file that includes the entries for the domains most commonly used that they could share? Check the archives, Larry. I have posted mine to the list several times. If you cannot locate it, send me a e-mail off-list and I will send it to you. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamdomains test
I think I need a little more detail on the spamdomains test. Here's the entire explanation from the manual: [This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test.] But I'm sure I've seen discussion someplace with reference to lines containing more than just a domain name in the spamdomains.txt file ... or is that all that's needed besides enabling the test? Larry Craddock --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains test
But I'm sure I've seen discussion someplace with reference to lines containing more than just a domain name in the spamdomains.txt file ... or is that all that's needed besides enabling the test? That's a new feature, that allows you to have an alias (for lack of a better word) that can be used in conjunction with the domain name. So a line example.com would require that any E-mail address from @example.com must have a reverse DNS entry containing example.com. However, if legitimate @example.com E-mail can also be sent from @example.net, then you could have a line example.com example.net. With that line, an E-mail from @example.com could have a reverse DNS entry containing example.com or example.net (but it would not apply to users with an @example.net return address). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Spamdomains test
So a line example.com would require that any E-mail address from @example.com must have a reverse DNS entry containing example.com. However, if legitimate @example.com E-mail can also be sent from @example.net, then you could have a line example.com example.net. Scott, any thoughts on my suggestion of an extended SPFDOMAINS test type with which you could manually maintain SPF-formatted policies for given domains, running the data through the existing SPF parser? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains test
Using the dnsbl type of test and a custom zone, you could extend this through DNS. For instance: MPBL-SPAMDOMAINS dnsbl %REVDNS%.%RHSBL%.spamdomains.example.com 127.0.0.2 4 0 In your custom zone, you could construct records like so: *.aol.com.aol.comA 127.0.0.1 TXT ( "Good Entry" ) *.aol.comA 127.0.0.2 TXT ( "Bad Entry" ) I haven't yet tested this, but I believe that the wildcarding will work to give you the proper result. Essentially you define a single bad entry, and then one good entry for every set of reverse DNS with Mail >From domain. Unlike SPAMDOMAINS, this could accomodate more than two different reverse DNS domains. The downside is that I don't know what it will do if Declude can't resolve a reverse DNS entry, or more accurately, what value will Declude use in place of the reverse DNS entry (this might be something to provide as an exception for each entry). Alternatively, you could also use the %HELO% in combination with %RHSBL% since those don't need to do lookups. Same thing goes for %IP4R% as well if you wish to do it in a fashion similar to SPF. Matt Sanford Whiteman wrote: So a line "example.com" would require that any E-mail address from @example.com must have a reverse DNS entry containing "example.com". However, if legitimate @example.com E-mail can also be sent from @example.net, then you could have a line "example.com example.net". Scott, any thoughts on my suggestion of an extended SPFDOMAINS test type with which you could manually maintain SPF-formatted policies for given domains, running the data through the existing SPF parser? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re[2]: [Declude.JunkMail] Spamdomains test
Using the dnsbl type of test and a custom zone, you could extend this through DNS. For instance: MPBL-SPAMDOMAINS dnsbl%REVDNS%.%RHSBL%.spamdomains.example.com 127.0.0.240 Interesting idea, Matt. Still way too much management compared to SPF-compatibleformatting,though. The ability to append ._spf.example.com to SPF queries, or use the SPFDOMAINS text list, would be a lot easier. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains test
I've been planing on trying this for about a week now, and I'm still not convinced that it will work. From my standpoint though, this represents a good way to remove a tad bit more processing and maintain a system to be shared on multiple servers without having to update text files. This idea originally came from my desire to qualify two pieces of information when whitelisting. Using this technique, you could effectively whitelist without fear of forging, though of course the possibility would still exist. You could credit messages that pass such a test such as from amazon.com, coming from an amazon.com reverse DNS entry, and that would be much stronger than systems like BondedSener which relies only on the IP, where servers can still be hijacked or infected. This is also a much more efficient way to credit messages than to maintain long lists of whitelist address and as above, it's a good format for a distributed system with multiple scanning servers that can be updated in real-time. My biggest wish though is that both the To: address and the Reply-To: address were exposed through variables and filters, because that would allow me to apply credit to things that use VERP and also put it in DNS instead of using body or header filters to do the dirty work. Matt Sanford Whiteman wrote: Using the dnsbl type of test and a custom zone, you could extend this through DNS. For instance: MPBL-SPAMDOMAINS dnsbl%REVDNS%.%RHSBL%.spamdomains.example.com 127.0.0.240 Interesting idea, Matt. Still way too much management compared to SPF-compatibleformatting,though. The ability to append ._spf.example.com to SPF queries, or use the SPFDOMAINS text list, would be a lot easier. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Spamdomains test
Thanks everyone. Now that I understand how to use the test, does anyone have a spamdomains.txt file that includes the entries for the domains most commonly used that they could share? Larry Craddock
Re: [Declude.JunkMail] Spamdomains test
- Original Message - From: Larry Craddock [EMAIL PROTECTED] Thanks everyone. Now that I understand how to use the test, does anyone have a spamdomains.txt file that includes the entries for the domains most commonly used that they could share? Check the archives, Larry. I have posted mine to the list several times. If you cannot locate it, send me a e-mail off-list and I will send it to you. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Thank you so much, Kami! I can definitely understand your concise explanation and it sounds like a great way to handle what I am trying to do or at least add another trick in the bag. I'll have to see how I can incorporate this into my current setup. Thanks, Again! Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 4:32 PM Subject: RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? I don't even know how to mentally parse the below code that you've listed. REVDNS END ENDSWITH .hotmail.com MAILFROM 3 ENDSWITH @hotmail.com HELO 5 ENDSWITH .hotmail.com Hi Dan: This is what the above means. REVDNS END ENDSWITH .hotmail.com -- if reverse dns ends with Hotmail.com end the filter and do not process the rest of the filter. This way it won't even trigger the test as being run. What that means is the reverse DNS is hotmail.com MAILFROM 3 ENDSWITH @hotmail.com -- naturally if line 2 is executed it means that reverse DNS is NOT hotmail.com and if the mailfrom endswith hotmail.com then add 3 to the weight. As stated this is one of the many filters we have on Good ISP filters. This filter penalizes an email if the sender's email is hotmail but the reverse dns and helo are not. Similarly on line 3- HELO 5 ENDSWITH .hotmail.com Add 5 points if HELO ends with hotmail.com So if someone's email is [EMAIL PROTECTED] and the reverse dns is not hotmail.com the email gets 3 and if HELO is hotmail.com then it gets 8 points. Hope that explains it.. Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Scott, I know it's been awhile since you posted the answer to my original question but I would _love_ to have a test which functions exactly the same as spamdomains but instead of searching the reverse DNS in a CONTAINS type manner it searched it an ENDSWITH type manner. That would allow me to create a file like the below (that would be used with the ENDSWITH-typespamdomains test)... - a.edu b.edu c.edu d.edu . . . w.edu x.edu y.edu z.edu - which I would use to add a small amount of points for the end of every SENDER that doesn't match the end of every REVDNS in the edu TLD. With edu especially a large majority of the time it does match so points for not matching would be great. And that's just one example of how that would be very useful to me. .Just another request to give consideration for the future. Thanks, Dan Geiser [EMAIL PROTECTED] - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 7:11 PM Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? If I have a SPAMDOMAINS type test in my GLOBAL.CFG... SD-TLD spamdomains D:\iMail\declude\JunkMail.SpamDomains.TLD.txt x 5 0 ...and I have some entries in the corresponding flat text file like below... .mil will SPAMDOMAINS search the reverse DNS entry in a CONTAINS type manner or an ENDSWITH type manner? It will work like CONTAINS, so: For example would the host name .milton-bradley.com in the below... - X-Note: Sent with HELO [mail] from Reverse DNS [mail.milton-bradley.com] - get flagged as passing or failing the SPAMDOMAINS test? That one would get caught, if the reverse DNS entry did not contain .mil in it. So if the E-mail was from [EMAIL PROTECTED], and the reverse DNS entry was mail.milton-bradley.com, the E-mail would not fail the test (but if the reverse DNS was mail.someone_else.com, it would fail the test). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Dan.. Can you not use a filter file for this? Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, May 14, 2004 9:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Scott, I know it's been awhile since you posted the answer to my original question but I would _love_ to have a test which functions exactly the same as spamdomains but instead of searching the reverse DNS in a CONTAINS type manner it searched it an ENDSWITH type manner. That would allow me to create a file like the below (that would be used with the ENDSWITH-typespamdomains test)... - a.edu b.edu c.edu d.edu . . . w.edu x.edu y.edu z.edu - which I would use to add a small amount of points for the end of every SENDER that doesn't match the end of every REVDNS in the edu TLD. With edu especially a large majority of the time it does match so points for not matching would be great. And that's just one example of how that would be very useful to me. .Just another request to give consideration for the future. Thanks, Dan Geiser [EMAIL PROTECTED] - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 7:11 PM Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? If I have a SPAMDOMAINS type test in my GLOBAL.CFG... SD-TLD spamdomains D:\iMail\declude\JunkMail.SpamDomains.TLD.txt x 5 0 ...and I have some entries in the corresponding flat text file like below... .mil will SPAMDOMAINS search the reverse DNS entry in a CONTAINS type manner or an ENDSWITH type manner? It will work like CONTAINS, so: For example would the host name .milton-bradley.com in the below... - X-Note: Sent with HELO [mail] from Reverse DNS [mail.milton-bradley.com] - get flagged as passing or failing the SPAMDOMAINS test? That one would get caught, if the reverse DNS entry did not contain .mil in it. So if the E-mail was from [EMAIL PROTECTED], and the reverse DNS entry was mail.milton-bradley.com, the E-mail would not fail the test (but if the reverse DNS was mail.someone_else.com, it would fail the test). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Kami, How do you see me using a filter file to add a small amount of points for the end of every SENDER that doesn't match the end of every REVDNS in the edu TLD.? I don't know how to use a filter file to compare a string in one field to a string in another. If it can be done that would be great. Thanks, Dan Geiser [EMAIL PROTECTED] - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 9:22 AM Subject: RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Dan.. Can you not use a filter file for this? Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, May 14, 2004 9:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Scott, I know it's been awhile since you posted the answer to my original question but I would _love_ to have a test which functions exactly the same as spamdomains but instead of searching the reverse DNS in a CONTAINS type manner it searched it an ENDSWITH type manner. That would allow me to create a file like the below (that would be used with the ENDSWITH-typespamdomains test)... - a.edu b.edu c.edu d.edu . . . w.edu x.edu y.edu z.edu - which I would use to add a small amount of points for the end of every SENDER that doesn't match the end of every REVDNS in the edu TLD. With edu especially a large majority of the time it does match so points for not matching would be great. And that's just one example of how that would be very useful to me. .Just another request to give consideration for the future. Thanks, Dan Geiser [EMAIL PROTECTED] - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 7:11 PM Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? If I have a SPAMDOMAINS type test in my GLOBAL.CFG... SD-TLD spamdomains D:\iMail\declude\JunkMail.SpamDomains.TLD.txt x 5 0 ...and I have some entries in the corresponding flat text file like below... .mil will SPAMDOMAINS search the reverse DNS entry in a CONTAINS type manner or an ENDSWITH type manner? It will work like CONTAINS, so: For example would the host name .milton-bradley.com in the below... - X-Note: Sent with HELO [mail] from Reverse DNS [mail.milton-bradley.com] - get flagged as passing or failing the SPAMDOMAINS test? That one would get caught, if the reverse DNS entry did not contain .mil in it. So if the E-mail was from [EMAIL PROTECTED], and the reverse DNS entry was mail.milton-bradley.com, the E-mail would not fail the test (but if the reverse DNS was mail.someone_else.com, it would fail the test). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing
RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Dan.. May be I am not understanding the question. But I basically have a couple of combination tests that are like the following: REVDNS END ENDSWITH.hotmail.com MAILFROM3 ENDSWITH@hotmail.com HELO5 ENDSWITH.hotmail.com So with this logic you can add weight if someone is using Hotmail as return address but is not using hotmail to send mail. We have this for a lot of ISP's. Is this what you are trying to do? Regards, -Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, May 14, 2004 9:31 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Kami, How do you see me using a filter file to add a small amount of points for the end of every SENDER that doesn't match the end of every REVDNS in the edu TLD.? I don't know how to use a filter file to compare a string in one field to a string in another. If it can be done that would be great. Thanks, Dan Geiser [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Hi, Kami, I don't even know how to mentally parse the below code that you've listed. Would this go inside a filter file? What does each line signify? For example, REVDNS END ENDSWITH .hotmail.com. I've not seen that syntax before. Is END a valid value in that column? What does it do? When was the END value introduced? I am currently running v1.75 and I know there's been a lot of stuff introduced since our Service Agreement expired. Thanks for your feedback. Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 9:40 AM Subject: RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Dan.. May be I am not understanding the question. But I basically have a couple of combination tests that are like the following: REVDNS END ENDSWITH .hotmail.com MAILFROM 3 ENDSWITH @hotmail.com HELO 5 ENDSWITH .hotmail.com So with this logic you can add weight if someone is using Hotmail as return address but is not using hotmail to send mail. We have this for a lot of ISP's. Is this what you are trying to do? Regards, -Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, May 14, 2004 9:31 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Kami, How do you see me using a filter file to add a small amount of points for the end of every SENDER that doesn't match the end of every REVDNS in the edu TLD.? I don't know how to use a filter file to compare a string in one field to a string in another. If it can be done that would be great. Thanks, Dan Geiser [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
The END in the weight column is valid starting somewhere in the 1.77s. It causes the filter to immediately end with the current score. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 05/14/04 03:01PM Hi, Kami, I don't even know how to mentally parse the below code that you've listed. Would this go inside a filter file? What does each line signify? For example, REVDNS END ENDSWITH .hotmail.com. I've not seen that syntax before. Is END a valid value in that column? What does it do? When was the END value introduced? I am currently running v1.75 and I know there's been a lot of stuff introduced since our Service Agreement expired. Thanks for your feedback. Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 9:40 AM Subject: RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Dan.. May be I am not understanding the question. But I basically have a couple of combination tests that are like the following: REVDNS END ENDSWITH .hotmail.com MAILFROM 3 ENDSWITH @hotmail.com HELO 5 ENDSWITH .hotmail.com So with this logic you can add weight if someone is using Hotmail as return address but is not using hotmail to send mail. We have this for a lot of ISP's. Is this what you are trying to do? Regards, -Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, May 14, 2004 9:31 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Kami, How do you see me using a filter file to add a small amount of points for the end of every SENDER that doesn't match the end of every REVDNS in the edu TLD.? I don't know how to use a filter file to compare a string in one field to a string in another. If it can be done that would be great. Thanks, Dan Geiser [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamdomains question
I just had an email fail spamdomains for [EMAIL PROTECTED] X-RBL-Warning: SPAMDOMAINS: Spamdomain 'swbell.net' found: Address of [EMAIL PROTECTED] sent from invalid mta7.pltn13.pbi.net. pbi.net is registered to SBC and is valid (pacific bell internet) In my spam domains file I have this: swbell.net .prodigy.net would I just add another line like this? swbell.net .pbi.net or can they be placed on the same line like this? swbell.net .prodigy.net .pbi.net Question 2: Is there a way to turn the headers off in the mail archive so everyones declude header messages arent the bulk of the search results? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains question
I just had an email fail spamdomains for [EMAIL PROTECTED] X-RBL-Warning: SPAMDOMAINS: Spamdomain 'swbell.net' found: Address of [EMAIL PROTECTED] sent from invalid mta7.pltn13.pbi.net. pbi.net is registered to SBC and is valid (pacific bell internet) In my spam domains file I have this: swbell.net .prodigy.net would I just add another line like this? swbell.net .pbi.net No. With both those lines, E-mail from @swbell.net will fail the test unless the reverse DNS contains swbell.net in it. For example, an E-mail from @swbell.net with a reverse DNS entry of mail.prodigy.net would pass the first line, but fail the second line, causing the test to fail. or can they be placed on the same line like this? swbell.net .prodigy.net .pbi.net This is something that we hope to add later. Question 2: Is there a way to turn the headers off in the mail archive so everyones declude header messages arent the bulk of the search results? Unfortunately, I'm not aware of any way to do that. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains question
I believe you are only allowed two columns in the spam domain line. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 05/11/04 03:40PM I just had an email fail spamdomains for [EMAIL PROTECTED] X-RBL-Warning: SPAMDOMAINS: Spamdomain 'swbell.net' found: Address of [EMAIL PROTECTED] sent from invalid mta7.pltn13.pbi.net. pbi.net is registered to SBC and is valid (pacific bell internet) In my spam domains file I have this: swbell.net .prodigy.net would I just add another line like this? swbell.net .pbi.net or can they be placed on the same line like this? swbell.net .prodigy.net .pbi.net Question 2: Is there a way to turn the headers off in the mail archive so everyones declude header messages arent the bulk of the search results? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS entry for freeserve.co.uk
Does anyone know a good spamdomains entry for the domain freeserve.co.uk? dnsstuff.com returns no mx records. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS Failure
Hello, Had a client forward me an e-mail that failed the SPAMDOMAIN test (along with a couple others). Below are the internet headers of the SPAMDOMAINs failure (I can post the full inet headers if desired): X-RBL-Warning: SPAMDOMAINS: Spamdomain 'att.net' found: Address of [EMAIL PROTECTED] sent from invalid emhmta02.cdpd.airdata.com. X-Declude-Sender: [EMAIL PROTECTED] [199.88.234.47] I have an entry of: att.net in our spamdomains.txt file. Now to add this entry to the spamdomains.txt file, I would make the following entry, correct? att.net .airdata.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS Failure
I'd be leary of a spamdomain att.net .airdata.com If you received e-mail from catt.net, it would fail the above line. I made up catt.net, but valid non-ATT domains ending in att.net may exist. perhaps mobile.att.net .airdata.com @att.net .att.net or .att.net.airdata.com @att.net .att.net [EMAIL PROTECTED] 4/28 7:22p Hello, Had a client forward me an e-mail that failed the SPAMDOMAIN test (along with a couple others). Below are the internet headers of the SPAMDOMAINs failure (I can post the full inet headers if desired): X-RBL-Warning: SPAMDOMAINS: Spamdomain 'att.net' found: Address of [EMAIL PROTECTED] sent from invalid emhmta02.cdpd.airdata.com. X-Declude-Sender: [EMAIL PROTECTED] [199.88.234.47] I have an entry of: att.net in our spamdomains.txt file. Now to add this entry to the spamdomains.txt file, I would make the following entry, correct? att.net .airdata.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS - Netscape.com
Hello, I got a message that was from [EMAIL PROTECTED] but came from RoadRunners networks. There isn't a netscape entry in my SPAMDOMAINS.TXT file. I was just wondering what I would enter to make it so. I did a NSLOOKUP on netscape.com and the MX record points to mail.nescape.everyone.net. So the entry I would enter would be: netscape.comnetscape.everyone.net Is this correct? Just want to make sure if there are more later. I want to understand this so I don't keep asking. Thanks.. -Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMDOMAINS - Netscape.com
Ok.. Makes sense.. Thanks.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Monday, April 19, 2004 2:29 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Jeff, the main problem with figuring out spamdomains entries is that you really have to receive valid mail from the domain to really know. If they have an SPF record, that's the easiest way to research them, but you can also try the website at http://www.SenderBase.org to see what they've noticed. They've noticed one more host: dust.netscape.com The problem with checking the MX record is that it is only for recording inbound mail to Netscape.com, it doesn't necessarily say anything about outbound mail from them, which is what you're after. I suspect that your suggestion will work fine, as I think that they keep their corporate domain for netscape.com separate from the customer business as netscape.net ... Andrew 8) -Original Message- From: Jeff Maze - Hostmaster [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 11:07 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Hello, I got a message that was from [EMAIL PROTECTED] but came from RoadRunners networks. There isn't a netscape entry in my SPAMDOMAINS.TXT file. I was just wondering what I would enter to make it so. I did a NSLOOKUP on netscape.com and the MX record points to mail.nescape.everyone.net. So the entry I would enter would be: netscape.comnetscape.everyone.net Is this correct? Just want to make sure if there are more later. I want to understand this so I don't keep asking. Thanks.. -Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS - Netscape.com
Andrew and Jeff, Unfortunately Netscape.net is actually handled by aol.com when it is outgoing (which is what matters in this case). I sometimes search my known good E-mail for outgoing servers, or Google for it by looking for header code along with the address and keeping in mind that a lot of that stuff is forged especially in newsgroups. Here are the headers from a test of my own account: Received: from imo-d01.mx.aol.com [205.188.157.33] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id AE31AB9B0140; Mon, 19 Apr 2004 14:45:05 -0400 Received: from [EMAIL PROTECTED] by imo-d01.mx.aol.com (mail_out_v37_r1.2.) id j.1b5.a579353 (16239) for [EMAIL PROTECTED]; Mon, 19 Apr 2004 14:45:00 -0400 (EDT) Received: from netscape.net (mow-d23.webmail.aol.com [205.188.139.164]) by air-in03.mx.aol.com (v98.19) with ESMTP id MAILININ33-3f6f40841e2c327; Mon, 19 Apr 2004 14:45:00 -0500 Date: Mon, 19 Apr 2004 14:45:00 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: test MIME-Version: 1.0 Message-ID: [EMAIL PROTECTED] X-Mailer: Atlas Mailer 2.0 X-AOL-IP: 24.195.119.188 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MailPure: X-MailPure: RFC-NOABUSE: Failed, listed in abuse.rfc-ignorant.org (weight 1). X-MailPure: RFC-NOPOSTMASTER: Failed, listed in postmaster.rfc-ignorant.org (weight 1). X-MailPure: X-MailPure: Spam Score: 2 X-MailPure: Scan Time: 14:45:12 on 04/19/2004 X-MailPure: Spool File: D1e31ab9b01404b3e.SMD X-MailPure: Server Name: imo-d01.mx.aol.com X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: imo-d01.mx.aol.com [205.188.157.33] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: Colbeck, Andrew wrote: Jeff, the main problem with figuring out spamdomains entries is that you really have to receive valid mail from the domain to really know. If they have an SPF record, that's the easiest way to research them, but you can also try the website at http://www.SenderBase.org to see what they've noticed. They've noticed one more host: dust.netscape.com The problem with checking the MX record is that it is only for recording inbound mail to Netscape.com, it doesn't necessarily say anything about outbound mail from them, which is what you're after. I suspect that your suggestion will work fine, as I think that they keep their corporate domain for netscape.com separate from the customer business as netscape.net ... Andrew 8) -Original Message- From: Jeff Maze - Hostmaster [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 11:07 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Hello, I got a message that was from [EMAIL PROTECTED] but came from RoadRunners networks. There isn't a netscape entry in my SPAMDOMAINS.TXT file. I was just wondering what I would enter to make it so. I did a NSLOOKUP on netscape.com and the MX record points to mail.nescape.everyone.net. So the entry I would enter would be: netscape.com netscape.everyone.net Is this correct? Just want to make sure if there are more later. I want to understand this so I don't keep asking. Thanks.. -Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMDOMAINS - Netscape.com
Well, Matt, that's a great example for Netscape.net, but Jeff was asking about Netscape.com So I guess to round out the conversation, here's the two entries in spamdomains that everybody seems to have, to cover Netscape.net: aol.com netscape.net netscape.netaol.com I'm pretty sure that we have Bill Landry to thank for the seminal work on sd.txt from which everyone has benefitted (hey, credit where credit is due!) Andrew 8) -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 11:52 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Andrew and Jeff, Unfortunately Netscape.net is actually handled by aol.com when it is outgoing (which is what matters in this case). I sometimes search my known good E-mail for outgoing servers, or Google for it by looking for header code along with the address and keeping in mind that a lot of that stuff is forged especially in newsgroups. Here are the headers from a test of my own account: Received: from imo-d01.mx.aol.com [205.188.157.33] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id AE31AB9B0140; Mon, 19 Apr 2004 14:45:05 -0400 Received: from [EMAIL PROTECTED] by imo-d01.mx.aol.com (mail_out_v37_r1.2.) id j.1b5.a579353 (16239) for [EMAIL PROTECTED]; Mon, 19 Apr 2004 14:45:00 -0400 (EDT) Received: from netscape.net (mow-d23.webmail.aol.com [205.188.139.164]) by air-in03.mx.aol.com (v98.19) with ESMTP id MAILININ33-3f6f40841e2c327; Mon, 19 Apr 2004 14:45:00 -0500 Date: Mon, 19 Apr 2004 14:45:00 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: test MIME-Version: 1.0 Message-ID: [EMAIL PROTECTED] X-Mailer: Atlas Mailer 2.0 X-AOL-IP: 24.195.119.188 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MailPure: X-MailPure: RFC-NOABUSE: Failed, listed in abuse.rfc-ignorant.org (weight 1). X-MailPure: RFC-NOPOSTMASTER: Failed, listed in postmaster.rfc-ignorant.org (weight 1). X-MailPure: X-MailPure: Spam Score: 2 X-MailPure: Scan Time: 14:45:12 on 04/19/2004 X-MailPure: Spool File: D1e31ab9b01404b3e.SMD X-MailPure: Server Name: imo-d01.mx.aol.com X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: imo-d01.mx.aol.com [205.188.157.33] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: Colbeck, Andrew wrote: Jeff, the main problem with figuring out spamdomains entries is that you really have to receive valid mail from the domain to really know. If they have an SPF record, that's the easiest way to research them, but you can also try the website at http://www.SenderBase.org to see what they've noticed. They've noticed one more host: dust.netscape.com The problem with checking the MX record is that it is only for recording inbound mail to Netscape.com, it doesn't necessarily say anything about outbound mail from them, which is what you're after. I suspect that your suggestion will work fine, as I think that they keep their corporate domain for netscape.com separate from the customer business as netscape.net ... Andrew 8) -Original Message- From: Jeff Maze - Hostmaster [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 11:07 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Hello, I got a message that was from [EMAIL PROTECTED] but came from RoadRunners networks. There isn't a netscape entry in my SPAMDOMAINS.TXT file. I was just wondering what I would enter to make it so. I did a NSLOOKUP on netscape.com and the MX record points to mail.nescape.everyone.net. So the entry I would enter would be: netscape.com netscape.everyone.net Is this correct? Just want to make sure if there are more later. I want to understand this so I don't keep asking. Thanks.. -Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software
Re: [Declude.JunkMail] SPAMDOMAINS - Netscape.com
Oops, sorry. I'm not sure about netscape.com, but E-mail from that domain has been quite rare in the past since they don't have hardly any employees, and even if you had their primary reverse DNS entries, it's quite possible that they send out as netscape.com from third-parties just like symantec.com does (which is quite boneheaded for an AV/Anti-Spam provider). This is what I'm using for netscape.com: @netscape.com .aol. This might be a good example of a domain though that really needs benefit of two columns, i.e.: netscape.com .aol. I have no idea what they are doing for their new ISP service as far as E-mail goes, but I would expect for them to channel everything through aol.com just as they have with netscape.net. I don't see why they would seek to establish a new network exclusively for this new service. FYI, I never found a reason for the following entry: aol.com netscape.net Omitting it hasn't caused any problems that I am aware of. I did of course though use Bill's original list as the starting point for mine and for the most part it remains intact except that I got anal about the @ thing :) Matt Colbeck, Andrew wrote: Well, Matt, that's a great example for Netscape.net, but Jeff was asking about Netscape.com So I guess to round out the conversation, here's the two entries in spamdomains that everybody seems to have, to cover Netscape.net: aol.com netscape.net netscape.netaol.com I'm pretty sure that we have Bill Landry to thank for the seminal work on sd.txt from which everyone has benefitted (hey, credit where credit is due!) Andrew 8) -Original Message- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Monday, April 19, 2004 11:52 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Andrew and Jeff, Unfortunately Netscape.net is actually handled by aol.com when it is outgoing (which is what matters in this case). I sometimes search my known good E-mail for outgoing servers, or Google for it by looking for header code along with the address and keeping in mind that a lot of that stuff is forged especially in newsgroups. Here are the headers from a test of my own account: Received: from imo-d01.mx.aol.com [205.188.157.33] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id AE31AB9B0140; Mon, 19 Apr 2004 14:45:05 -0400 Received: from [EMAIL PROTECTED] by imo-d01.mx.aol.com (mail_out_v37_r1.2.) id j.1b5.a579353 (16239) for [EMAIL PROTECTED]; Mon, 19 Apr 2004 14:45:00 -0400 (EDT) Received: from netscape.net (mow-d23.webmail.aol.com [205.188.139.164]) by air-in03.mx.aol.com (v98.19) with ESMTP id MAILININ33-3f6f40841e2c327; Mon, 19 Apr 2004 14:45:00 -0500 Date: Mon, 19 Apr 2004 14:45:00 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: test MIME-Version: 1.0 Message-ID: [EMAIL PROTECTED] X-Mailer: Atlas Mailer 2.0 X-AOL-IP: 24.195.119.188 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MailPure: X-MailPure: RFC-NOABUSE: Failed, listed in abuse.rfc-ignorant.org (weight 1). X-MailPure: RFC-NOPOSTMASTER: Failed, listed in postmaster.rfc-ignorant.org (weight 1). X-MailPure: X-MailPure: Spam Score: 2 X-MailPure: Scan Time: 14:45:12 on 04/19/2004 X-MailPure: Spool File: D1e31ab9b01404b3e.SMD X-MailPure: Server Name: imo-d01.mx.aol.com X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: imo-d01.mx.aol.com [205.188.157.33] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: Colbeck, Andrew wrote: Jeff, the main problem with figuring out spamdomains entries is that you really have to receive valid mail from the domain to really know. If they have an SPF record, that's the easiest way to research them, but you can also try the website at http://www.SenderBase.org to see what they've noticed. They've noticed one more host: dust.netscape.com The problem with checking the MX record is that it is only for recording inbound mail to Netscape.com, it doesn't necessarily say anything about outbound mail from them, which is what you're after. I suspect that your suggestion will work fine, as I think that they keep their corporate domain for netscape.com separate from the customer business as netscape.net ... Andrew 8) -Original Message- From: Jeff Maze - Hostmaster [mailto:[EMAIL PROTECTED]] Sent: Monday, April 19, 2004 11:07 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Hello, I got a message that was "from" [EMAIL PROTECTED] but came from RoadRunners networks. There isn't a netscape entry in my SPAMDOMAINS.TX
RE: [Declude.JunkMail] SPAMDOMAINS - Netscape.com
Title: Message astonishmentWhat, Matt, you get anal about your work!?/astonishment Don't worry, I won't make you the butt of any jokes. Andrew 8) -Original Message-From: Matt [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 1:47 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] SPAMDOMAINS - Netscape.comOops, sorry. I'm not sure about netscape.com, but E-mail from that domain has been quite rare in the past since they don't have hardly any employees, and even if you had their primary reverse DNS entries, it's quite possible that they send out as netscape.com from third-parties just like symantec.com does (which is quite boneheaded for an AV/Anti-Spam provider). This is what I'm using for netscape.com:@netscape.com .aol.This might be a good example of a domain though that really needs benefit of two columns, i.e.:netscape.com .aol.I have no idea what they are doing for their new ISP service as far as E-mail goes, but I would expect for them to channel everything through aol.com just as they have with netscape.net. I don't see why they would seek to establish a new network exclusively for this new service.FYI, I never found a reason for the following entry:aol.com netscape.netOmitting it hasn't caused any problems that I am aware of. I did of course though use Bill's original list as the starting point for mine and for the most part it remains intact except that I got anal about the @ thing :)MattColbeck, Andrew wrote: Well, Matt, that's a great example for Netscape.net, but Jeff was asking about Netscape.com So I guess to round out the conversation, here's the two entries in spamdomains that everybody seems to have, to cover Netscape.net: aol.com netscape.net netscape.netaol.com I'm pretty sure that we have Bill Landry to thank for the seminal work on sd.txt from which everyone has benefitted (hey, credit where credit is due!) Andrew 8) -Original Message- From: Matt [mailto:[EMAIL PROTECTED]] Sent: Monday, April 19, 2004 11:52 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS - Netscape.com Andrew and Jeff, Unfortunately Netscape.net is actually handled by aol.com when it is outgoing (which is what matters in this case). I sometimes search my known good E-mail for outgoing servers, or Google for it by looking for header code along with the address and keeping in mind that a lot of that stuff is forged especially in newsgroups. Here are the headers from a test of my own account: Received: from imo-d01.mx.aol.com [205.188.157.33] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id AE31AB9B0140; Mon, 19 Apr 2004 14:45:05 -0400 Received: from [EMAIL PROTECTED] by imo-d01.mx.aol.com (mail_out_v37_r1.2.) id j.1b5.a579353 (16239) for [EMAIL PROTECTED]; Mon, 19 Apr 2004 14:45:00 -0400 (EDT) Received: from netscape.net (mow-d23.webmail.aol.com [205.188.139.164]) by air-in03.mx.aol.com (v98.19) with ESMTP id MAILININ33-3f6f40841e2c327; Mon, 19 Apr 2004 14:45:00 -0500 Date: Mon, 19 Apr 2004 14:45:00 -0400 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: test MIME-Version: 1.0 Message-ID: [EMAIL PROTECTED] X-Mailer: Atlas Mailer 2.0 X-AOL-IP: 24.195.119.188 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-MailPure: X-MailPure: RFC-NOABUSE: Failed, listed in abuse.rfc-ignorant.org (weight 1). X-MailPure: RFC-NOPOSTMASTER: Failed, listed in postmaster.rfc-ignorant.org (weight 1). X-MailPure: X-MailPure: Spam Score: 2 X-MailPure: Scan Time: 14:45:12 on 04/19/2004 X-MailPure: Spool File: D1e31ab9b01404b3e.SMD X-MailPure: Server Name: imo-d01.mx.aol.com X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: imo-d01.mx.aol.com [205.188.157.33] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: Colbeck, Andrew wrote: Jeff, the main problem with figuring out spamdomains entries is that you really have to receive valid mail from the domain to really know. If they have an SPF record, that's the easiest way to research them, but you can also try the website at http://www.SenderBase.org to see what they've noticed. They've noticed one more host: dust.netscape.com The problem with checking the MX record is that it is only for recording inbound mail to Netscape.com, it doesn't necessarily say anything about outbound mail from them, which is what you're after. I suspect that your suggestion will work fine, as I think that they keep their corporate domain for netscape.com separate from the customer business as netscape.net ... Andrew 8
[Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Hello, All, If I have a SPAMDOMAINS type test in my GLOBAL.CFG... SD-TLD spamdomains D:\iMail\declude\JunkMail.SpamDomains.TLD.txt x 5 0 ...and I have some entries in the corresponding flat text file like below... # JunkMail.SpamDomains.TLD.txt # # == Add Points To Total Weight == # .mil will SPAMDOMAINS search the reverse DNS entry in a CONTAINS type manner or an ENDSWITH type manner? For example would the host name .milton-bradley.com in the below... - X-Note: Sent with HELO [mail] from Reverse DNS [mail.milton-bradley.com] - get flagged as passing or failing the SPAMDOMAINS test? Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
If I have a SPAMDOMAINS type test in my GLOBAL.CFG... SD-TLD spamdomains D:\iMail\declude\JunkMail.SpamDomains.TLD.txt x 5 0 ...and I have some entries in the corresponding flat text file like below... .mil will SPAMDOMAINS search the reverse DNS entry in a CONTAINS type manner or an ENDSWITH type manner? It will work like CONTAINS, so: For example would the host name .milton-bradley.com in the below... - X-Note: Sent with HELO [mail] from Reverse DNS [mail.milton-bradley.com] - get flagged as passing or failing the SPAMDOMAINS test? That one would get caught, if the reverse DNS entry did not contain .mil in it. So if the E-mail was from [EMAIL PROTECTED], and the reverse DNS entry was mail.milton-bradley.com, the E-mail would not fail the test (but if the reverse DNS was mail.someone_else.com, it would fail the test). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] spamdomains phish filter needed
Is somebody is using the spamdomains filter to detect paypal, ebay phish e-mails? Could you please share the appropriate entries? Or is using the spamdomains filter to do this a bad idea? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail scanned for viruses by Farm Progress Companies using Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SpamDomains test not working consistently
Scott, I am noticing SpamDomains test is not working consistently. Lots of messages are being properly flagged, but many that should be flagged but are not. I can provide samples, if you would like. Thanks for looking into this. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains test not working consistently
Scott, I am noticing SpamDomains test is not working consistently. Lots of messages are being properly flagged, but many that should be flagged but are not. I can provide samples, if you would like. Yes, samples would be very helpful. Also, what version are you running? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains test not working consistently
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] Scott, I am noticing SpamDomains test is not working consistently. Lots of messages are being properly flagged, but many that should be flagged but are not. I can provide samples, if you would like. Yes, samples would be very helpful. Also, what version are you running? Never mind, I see what's happening. My name server is not responding to queries for about 3 minutes right after midnight while some reports are being generated. Sorry for the false alarm. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SpamDomains Question
I have added a SpamDomains test to Global.cfg and junkmail.default file SpamDomains is set to warn. I am running a backup mail server that forwards mail to the system with Declude Junkmail. I do have an IPBYPASS entry for the backup mail server. My warn messages in the mail server look to always test my backup mail server name if the message was routed through that server. I am running Declude Virus Pro V 1.75 So is the header info correct and the SpamDomains logic is using my backup mail server address as who sent the message, or is the message wrong? _ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _ Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoatnt tihng is taht the frist and lsat ltteers are in the rghit pclae. The rset can be a toatl mses - We do not raed ervey lteter by itslef, but the wrod as a wlohe. _ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS and Google
I am considering adding google.com to SPAMDOMAINS, as I see a number of spam with a from address of @google.com. Can I safely assume that any legit message from Google will be from a google.com server? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS and REVDNS
When a message comes from an IP that has no PTR record, and the sender domain is in the SPAMDOMAINS list, it is getting double penalized for the same violation. That is not the desired effect. Is there a way that SPAMDOMAINS can be configured not to fail if there is no PTR record, based on the assumption that most of us use the REVDNS test? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS and REVDNS
John, nothing should be listed in spamdomains unless it has a valid PTR , that's the very nature of the test - to test the mailfrom domain of a message that has a matching domain listed in spamdomains (again, which should already be confirmed to have valid PTR records), and reject those that either have no PTR or have an invalid PTR. Bill - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, December 13, 2003 12:52 AM Subject: [Declude.JunkMail] SPAMDOMAINS and REVDNS When a message comes from an IP that has no PTR record, and the sender domain is in the SPAMDOMAINS list, it is getting double penalized for the same violation. That is not the desired effect. Is there a way that SPAMDOMAINS can be configured not to fail if there is no PTR record, based on the assumption that most of us use the REVDNS test? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. e.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMDOMAINS and REVDNS
John, nothing should be listed in spamdomains unless it has a valid PTR , that's the very nature of the test - to test the mailfrom domain of a message that has a matching domain listed in spamdomains (again, which should already be confirmed to have valid PTR records), and reject those that either have no PTR or have an invalid PTR. Ah, I guess that is what I get for being busy and not fully paying attention to how the test works. Thanks. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Well, then the best of both worlds is to change the spamdomains test to an ENDSWITH qualifier and it will support your needs and mine. The current CONTAINS qualifier only effectively supports your needs, and does so, at that, with limited capabilities. Bill - Original Message - From: Matthew Bramble [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 8:23 PM Subject: Re: [Declude.JunkMail] SpamDomains Bill Landry wrote: If you use the @ symbol in the first column, then you have severely limited yourself to supporting only one RDNS per domain. I don't feel limited, in fact, I have a lot more confidence in this test not FP'ing on VERP stuff which may be forwarded to an account hosted on my machine, i.e. to [EMAIL PROTECTED] forwarded to [EMAIL PROTECTED] This is especially important if you build a spamdomains file for local domains. If you need to support delivery of e-mail from [EMAIL PROTECTED] and sometime it comes from a mail server with RDNS of xxx.mindspring.com and sometimes it comes from xxx.earthlink.com, how would you venture to support this in your scenario by starting every domain in the first column with the @ sign? If it really mattered to you, you could leave it off for some domains where this is an issue. I've gone through some of the entries that have been shared on this list in the past and found that a lot of these matches don't exist, it seems that someone just guessed that there might be such a possibility, and other things such as your buy.com example where they use a third-party trusted bulk mailer is taken care of with a separate 'white' file on my system. It's much easier to credit points to DartMail across the board rather than keep track of which companies are using them and might be also in a spamdomains file. I've tried it both ways, and I like the idea of separate files with the addition of a white file and using @ symbols. I think that it's critical for instance to have a FRAUDDOMAINS file with listings for Ebay, PayPal, Microsoft, Symantec and McAfee for instance, and a white file for reverse DNS lookups for places like americangreetings.com and ebay.com. Don't knock it until you try it :) Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SpamDomains
Why would this be caught with SPAMDOMAINS when closeout-sale.com is not in the spamdomains.txt file? X-RBL-Warning: SPAMDOMAINS: Spamdomain 'domain.moc' found: Address of [EMAIL PROTECTED] sent from invalid mail.closeout-sale.com. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Why would this be caught with SPAMDOMAINS when closeout-sale.com is not in the spamdomains.txt file? X-RBL-Warning: SPAMDOMAINS: Spamdomain 'domain.moc' found: Address of [EMAIL PROTECTED] sent from invalid mail.closeout-sale.com. That's because the SPAMDOMAINS test looks for the domain within the E-mail address, even if it appears in the username. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
John, If you include an @ symbol before the domain name, it will stop it from tagging this VERP stuff. @domain.moc domain.moc @aol.com .aol.com @yahoo. .yahoo. etc... The only drawback here is that you can only have one match (the second column) because the first column will never produce a match on REVDNS this way. Matt John Tolmachoff (Lists) wrote: Why would this be caught with SPAMDOMAINS when closeout-sale.com is not in the spamdomains.txt file? X-RBL-Warning: SPAMDOMAINS: Spamdomain 'domain.moc' found: Address of [EMAIL PROTECTED] sent from invalid mail.closeout-sale.com. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamDomains
That's because the SPAMDOMAINS test looks for the domain within the E-mail address, even if it appears in the username. But wouldn't that create a lot of false positives in such things like newsletters that have the receipients address embedded in the from address as part of the user part? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamDomains
Question.. SPAMDOMAIN will test the REVDNS only for the domains included in the spamdomains.txt file ?? Any domain not included will not be tested ?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Wednesday, December 03, 2003 2:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains John, If you include an @ symbol before the domain name, it will stop it from tagging this VERP stuff. @domain.moc domain.moc @aol.com .aol.com @yahoo. .yahoo. etc... The only drawback here is that you can only have one match (the second column) because the first column will never produce a match on REVDNS this way. Matt John Tolmachoff (Lists) wrote: Why would this be caught with SPAMDOMAINS when closeout-sale.com is not in the spamdomains.txt file? X-RBL-Warning: SPAMDOMAINS: Spamdomain 'domain.moc' found: Address of [EMAIL PROTECTED] sent from invalid mail.closeout-sale.com. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
That's why making the SPAMDOMAINS test an ENDSWITH instead of CONTAINS type of test would resolve lots of these kinds of questions and headaches. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 1:29 PM Subject: Re: [Declude.JunkMail] SpamDomains Why would this be caught with SPAMDOMAINS when closeout-sale.com is not in the spamdomains.txt file? X-RBL-Warning: SPAMDOMAINS: Spamdomain 'domain.moc' found: Address of [EMAIL PROTECTED] sent from invalid mail.closeout-sale.com. That's because the SPAMDOMAINS test looks for the domain within the E-mail address, even if it appears in the username. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Bill Landry wrote: That's why making the SPAMDOMAINS test an ENDSWITH instead of CONTAINS type of test would resolve lots of these kinds of questions and headaches. ...and create some others at the same time. No one option is perfect, so if Scott decides to change the functionality of this test, I would prefer a more open format allowing choice, and even other options possibly. something like: ENDSWITH aol.com ENDSWITH aol.com CONTAINS@yahoo. CONTAINS .yahoo. ENDSWITH @mailpure.com ISmail.mailpure.com Opening it up further might look like two separate filter tests that both need to match, i.e. If x and If y Then True, or If x and Not If y Then False. I see no reason to change the SPAMDOMAINS functionality when working around VERP issues is done quite simply with an @ symbol, and I haven't yet found any examples where a domain that I would include in this test could have two REVDNS domains instead of just one which could benefit from matches on both columns. Fixing it to ENDSWITH would make it more difficult to track multi-TLD domains like Yahoo, while making it easier to track multi-sub domains like rr.com, and in the end, it would seem to be a draw. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt Alejandro Valenzuela wrote: Question.. SPAMDOMAIN will test the REVDNS only for the domains included in the spamdomains.txt file ?? Any domain not included will not be tested ?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Wednesday, December 03, 2003 2:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains John, If you include an @ symbol before the domain name, it will stop it from tagging this VERP stuff. @domain.moc domain.moc @aol.com .aol.com @yahoo. .yahoo. etc... The only drawback here is that you can only have one match (the second column) because the first column will never produce a match on REVDNS this way. Matt John Tolmachoff (Lists) wrote: Why would this be caught with SPAMDOMAINS when closeout-sale.com is not in the spamdomains.txt file? X-RBL-Warning: SPAMDOMAINS: Spamdomain 'domain.moc' found: Address of [EMAIL PROTECTED] sent from invalid mail.closeout-sale.com. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Everything is already excluded from the spamdomains test except that which you specifically included. So I'm not sure I understand what you're asking for here? Bill - Original Message - From: Jason Newland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 5:29 PM Subject: Re: [Declude.JunkMail] SpamDomains I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
- Original Message - From: Matthew Bramble [EMAIL PROTECTED] That's why making the SPAMDOMAINS test an ENDSWITH instead of CONTAINS type of test would resolve lots of these kinds of questions and headaches. ...and create some others at the same time. No one option is perfect, so if Scott decides to change the functionality of this test, I would prefer a more open format allowing choice, and even other options possibly. something like: ENDSWITH aol.com ENDSWITH aol.com CONTAINS@yahoo. CONTAINS .yahoo. ENDSWITH @mailpure.com ISmail.mailpure.com Opening it up further might look like two separate filter tests that both need to match, i.e. If x and If y Then True, or If x and Not If y Then False. I see no reason to change the SPAMDOMAINS functionality when working around VERP issues is done quite simply with an @ symbol, and I haven't yet found any examples where a domain that I would include in this test could have two REVDNS domains instead of just one which could benefit from matches on both columns. Fixing it to ENDSWITH would make it more difficult to track multi-TLD domains like Yahoo, while making it easier to track multi-sub domains like rr.com, and in the end, it would seem to be a draw. Having the ability to define the test type (*WITH) per line would be nice. However, short of that, how many people would wonder why: sale.com in the spamdomains.txt file would cause this to fail: [EMAIL PROTECTED] versus this in the spamdomains.txt file: domains.com which caused this to fail: [EMAIL PROTECTED] At least ENDSWITH gives you much greater control and understanding of why messages trigger the test. Granted, it may cause you to have to add a few extra rows of domains in your spamdomains.txt file, but I feel that the greater simplicity and greater control it would provide would outweighs the minimal extra effort. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamDomains
Say for example I have 10,000 people using MSN.com addresses to spam me with. I add the spamdomains test and enter in @msn.com into it. Now it does well to stop the spammers, but now I am falsely tagging mail from ebay.com [EMAIL PROTECTED] making a bid inquiry. If we could have a spamdomains RDNS whitelist, then anything with a .ebay.com address is whitelisted, or whatever we put in the list. I know we can whitelist in the main .cfg file, but I'm not sure I would want to whitelist ebay from every test, just whitelist from the spamdomains test. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Wednesday, December 03, 2003 8:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains Everything is already excluded from the spamdomains test except that which you specifically included. So I'm not sure I understand what you're asking for here? Bill - Original Message - From: Jason Newland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 5:29 PM Subject: Re: [Declude.JunkMail] SpamDomains I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Yes, it would be nice if you could add more that just one alternate domain per line in the spamdomains.txt file, like: @msn.com.msn.com .hotmail.com .ebay.com Maybe in a future release (hint, hint)... ;-) Bill - Original Message - From: Jason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 6:44 PM Subject: RE: [Declude.JunkMail] SpamDomains Say for example I have 10,000 people using MSN.com addresses to spam me with. I add the spamdomains test and enter in @msn.com into it. Now it does well to stop the spammers, but now I am falsely tagging mail from ebay.com [EMAIL PROTECTED] making a bid inquiry. If we could have a spamdomains RDNS whitelist, then anything with a .ebay.com address is whitelisted, or whatever we put in the list. I know we can whitelist in the main .cfg file, but I'm not sure I would want to whitelist ebay from every test, just whitelist from the spamdomains test. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Wednesday, December 03, 2003 8:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains Everything is already excluded from the spamdomains test except that which you specifically included. So I'm not sure I understand what you're asking for here? Bill - Original Message - From: Jason Newland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 5:29 PM Subject: Re: [Declude.JunkMail] SpamDomains I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http
Re: [Declude.JunkMail] SpamDomains
Jason, I have a separate 'white' filter for that sort of thing :) Matt Jason Newland wrote: I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Bill Landry wrote: Having the ability to define the test type (*WITH) per line would be nice. However, short of that, how many people would wonder why: sale.com in the spamdomains.txt file would cause this to fail: [EMAIL PROTECTED] versus this in the spamdomains.txt file: domains.com which caused this to fail: [EMAIL PROTECTED] At least ENDSWITH gives you much greater control... Well, IMO, they would be using the test in the wrong way if they were build the file that way :) Always use the @ symbol in the first column, that basically makes the filter act like an ENDSWITH filter since there can only be one @ symbol in an E-mail address. The extra flexibility of a CONTAINS filter on the second column causes no real harm. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamDomains
You CAN create your own RDNS whitelist. You can even use your DNS server to maintain it. Not sure if that's what your trying to do? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
. @presidency.com.outblaze. @priest.com.outblaze. @programmer.net.outblaze. @publicist.com.outblaze. @realtyagent.com.outblaze. @registerednurses.com.outblaze. @repairman.com.outblaze. @representative.com.outblaze. @rescueteam.com.outblaze. @rome.com.outblaze. @saintly.com.outblaze. @samerica.com.outblaze. @sanfranmail.com.outblaze. @scientist.com.outblaze. @seductive.com.outblaze. @singapore.com.outblaze. @sociologist.com.outblaze. @soon.com.outblaze. @teacher.com.outblaze. @techie.com.outblaze. @techie.com.outblaze. @technologist.com.outblaze. @tokyo.com.outblaze. @umpire.com.outblaze. @usa.com.outblaze. @usa.com.outblaze. @whoever.com.outblaze. @winning.com.outblaze. @witty.com.outblaze. @writeme.com.outblaze. @yours.com.outblaze. Jason wrote: Say for example I have 10,000 people using MSN.com addresses to spam me with. I add the spamdomains test and enter in @msn.com into it. Now it does well to stop the spammers, but now I am falsely tagging mail from ebay.com [EMAIL PROTECTED] making a bid inquiry. If we could have a spamdomains RDNS whitelist, then anything with a .ebay.com address is whitelisted, or whatever we put in the list. I know we can whitelist in the main .cfg file, but I'm not sure I would want to whitelist ebay from every test, just whitelist from the spamdomains test. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Wednesday, December 03, 2003 8:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains Everything is already excluded from the spamdomains test except that which you specifically included. So I'm not sure I understand what you're asking for here? Bill - Original Message - From: Jason Newland [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 5:29 PM Subject: Re: [Declude.JunkMail] SpamDomains I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
RE: [Declude.JunkMail] SpamDomains
Ahh, but us poor folks that have the standard version are out of luck :-( Guess I have a good reason to upgrade now. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Wednesday, December 03, 2003 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains Jason, I have a separate 'white' filter for that sort of thing :) Matt Jason Newland wrote: I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
- Original Message - From: Matthew Bramble [EMAIL PROTECTED] Having the ability to define the test type (*WITH) per line would be nice. However, short of that, how many people would wonder why: sale.com in the spamdomains.txt file would cause this to fail: [EMAIL PROTECTED] versus this in the spamdomains.txt file: domains.com which caused this to fail: [EMAIL PROTECTED] At least ENDSWITH gives you much greater control... Well, IMO, they would be using the test in the wrong way if they were build the file that way :) Always use the @ symbol in the first column, that basically makes the filter act like an ENDSWITH filter since there can only be one @ symbol in an E-mail address. The extra flexibility of a CONTAINS filter on the second column causes no real harm. If you use the @ symbol in the first column, then you have severely limited yourself to supporting only one RDNS per domain. I use @ whenever I can, however, I cannot do that and support all of the domains that I list that use multiple delivery domains. For example: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com attbi.com .comcast. bellatlantic.net .verizon.net buy.com .dartmail.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net earthlink. .mindspring. ebay.com .emailebay.com excite.com .excitenetwork.com gateway.com .dartmail.net geocities.com .yahoo.com hp.com .compaq.com juno.com .untd.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. If you need to support delivery of e-mail from [EMAIL PROTECTED] and sometime it comes from a mail server with RDNS of xxx.mindspring.com and sometimes it comes from xxx.earthlink.com, how would you venture to support this in your scenario by starting every domain in the first column with the @ sign? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Well that and at least 10 other filters that have been shared on this list or available at my site. It really depends on how tight you want your system of course and how much processing power you can throw at things. The recent beta functionality to limit the processing of filters helps a bunch though. Filters helped me to get my system to over 98% blocking while lowering my FP rate, and of course I'm deleting much more E-mail now that comes in well above my delete weight. I fail at 10, currently delete at 30, but 80% to 90% of the spam is scoring higher than that. Again though, you can do up to maybe 95% with the standard version if you tweak it carefully, which is just fine for many companies. It would be nice if Scott would add REVDNS pseudo-whitelisting by points to the standard version, that's kind of basic IMO. Matt Jason wrote: Ahh, but us poor folks that have the standard version are out of luck :-( Guess I have a good reason to upgrade now. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Wednesday, December 03, 2003 9:17 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamDomains Jason, I have a separate 'white' filter for that sort of thing :) Matt Jason Newland wrote: I don't know how hard it would be, but what about just adding in a pre filter in the spamdomains test that will bypass the test. Like: Spamdomains.txt: [RDNS excluded from check] ebay.com greetingcardvendor.com [includes] .yahoo.com @msn.com etc, etc This would also allow us to build our list of acceptable excluded addresses together, further improving the tests accuracy. Jason -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Wed, 03 Dec 2003 19:38:18 -0500 Alejandro, From the Declude JunkMail manual page: This test will catch E-mail that is not coming from a mailserver that it should be coming from. This test will only work if you set up a file listing domains that you wish to be included in this test. Specifically, it will check the return address of the E-mail, and then check to see if the reverse DNS entry of the IP that the E-mail was sent from contains the domain name. If not, the E-mail fails the test. For example, if hotmail.com is listed in the \IMail\Declude\spamdomains.txt file, then an E-mail coming from law2.hotmail.com would not fail the test, but an E-mail from mail.example.ru would fail the test. You can search the archives for some discussions of this. It's hardly foolproof, things like greeting cards and send-a-link sites will often fail the test because they send E-mail with a MAILFROM address of the person sending the note and not the service sending the note. I suggest that you always use the @ symbol in the first column, and you should set up two different files and score them differently. One should be for ISP's and E-mail providers such as AOL, HotMail, Yahoo, etc., and the other should be for businesses that are often spoofed such as Microsoft, PayPal, Symantec/Norton, McAfee. Be careful not to include companies that may use thrid-party mass mailers for newsletters. The second type of test can be scored higher because you are less likely to be getting greeting cards from people with real addresses at these companies than you are from places like AOL. You might also be thinking of including your own domains in this test, but that again should be in a totally different file, and scored very low because even if you are using WHITELIST AUTH functionality, you will most definitely get users sending E-mail with your hosted addresses configured in their E-mail program but are using someone else's mail server, or without WHITELIST AUTH, they will fail when using your own mail server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Bill Landry wrote: If you use the @ symbol in the first column, then you have severely limited yourself to supporting only one RDNS per domain. I don't feel limited, in fact, I have a lot more confidence in this test not FP'ing on VERP stuff which may be forwarded to an account hosted on my machine, i.e. to [EMAIL PROTECTED] forwarded to [EMAIL PROTECTED] This is especially important if you build a spamdomains file for local domains. If you need to support delivery of e-mail from [EMAIL PROTECTED] and sometime it comes from a mail server with RDNS of xxx.mindspring.com and sometimes it comes from xxx.earthlink.com, how would you venture to support this in your scenario by starting every domain in the first column with the @ sign? If it really mattered to you, you could leave it off for some domains where this is an issue. I've gone through some of the entries that have been shared on this list in the past and found that a lot of these matches don't exist, it seems that someone just guessed that there might be such a possibility, and other things such as your buy.com example where they use a third-party trusted bulk mailer is taken care of with a separate 'white' file on my system. It's much easier to credit points to DartMail across the board rather than keep track of which companies are using them and might be also in a spamdomains file. I've tried it both ways, and I like the idea of separate files with the addition of a white file and using @ symbols. I think that it's critical for instance to have a FRAUDDOMAINS file with listings for Ebay, PayPal, Microsoft, Symantec and McAfee for instance, and a white file for reverse DNS lookups for places like americangreetings.com and ebay.com. Don't knock it until you try it :) Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS
Does any one know if vianet.ca is a valid domain use of simpatico.ca mail servers? X-RBL-Warning: SPAMDOMAINS: Spamdomain 'sympatico.ca' found: Address of [EMAIL PROTECTED] sent from invalid shimmer.vianet.ca. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamDomains
Bill, it has been a lonnngg week. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SpamDomains
Why didn't this message fail spamdomains? Received: from bzq-218-101-218.red.bezeqint.net [81.218.101.218] by mail.localdomain.moc (SMTPD32-8.04) id A88A13960090; Fri, 28 Nov 2003 14:56:58 -0500 Received: from [51.180.2.49] by bzq-218-101-218.red.bezeqint.net id 5JCQ8r8Lw22M; Fri, 28 Nov 2003 23:57:03 +0400 Message-ID: [EMAIL PROTECTED] From: Alden Parham [EMAIL PROTECTED] Reply-To: Alden Parham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 20 Free amateur Pics - Hot xgnvnb Date: Fri, 28 Nov 03 23:57:03 GMT X-Mailer: Microsoft Outlook, Build 10.0.2616 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=EF.F4.__.45 X-Priority: 3 X-MSMail-Priority: Normal X-RBL-Warning: SORBS-DUL: Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=81.218.101.218 X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8014000f]. X-RBL-Warning: WHITEFILTER1: Message failed WHITEFILTER1 test (line 67, weight -5) X-RBL-Warning: SPAMCHECK: Message failed SPAMCHECK: 4. X-Declude-Sender: [EMAIL PROTECTED] [81.218.101.218] X-Declude-Spoolname: Da88a13960090f6a9.SMD X-RBL-Warning: Total weight: 30 X-RBL-Warning: TESTS FAILED: SORBS-DUL, NOABUSE, NOPOSTMASTER, BADHEADERS, WHITEFILTER1, SPAMCHECK, SPAMDOMAINS X-Note: This E-mail was sent from bzq-218-101-218.red.bezeqint.net ([81.218.101.218]). From the spamdomains.txt file: amazon.com ameritech.net yahoo.com aol.com netscape.net @att. .att. attbi.com bellatlantic.netverizon.net bellsouth.net charter.net china.com comcast.net compuserve. .aol.com concentric. .cnchost.com cox.net @cs.com .aol.com earthlink. email.itwebmessenger.it excite.com excitenetwork.com geocities.com .yahoo. @go.com .go.com gte.net verizon.net hotmail.com msn.com juno.comuntd.com lycos.com lycos.atspray.net mac.com apple.com mailcity.comlycos.com mindspring. earthlink. msn.com hotmail.com netscape.netaol.com netzero.com untd.com prodigy.net qwest. .uswest. rocketmail.com yahoo. .rr.com sbc.com sympatico.cabellnexxia.net t-online.de t-online.com usa.net mx.net verizon.net .bellatlantic. wanadoo.fr @yahoo. .yahoo. zzn.com mailcentro.com @aol.ca @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com @australiamail.com outblaze.com @berlin.com outblaze.com @bikerider.com outblaze.com @catlover.com outblaze.com @cheerful.com outblaze.com @chemist.comoutblaze.com @clerk.com outblaze.com @cliffhanger.comoutblaze.com @columnist.com outblaze.com @comic.com outblaze.com @consultant.com outblaze.com @counsellor.com outblaze.com @cutey.com outblaze.com @deliveryman.comoutblaze.com @diplomats.com outblaze.com @doctor.com outblaze.com @doglover.com outblaze.com @dr.com outblaze.com @dublin.com outblaze.com @earthling.net outblaze.com @email.com outblaze.com @engineer.com outblaze.com @europe.com outblaze.com @execs.com outblaze.com @financier.com outblaze.com @gardener.com outblaze.com @geologist.com outblaze.com @graphic-designer.com outblaze.com @hairdresser.netoutblaze.com @hot-shot.com outblaze.com @iname.com outblaze.com @inorbit.comoutblaze.com @insurer.comoutblaze.com @japan.com outblaze.com @journalist.com outblaze.com @lawyer.com outblaze.com @legislator.com outblaze.com @lobbyist.com outblaze.com @london.com outblaze.com @loveable.com outblaze.com @mad.scientist.com outblaze.com @madrid.com outblaze.com @mail.com outblaze.com @mindless.com outblaze.com @minister.com outblaze.com @moscowmail.com outblaze.com @munich.com outblaze.com @musician.org outblaze.com @myself.com outblaze.com @nycmail.comoutblaze.com @optician.com outblaze.com @paris.com outblaze.com @pediatrician.com outblaze.com @playful.comoutblaze.com @poetic.com outblaze.com @popstar.comoutblaze.com @post.com outblaze.com @presidency.com outblaze.com @priest.com outblaze.com @programmer.net outblaze.com @publicist.com outblaze.com @realtyagent.comoutblaze.com @registerednurses.com outblaze.com @repairman.com outblaze.com @representative.com outblaze.com @rescueteam.com outblaze.com @rome.com outblaze.com @saintly.comoutblaze.com @samerica.com outblaze.com @sanfranmail.comoutblaze.com @scientist.com outblaze.com @seductive.com outblaze.com @singapore.com outblaze.com @sociologist.comoutblaze.com @soon.com outblaze.com
Re: [Declude.JunkMail] SpamDomains
Looks like it did fail the spamdomains test: X-RBL-Warning: TESTS FAILED: SORBS-DUL, NOABUSE, NOPOSTMASTER, BADHEADERS, WHITEFILTER1, SPAMCHECK, SPAMDOMAINS Why do you ask, don't the log entries for this message support this? Bill - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 5:24 PM Subject: [Declude.JunkMail] SpamDomains Why didn't this message fail spamdomains? Received: from bzq-218-101-218.red.bezeqint.net [81.218.101.218] by mail.localdomain.moc (SMTPD32-8.04) id A88A13960090; Fri, 28 Nov 2003 14:56:58 -0500 Received: from [51.180.2.49] by bzq-218-101-218.red.bezeqint.net id 5JCQ8r8Lw22M; Fri, 28 Nov 2003 23:57:03 +0400 Message-ID: [EMAIL PROTECTED] From: Alden Parham [EMAIL PROTECTED] Reply-To: Alden Parham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 20 Free amateur Pics - Hot xgnvnb Date: Fri, 28 Nov 03 23:57:03 GMT X-Mailer: Microsoft Outlook, Build 10.0.2616 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=EF.F4.__.45 X-Priority: 3 X-MSMail-Priority: Normal X-RBL-Warning: SORBS-DUL: Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=81.218.101.218 X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8014000f]. X-RBL-Warning: WHITEFILTER1: Message failed WHITEFILTER1 test (line 67, weight -5) X-RBL-Warning: SPAMCHECK: Message failed SPAMCHECK: 4. X-Declude-Sender: [EMAIL PROTECTED] [81.218.101.218] X-Declude-Spoolname: Da88a13960090f6a9.SMD X-RBL-Warning: Total weight: 30 X-RBL-Warning: TESTS FAILED: SORBS-DUL, NOABUSE, NOPOSTMASTER, BADHEADERS, WHITEFILTER1, SPAMCHECK, SPAMDOMAINS X-Note: This E-mail was sent from bzq-218-101-218.red.bezeqint.net ([81.218.101.218]). From the spamdomains.txt file: amazon.com ameritech.net yahoo.com aol.com netscape.net @att. .att. attbi.com bellatlantic.net verizon.net bellsouth.net charter.net china.com comcast.net compuserve. .aol.com concentric. .cnchost.com cox.net @cs.com .aol.com earthlink. email.it webmessenger.it excite.com excitenetwork.com geocities.com .yahoo. @go.com .go.com gte.net verizon.net hotmail.com msn.com juno.com untd.com lycos.com lycos.at spray.net mac.com apple.com mailcity.com lycos.com mindspring. earthlink. msn.com hotmail.com netscape.net aol.com netzero.com untd.com prodigy.net qwest. .uswest. rocketmail.com yahoo. .rr.com sbc.com sympatico.ca bellnexxia.net t-online.de t-online.com usa.net mx.net verizon.net .bellatlantic. wanadoo.fr @yahoo. .yahoo. zzn.com mailcentro.com @aol.ca @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com @australiamail.com outblaze.com @berlin.com outblaze.com @bikerider.com outblaze.com @catlover.com outblaze.com @cheerful.com outblaze.com @chemist.com outblaze.com @clerk.com outblaze.com @cliffhanger.com outblaze.com @columnist.com outblaze.com @comic.com outblaze.com @consultant.com outblaze.com @counsellor.com outblaze.com @cutey.com outblaze.com @deliveryman.com outblaze.com @diplomats.com outblaze.com @doctor.com outblaze.com @doglover.com outblaze.com @dr.com outblaze.com @dublin.com outblaze.com @earthling.net outblaze.com @email.com outblaze.com @engineer.com outblaze.com @europe.com outblaze.com @execs.com outblaze.com @financier.com outblaze.com @gardener.com outblaze.com @geologist.com outblaze.com @graphic-designer.com outblaze.com @hairdresser.net outblaze.com @hot-shot.com outblaze.com @iname.com outblaze.com @inorbit.com outblaze.com @insurer.com outblaze.com @japan.com outblaze.com @journalist.com outblaze.com @lawyer.com outblaze.com @legislator.com outblaze.com @lobbyist.com outblaze.com @london.com outblaze.com @loveable.com outblaze.com @mad.scientist.com outblaze.com @madrid.com outblaze.com @mail.com outblaze.com @mindless.com outblaze.com @minister.com outblaze.com @moscowmail.com outblaze.com @munich.com outblaze.com @musician.org outblaze.com @myself.com outblaze.com @nycmail.com outblaze.com @optician.com outblaze.com @paris.com outblaze.com @pediatrician.com outblaze.com @playful.com outblaze.com @poetic.com outblaze.com @popstar.com outblaze.com @post.com outblaze.com @presidency.com outblaze.com @priest.com outblaze.com @programmer.net outblaze.com @publicist.com outblaze.com @realtyagent.com outblaze.com @registerednurses.com outblaze.com @repairman.com outblaze.com @representative.com outblaze.com @rescueteam.com outblaze.com @rome.com outblaze.com @saintly.com outblaze.com @samerica.com outblaze.com @sanfranmail.com
[Declude.JunkMail] SpamDomains
Can somebody point me to a source for a SpamDomains text file so I can do some comparisons... Rich --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains
Can anybody give me a clue as to why my spamdomains test doesn't work? I have this in global.cfg SPAMDOMAINSspamdomains x x 15 0 and this in $default$.junkmail : SPAMDOMAINS WARN and a text file named spamdomains.txt in /imail/declude The line in the global.cfg file should be: SPAMDOMAINSspamdomains C:\IMail\Declude\spamdomains.txt x 15 0 Otherwise, Declude JunkMail won't know where to find the list of spamdomains. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains
What do you have in your spamdomains.txt file? Bill - Original Message - From: David Daniels [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:46 PM Subject: [Declude.JunkMail] Spamdomains Can anybody give me a clue as to why my spamdomains test doesn't work? I have this in global.cfg SPAMDOMAINSspamdomains x x 15 0 and this in $default$.junkmail : SPAMDOMAINS WARN and a text file named spamdomains.txt in /imail/declude David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spamdomains
because you didn't tell declude the name of the file: SPAMDOMAINS spamdomains C:\IMail\Declude\spamdomains.txtx 6 0 -Original Message- From:David Daniels Can anybody give me a clue as to why my spamdomains test doesn't work? I have this in global.cfg SPAMDOMAINSspamdomains x x 15 0 and this in $default$.junkmail : SPAMDOMAINS WARN and a text file named spamdomains.txt in /imail/declude --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains
Oh, and you need to include the file path in you global.cfg entry, something like: SPAM-DOMAINS spamdomains C:\IMail\Declude\spamdomains.txt x 15 0 Bill - Original Message - From: David Daniels [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 1:46 PM Subject: [Declude.JunkMail] Spamdomains Can anybody give me a clue as to why my spamdomains test doesn't work? I have this in global.cfg SPAMDOMAINSspamdomains x x 15 0 and this in $default$.junkmail : SPAMDOMAINS WARN and a text file named spamdomains.txt in /imail/declude David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS redux
Ebay and greeting card companies fail the SPAMDOMAINS test on a regular basis. Since they also fail the nopostmaster and noabuse and a few other small ones, this adds up to a reject. Any suggestions on keeping these false positives from happening? Christmas is coming and the E-cards are going to get real busy again... As Matt has demonstrated with his wonderful filters, is there a good way to set up and AntiSpamdomains test? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS redux
Both might be failing because of the way you have it set up. I just started to configure this on my server, and the way I am doing it is as follows: @ebay.com .ebay. @hotmail.com .hotmail. @verizon.net .verizon. @yahoo. .yahoo. When you include the @, it will prevent the test from picking up the VERP stuff, which can be problematic, especially when you have E-mail forwarded by a place like Yahoo to a local account and something with VERP comes in. An example of VERP might look like the following: X-Declude-Sender: [EMAIL PROTECTED] X-Note: This E-mail was sent from mx.verizon.net ([216.40.33.45]). (note: this is fake info) If you excluded the @ and just had yahoo.com in the first column, it would produce a false positive on this message because the search works as a MAILFROM CONTAINS and then REVERSE DNS CONTAINS. When you include the @ symbol, you limit the potential of a false positive with this test, in this case, only @verizon.net would hit, and that would match .verizon. If you have your own domains listed in SPAMDOMAINS, you will see a lot of this VERP stuff failing SPAMDOMAINS unless you include the @. In the REVDNS column, I listed the domain without the TLD just in case they ever make a change to their SMTP domain, even if it is all from yahoo.com currently. Setting the test up this way also will require you to have two columns for each entry no matter what because the default SPAMDOMAINS functionality will try a match for REVDNS on both columns and you can't have an @ symbol in a domain. Another note about how I have things set up. If you notice, I listed @yahoo. without the domain extension. I did this because Yahoo has many domains for ccTLD's, so that broadens the test a bit and I'm pretty confident that they all use the same reverse DNS domain architecture. For the most part, it's probably safer to limit things in the first column as much as possible, and make the second column as broad as possible because false positives are very unfortunate. I've been testing SPAMDOMAINS in this manner for about 3 days now with absolutely no false positives on 1,305 catches so far. Almost all of those hits have been on just a few lines. I plan on adding all of the ISP's that are suitable and over 500,000 customers or so, as well as the popular and reverse DNS verifiable free E-mail providers. Unfortunately, because I spent so much time writing filters of other types, SPAMDOMAINS only resulted in failing 18 out of those 1,305 that would have otherwise passed, or as a percentage 1.4% of hits. I've been scoring at 60% of fail weight, and every hit on this test ended up failing, and only two scored at 120% of my fail weight or below. So if you have a lot of other filters going, you might want to weaken SPAMDOMAINS a little just in case you continue to see some false positives. Here's the brunt of my list. When I'm further down the line, and have done more testing, I will share the complete file. @yahoo..yahoo. @yahoo-inc.com.yahoo. @hotmail.com.hotmail. @msn.com.hotmail. @aol.com.aol. @earthlink.com.earthlink. @microsoft.com.microsoft. @cox.net.cox. @t-online..t-online. @t-dialin.net.t-online. @wanadoo.fr.wanadoo. @netscape.net.aol. @netscape.com.aol. @amazon.com.amazon. @apple.com.apple. @att.net.att. @att.com.att. @attbi.com.attbi. @bellsouth.net.bellsouth. @charter.net.charter. @juno.com.untd. @verizon.net.verizon. @verizon.com.verizon. @cgocable.ca.cgocable. Matt Sheldon Koehler wrote: Ebay and greeting card companies fail the SPAMDOMAINS test on a regular basis. Since they also fail the nopostmaster and noabuse and a few other small ones, this adds up to a reject. Any suggestions on keeping these false positives from happening? Christmas is coming and the E-cards are going to get real busy again... As Matt has demonstrated with his wonderful filters, is there a good way to set up and AntiSpamdomains test? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains and ebay
I'm pretty sure that you can have multiple listings for either column also, so the filter looks for either no failures or no passes when considering whether or not the test was failed as a whole (Scott, please correct me if I'm wrong). No. Each line is treated separately If you have a line example.com example.net, that says that if the return address contains example.com, then the reverse DNS entry must contain example.com or example.net. If you have a second line example.com example.us, it says that if the return address contains example.com, then the reverse DNS entry must contain example.com or example.us. With both those lines, an E-mail with a reverse DNS entry that does not contain example.com would fail at least one of those two lines, causing the test to fail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains and ebay
Shoot. Thanks for the clarification. Instead of making another feature suggestion, could you maybe give us a little insight into what you have planned if anything for filtering in general. No need to go too far out and nothing at all in the short-term would be fully understood. Thanks, Matt R. Scott Perry wrote: I'm pretty sure that you can have multiple listings for either column also, so the filter looks for either no failures or no passes when considering whether or not the test was failed as a whole (Scott, please correct me if I'm wrong). No. Each line is treated separately If you have a line example.com example.net, that says that if the return address contains example.com, then the reverse DNS entry must contain example.com or example.net. If you have a second line example.com example.us, it says that if the return address contains example.com, then the reverse DNS entry must contain example.com or example.us. With both those lines, an E-mail with a reverse DNS entry that does not contain example.com would fail at least one of those two lines, causing the test to fail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains and ebay
Instead of making another feature suggestion, could you maybe give us a little insight into what you have planned if anything for filtering in general. No need to go too far out and nothing at all in the short-term would be fully understood. Most of what appears in the suggestion database right now about filters are minor things (such as a filter that checks both the subject and the body, which is just a timesaver, as the functionality can already be accomplished). So there are no major changes to filtering in the works. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMDOMAINS question
This may have been asked already, but I could not find it in the archives... in the spamdomains.txt file, can I use an entry like: .br to block all mail from Brazil or is that going to be too broad? That would work (blocking any E-mail with a return address with .br in it, which came from a reverse DNS entry without .br in it). The one catch is that it would apply to any E-mail with .br in the return address, including @mail.brook.com. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS question
Title: Message This may have been asked already, but I could not find it in the archives... in the spamdomains.txt file, can I use an entry like: .br to block all mail from Brazil or is that going to be too broad? Jon Lapp Computer Systems Specialist Northstar Computer Forms, Inc. 716.763.5513 - Direct 716.763.0272 - Fax http://www.nscf.com [EMAIL PROTECTED]
Re: [Declude.JunkMail] SPAMDOMAINS
I would like to see an updated list also. Todd - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 13, 2003 3:56 PM Subject: [Declude.JunkMail] SPAMDOMAINS Any one have an updated list to share? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMDOMAINS
Any one have an updated list to share? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spamdomains
A few days ago I mentioned that I've had to reduce the weight I give to the spamdomains test drastically due to false positives. Here is an example of the type of thing I am running into: ... Again, this isn't a criticism. I just wanted to show what is happening in the real world. Just a few notes here: [1] The SPAMDOMAINS test should not be set up so that failing the SPAMDOMAINS test alone will block an E-mail (for exactly the reason you describe -- there are some services that send out E-mail on behalf of others that may be using a Hotmail or similar E-mail address). [2] If an E-mail is caught and your SPAMDOMAINS test isn't weighted heavily enough to block the E-mail on its own, then the problem often lies with the sender. If someone is going to be sending out E-mail on behalf of their customers (such as Kodak and eBay), they need to make sure that their mailserver is set up perfectly. While it may be acceptable for a small company to have some problems with their mailserver (such as no reverse DNS entry), it isn't acceptable for a company the size of Kodak or eBay. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] spamdomains
A few days ago I mentioned that I've had to reduce the weight I give to the spamdomains test drastically due to false positives. Here is an example of the type of thing I am running into: Received: from picturecd3.kodak.com [192.232.121.230] by netinteraction.com with ESMTP (SMTPD32-7.13) id A1136D2013E; Sun, 10 Aug 2003 18:27:47 -0700 Received: from picturecd.kodak.com ([207.160.143.56]) by picturecd3.kodak.com (8.11.6/8.11.6) with SMTP id h7B1Kwn15568 for [EMAIL PROTECTED]; Sun, 10 Aug 2003 21:20:59 -0400 (EDT) Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] snip X-RBL-Warning: SPAMDOMAINS: Spamdomain 'hotmail.com' found: Address of [EMAIL PROTECTED] sent from invalid picturecd3.kodak.com. This was some photos that someone sent a client. That leaves me with a frustrating choice. I can either fish these out of hold every time somebody does this, or I can reduce the weight precisely for a domain that that really can benefit from the spamdomains test. Again, this isn't a criticism. I just wanted to show what is happening in the real world. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.