Re: [Declude.JunkMail] Comcast.net Spam
Using 1.78+ Pro, you can use the following in a custom filter MAILFROM END ENDSWITH @comcast.net REVDNS 5 ENDSWITH client.comcast.net You could probably throw a list of END statements for various domains in there as long as you know the naming convention for the REVDNS entries and can isolate them to their residential IP space (which can't be done for all domains). Also note that this will often double hit with SPAMDOMAINS, and I do see some false positives on SPAMDOMAINS when boneheads buy themselves bulk-mail software to run on their residential-class service and use accounts on places like yahoo.com as the MAILFROM. I think this might be worth a few more points though. Matt Paul Fuhrmeister wrote: An email is from [EMAIL PROTECTED] [24.5.121.88] AND was received from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88] Is there a way to add weight when - received from client.comcast.net BUT sender is not @comcast.net Here are example headers: Received: from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88]) by mail17.**.com (Postfix) with SMTP id 858D630F4B; Wed, 21 Apr 2004 21:25:31 -0500 (CDT) (envelope-from [EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] From: Tim Salazar [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Pain Pills V.icodin Hy.drocodone Lortab Lorcet Norco Date: Thu, 22 Apr 2004 01:00:15 + MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=24.5.121.88; X-RBL-Warning: BLOCKTEXT: Message failed BLOCKTEXT test (line 394, weight 7) X-Declude-Sender: [EMAIL PROTECTED] [24.5.121.88] X-Declude-Spoolname: D2d2c2f4000be40bf.SMD X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 1049636097 Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Comcast.net Spam
Hello, Yeah, I too have notice A LOT of spam originating from ComCast networks lately. You could implement SPAMDOMAINS that would check the from and where the message came from to add weight to the message. Seems to work well when you don't get DNS timeouts (which I have been having problems with lately). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Fuhrmeister Sent: Thursday, April 22, 2004 10:12 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Comcast.net Spam An email is from [EMAIL PROTECTED] [24.5.121.88] AND was received from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88] Is there a way to add weight when - received from client.comcast.net BUT sender is not @comcast.net Here are example headers: Received: from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88]) by mail17.**.com (Postfix) with SMTP id 858D630F4B; Wed, 21 Apr 2004 21:25:31 -0500 (CDT) (envelope-from [EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] From: Tim Salazar [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Pain Pills V.icodin Hy.drocodone Lortab Lorcet Norco Date: Thu, 22 Apr 2004 01:00:15 + MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=24.5.121.88; X-RBL-Warning: BLOCKTEXT: Message failed BLOCKTEXT test (line 394, weight 7) X-Declude-Sender: [EMAIL PROTECTED] [24.5.121.88] X-Declude-Spoolname: D2d2c2f4000be40bf.SMD X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 1049636097 Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Comcast.net Spam
Yes, I too have noticed an unusually high number of DNS timeouts recently. I was hit hard with a flood of spam starting yesterday afternoon and continuing all night. In every instance, the DNS timed out. Shayne Hello, Yeah, I too have notice A LOT of spam originating from ComCast networks lately. You could implement SPAMDOMAINS that would check the from and where the message came from to add weight to the message. Seems to work well when you don't get DNS timeouts (which I have been having problems with lately). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Fuhrmeister Sent: Thursday, April 22, 2004 10:12 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Comcast.net Spam An email is from [EMAIL PROTECTED] [24.5.121.88] AND was received from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88] Is there a way to add weight when - received from client.comcast.net BUT sender is not @comcast.net Here are example headers: Received: from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88]) by mail17.**.com (Postfix) with SMTP id 858D630F4B; Wed, 21 Apr 2004 21:25:31 -0500 (CDT) (envelope-from [EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] From: Tim Salazar [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Pain Pills V.icodin Hy.drocodone Lortab Lorcet Norco Date: Thu, 22 Apr 2004 01:00:15 + MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=24.5.121.88; X-RBL-Warning: BLOCKTEXT: Message failed BLOCKTEXT test (line 394, weight 7) X-Declude-Sender: [EMAIL PROTECTED] [24.5.121.88] X-Declude-Spoolname: D2d2c2f4000be40bf.SMD X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 1049636097 Paul Fuhrmeister [EMAIL PROTECTED] --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Comcast.net Spam
I have SPAM-DOMAINS setup, my spamdomains.txt file contains .comcast. @comcast. .comcast. The messages (headers below) did not fail this test. That's because: X-Declude-Sender: [EMAIL PROTECTED] [24.5.121.88] The sender is not an @comcast.com address, so it was not considered for this test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Comcast.net Spam
OK, I understand. SPAMDOMAINS would fail if they said they were [EMAIL PROTECTED] and sent through a tvp.ndo.co.uk mail server, But does not fail if they say they are [EMAIL PROTECTED] and send through a comcast.net server. So, I need to looks at Matt's filter. I am using 1.78+ Pro, but do not understand the filter Matt referenced earlier ( MAILFROM END ENDSWITH @comcast.net REVDNS 5 ENDSWITH client.comcast.net ) Where is that filtering documented? Archives? Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.