I know that this is one of those bogus eBay messages (see attached log and
header snippets), but I'm trying to figure out why some of the delivery
headers are missing and where they might be getting removed.
The Postfix gateway logs show the message was received from
Hi..
I have searched
all over the archive and the manual and can't find what exactly it is that we
have added to our global statement. I know that it must have made sense
when we added it..
COMMENTS
comments weight x 5
0
The manual only
talks about the test but has no examples.. I
Hi;
Just saw this
caught.. it seems like it is another phishing attempt..
Regards,
Kami
==
X-Declude-Sender:
[EMAIL PROTECTED]
[66.202.36.78]X-Declude-Spoolname: Dc3520209011e0efa.SMDX-Note: This
E-mail was scanned filtered by Declude [1.76i28] for SPAM
virus.X-Weight:
Hi Kami,
According to my notes . . .
COMMENTS comments weight x 10 0
In the above case, the weight of the E-mail will be increased by the
number of anti-filtering comments that are found (plus the base
weight of the test). So if there are 3 in there, the weight will be
increased
What are others seeing that are running gateways in front of their IMail
servers? It appears to only be happening with these bogus eBay messages,
but I don't know what it is about these particular messages that would cause
some of the headers to disappear.
This is unusual -- either Postfix isn't
how paranoid should you be to refuse message based on this only criteria ?
20031127 154038 127.0.0.1 SMTP (07980D3F) 501 5.7.1 MX of sender
(mail.cefib.com.) does not accept address as required by RFC 821, 1123,
2505, and 2821
20031127 154038 127.0.0.1 SMTP (07980D3F) ERR
Title: AW: [Declude.JunkMail] More ATTACH and MAILBOX questions
hi scott,
since more then 2000 of my users use web messaging the attach action is no real option for me.
i use declude virus as well and there i use the emailnotifikation for the recipient when an email is hold because of a
since more then 2000 of my users use web messaging the attach action is no
real option for me.
i use declude virus as well and there i use the emailnotifikation for the
recipient when an email is hold because of a vulnerability. in this
notification i give the queue file name of the hold email
I have my system setup as listed below.
Why would the system ingnore the WEIGHT100 DELETE
it is performing WEIGHT40 ROUTETO [EMAIL PROTECTED]
(In the top of my Filters)
SKIPIFWEIGHT 100
MAXWEIGHT100
$default$.junkmail
WEIGHT100 DELETE
Global.cfg
WEIGHT100 weight x x 100 0
I have my system setup as listed below.
Why would the system ingnore the WEIGHT100 DELETE
Note that the SKIPIFWEIGHT and MAXWEIGHT options in the latest interim
release only apply to the filters that they are listed in.
it is performing WEIGHT40 ROUTETO [EMAIL PROTECTED]
(In the top of my
Once again I found my own problem.
Thanks.
- Original Message -
From: Frederick Samarelli [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 10:16 AM
Subject: Re: [Declude.JunkMail] SKIPIFWEIGHT and MAXWEIGHT
I have my system setup as listed below.
Why would the
So if I want to perform an action at 100 should I change these to:
SKIPIFWEIGHT 101
MAXWEIGHT101
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 10:30 AM
Subject: Re: [Declude.JunkMail] SKIPIFWEIGHT and
So if I want to perform an action at 100 should I change these to:
SKIPIFWEIGHT 101
MAXWEIGHT101
No. You definitely, positively should not be using SKIPIFWEIGHT or
MAXWEIGHT right now unless you understand exactly how they work. I would
urge you to wait until the next beta before
Andy,
You have all of these tests running? What's the impact on the server for
all of these? What's your mail load? I just love having to replace all these
tests every month or so, don't we all? LOL! But I want to lessen the impact
on our server as much as possible. What of these tests do you
Paul
What program do you use to get those statistics listed ??
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of paul
Sent: Monday, December 01, 2003 9:52 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] EASYNET tests going away December 1
Andy,
Hi Paul:
It's hard to measure the actual impact, as this machine serves a few
functions. However, my unscientific observation has been, that two other
applications on that machine are gobbling up most of its CPU use.
Declude's use is noticeable - but minor - and seems to be mostly for
What program do you use to get those statistics listed ??
DL Analyzer.
I love this tool. I have it set up to send daily/weekly summaries of all
emails held or deleted for certain domains to the technical contacts of some
larger customers.
All they used to know was how much email they get,
FWIW, I run many more tests than this -- about 30 total plus the internal
Declude tests, External Sniffer, and Declude Virus.
Message load is about 150,000 messages per day on a dual 2.8 Ghz.
No performance hits noticed.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Scott, feature request. (Sigh, another one.)
Can you add something like this:
SUBJECT 0 STARTSWITHSPACE
I am seeing a good amount of spam where the subject line starts with a space
and then some character and then the subject.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
Hi,
I noticed this test in my config file, but there are no longer in the
Declude default config files...
Are they still valid tests?
Thanks, Andy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
I noticed this test in my config file, but there are no longer in the
Declude default config files...
Are they still valid tests?
They are no longer around. They were killed off by spammers.
-Scott
---
Declude JunkMail: The advanced anti-spam
Scott, feature request. (Sigh, another one.)
Can you add something like this:
SUBJECT 0 STARTSWITHSPACE
I am seeing a good amount of spam where the subject line starts with a space
and then some character and then the subject.
Ah, good idea -- I'll see if we can add that.
Scott,
Instead of adding it a command, how about you just create a substitution
string for space, i.e. [space]. This way it could be used in this
fashion, as well as before some words (as a delimiter in the sense that
Bill earlier suggested).
SUBJECT 0 BEGINSWITH [space]
BODY
On the per user configurations, any problems if the user has a period in the
name?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
I'm just looking for a recommendation from someone that has set this up
since I have no experience with it. I have a client that needs to
forward two AOL E-mail addresses over to accounts on our server. Does
AOL offer this, or do you have to go through a third party? If you have
to go
This way, if it starts a trend, we can not filter on [space] anymore..
Yes, but right now we can't filter on a space :) Scott might also get a
little fancy and convert the special character combinations from MIME
like =3D to ASCII equivalents before processing the filters. He's
already
If an IP is caught and held by HOLD2, but a sender who is listed by
ALLOWADDR sends a e-mail from the IP, will that message be held or passed?
ALLOWADDR and ALLOWIP override all other settings, so their mail should be
allowed through.
Example, IP 10.10.10.1 is held. Joe using [EMAIL PROTECTED]
Does any one know if vianet.ca is a valid domain use of simpatico.ca mail
servers?
X-RBL-Warning: SPAMDOMAINS: Spamdomain 'sympatico.ca' found: Address of
[EMAIL PROTECTED] sent from invalid shimmer.vianet.ca.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was
Hi,
I highly recommend it. I've been using it for over a year now and it has
caught a lot of spam.
I am considering Maps too. But it's $1500/yr. Anyone using them?
Kevin
At 01:36 PM 12/1/2003, you wrote:
Is sniffer worth the $300/year?
Thinking about trying it.
Thanks, andy
---
[This
Hi Andy,
I think Sniffer is available as a demo. It's worth trying.--
http://www.sortmonster.com/MessageSniffer/Try-It.html --
and I think it has improved in recent months.
fwiw: Sniffer catches a lot of stuff that is also caught by other (free)
ip4r and RHSBL lists. However, these last few
Absolutly worth it's cost...
Darrell
andyb writes:
Is sniffer worth the $300/year?
Thinking about trying it.
Thanks, andy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe,
I Don't think AOL allows forwarding.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Monday, December 01, 2003 12:34 PM
To: [EMAIL PROTECTED]
Any idea why I am getting this ??
12/01/2003 16:03:12 Invalid WHITELIST type: AUTH
I Just removed the # from the #WHITELIST AUTH line
on the default Global config file..
I am running Imail 8.04
WHITELIST AUTH requires Declude JunkMail v1.76 or later.
I subscribed to MAPS for a while - but then found that it was not catching
anything that I didn't catch with public tests. But that was probably a year
ago that I compared it. Results may be different now.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
I've double-checked the logs for something like that; no luck. I'm mystified.
Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole
use of the
intended recipient(s) and may contain
I've double-checked the logs for something like that; no luck. I'm mystified.
What is the exact message in the E-mail headers saying that it was whitelisted?
Are you using WHITELIST AUTH or AUTOWHITELIST?
-Scott
---
[This E-mail was scanned for viruses by Declude
It's not really a reserved word since the suggestion was space enclosed in
square brackets - how often have you seen that used in a sentence: wow, I
really [space] out sometimes... ;-)
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
Absolutely! It has been a very nice addition to our spam arsenal.
Bill
- Original Message -
From: andyb [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 1:36 PM
Subject: [Declude.JunkMail] sniffer
Is sniffer worth the $300/year?
Thinking about trying it.
That's just it, I am seeing the use of [] in spam subject lines.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Monday, December 01, 2003 2:32 PM
To:
I am considering Maps too. But it's $1500/yr. Anyone using them?
I have problems at $1500/yr. If it was like $500 I would probably be using
it. It was a good list when it was free and I am sure it is still a good
list. I just cannot justify the expense for it.
For now Sniffer is the only paid
[Bill] [stranger] [things] [have] [happened] [in] [the] [past].
[space] [may] [not] [be] [used] [but] [starting] [reserve] [words] [can]
[start] [a] [precedent] [that] [could] [make] [filtering] [and] [debugging]
[a] [nightmare].
[Regards,] [:)]
[Kami]
-Original Message-
From: [EMAIL
Hi,
I'm using SPAMCOP as part of the weighting system and as a HOLD action by
itself.
Because of this, In spamreview it shows a total WEIGHT but SPAMCOP isn't
listed, though I know it added to the WEIGHT because of the spamlog.
I take it that's just how it is? IS there a way to have it show in
I've got it in and running...seems to be helping already.
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 5:34 PM
Subject: Re: [Declude.JunkMail] sniffer
Absolutely! It has been a very nice addition to our spam arsenal.
Any one else seeing this in the headers, good or bad?
X-Mailer: Atriks Professional Email Deployment Service
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
I could be on the wrong track here but if you use the 'Whitelist To' function on your
domain, then if a spammer sends an email to the user that is whitelist to'd, all other
users that appear on the TO address line of that email will also receive the
'Whitelist To' behavior.
Example: UserB is
So how would that hurt anything if all it provides is a way to delimit a
test and tell Declude that this [space] is a space?
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 2:54 PM
Subject: RE:
Oh, yes, now it get it... [eye rolling out of head onto floor] ;-)
Bill
- Original Message -
From: Kami Razvan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 2:53 PM
Subject: RE: [Declude.JunkMail] Subject Starts with
[Bill] [stranger] [things] [have]
True. However, in the case of the samples I'm looking at, each was addressed to only
one user.
Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole
use of the
intended recipient(s)
Create 2 SPAMCOP tests, the first one action WARN and the second action
HOLD.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of andyb
Sent: Monday, December 01, 2003 3:06 PM
What is the exact message in the E-mail headers saying that
it was whitelisted?
X-Tests-Failed: Whitelisted
Are you using WHITELIST AUTH or AUTOWHITELIST?
No and yes. In the case of the particular user whose incoming mail I
extracted the spam from, none
of the spammer addresses where in her
I wonder how that feature reacts with a BCC?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Keith Purtell
Sent: Monday, December 01, 2003 3:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Finding reason for white list
True. However, in the
It is a little harsh but allowable.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of serge
Sent: Monday, December 01, 2003 5:59 AM
To: [EMAIL PROTECTED]
Subject:
Oh, and the other thing to remember is, this is not something that Declude
would be searching for anywhere in the message, this is only something that
is used to define a delimiter to Declude. Just like the delimiter you can
define in SpamChk:
SpaceChar=#
Which allows you to define
Hi Andy-
Excellent service, reasonably priced, and it is sometimes the only thing
that catches them.
Dave Doherty
Skywaves, Inc.
- Original Message -
From: andyb [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003 4:36 PM
Subject: [Declude.JunkMail] sniffer
Is
I've gotten serveral of these the past few minutes.
Below are the full headers ..I'm assuming they are trying to relay ???
There was no subject nor message as well as a rcpt to ...
Also it seems that declude is claiming that 216.204.154.7 has no MX.
DnsStuff.com reports:
How I am searching:
http://atriks.com/email_deployment.htm
Seen quite a few of them. Yet to figure the company out though.
Seems like a great place for spammers to hang out ...
Dave
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 01, 2003
Hi, Matt-
I just checked with the horse's, er, mouth...
AOL says they do not allow auto forwarding at all. Your customer must log on
to her AOL account and forward the messages manually.
Dave Doherty
Skywaves, Inc.
- Original Message -
From: Matthew Bramble [EMAIL PROTECTED]
To:
Sounds to me like a good phrase to base a rule on.
I read the explanation there. Fascinating reading, folks!
Is there a test we can use to detect Atriks in the headers, or do we have
to create an IMail rule?
Dave Doherty
Skywaves, Inc.
- Original Message -
From: David Barrett [EMAIL
The line I posted is what was seen in the headers, and would therefore be a
good line to use in a filter file.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Dave Doherty
59 matches
Mail list logo