RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Dan: We made a decision a long time ago to whitelist REVDNS of all the folks you had listed. We now have two REVDNS negative files. 1: Whitelist as entered in the Global.cfg (I only hope one day Scott moves these entries to their own files). 2: Negative reverseDNS files that adds negative weight to the ones that are legitimate and used by our users. That took care of a lot of problems.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Hello, All, Has anyone noticed in the last few days that the IP addresses of a lot of legitimate e-mailers are showing up on SPAMCOP's blocklists? Specifically I've seen IP addresses for NYTIMES.COM, MICROSOFT.COM and MACROMEDIA.COM and a few others. Does anyone think it's possible that SPAMCOP's databases are being gamed by Spammers by submitting lots of e-mails with legit IP addresses and pretend that they came across as spam? Or maybe there are uninformed SPAMCOP users who are submitting legit e-mail to SPAMCOP as representative of spam? Or even that IronPort's purchase of SPAMCOP has somehow affected the way that they do things? Just curious. These legit IPs showing up on SPAMCOP are really throwing lots of False Positives in my weighting system. Thanks, Dan [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Kami: I've been taking a look at your configuration files every few weeks and based on what I saw there a couple of months ago, I also started WHITELISTing based on Reverse DNS and HELO a few months back. So there's probably many I'm not seeing as flagged by SPAMCOP because of the whitelist. It just so happened that the 3 I listed had not been whitelisted. I know that whitelisting will fix the problems but I also know that there's is definitely something up with SPAMCOP. Am I correct that you can only add 100 WHITELIST entries to the GLOBAL.CFG file? Is that 100 each for REVDNS and HELO or 100 total? Is there anyway to go past that limit and/or else offload those into a separate file? How do you do the negative Reverse DNS entries? Is that just by using the FILTER test? Thanks, Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:24 AM Subject: RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Dan: We made a decision a long time ago to whitelist REVDNS of all the folks you had listed. We now have two REVDNS negative files. 1: Whitelist as entered in the Global.cfg (I only hope one day Scott moves these entries to their own files). 2: Negative reverseDNS files that adds negative weight to the ones that are legitimate and used by our users. That took care of a lot of problems.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Hello, All, Has anyone noticed in the last few days that the IP addresses of a lot of legitimate e-mailers are showing up on SPAMCOP's blocklists? Specifically I've seen IP addresses for NYTIMES.COM, MICROSOFT.COM and MACROMEDIA.COM and a few others. Does anyone think it's possible that SPAMCOP's databases are being gamed by Spammers by submitting lots of e-mails with legit IP addresses and pretend that they came across as spam? Or maybe there are uninformed SPAMCOP users who are submitting legit e-mail to SPAMCOP as representative of spam? Or even that IronPort's purchase of SPAMCOP has somehow affected the way that they do things? Just curious. These legit IPs showing up on SPAMCOP are really throwing lots of False Positives in my weighting system. Thanks, Dan [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Am I correct that you can only add 100 WHITELIST entries to the GLOBAL.CFG file? Is that 100 each for REVDNS and HELO or 100 total? Is there anyway to go past that limit and/or else offload those into a separate file? Actually, it's a limit of 200. The WHITELIST FROM entries can be offloaded to a separate file (with unlimited entries), using the WHITELISTFILE option. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Yes... Like a filter file: REVDNS -20 ENDSWITH .amazon.com I put the period before Amazon to just make sure no funky domain like .spamamazon.com can get through. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Kami: I've been taking a look at your configuration files every few weeks and based on what I saw there a couple of months ago, I also started WHITELISTing based on Reverse DNS and HELO a few months back. So there's probably many I'm not seeing as flagged by SPAMCOP because of the whitelist. It just so happened that the 3 I listed had not been whitelisted. I know that whitelisting will fix the problems but I also know that there's is definitely something up with SPAMCOP. Am I correct that you can only add 100 WHITELIST entries to the GLOBAL.CFG file? Is that 100 each for REVDNS and HELO or 100 total? Is there anyway to go past that limit and/or else offload those into a separate file? How do you do the negative Reverse DNS entries? Is that just by using the FILTER test? Thanks, Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:24 AM Subject: RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Dan: We made a decision a long time ago to whitelist REVDNS of all the folks you had listed. We now have two REVDNS negative files. 1: Whitelist as entered in the Global.cfg (I only hope one day Scott moves these entries to their own files). 2: Negative reverseDNS files that adds negative weight to the ones that are legitimate and used by our users. That took care of a lot of problems.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Hello, All, Has anyone noticed in the last few days that the IP addresses of a lot of legitimate e-mailers are showing up on SPAMCOP's blocklists? Specifically I've seen IP addresses for NYTIMES.COM, MICROSOFT.COM and MACROMEDIA.COM and a few others. Does anyone think it's possible that SPAMCOP's databases are being gamed by Spammers by submitting lots of e-mails with legit IP addresses and pretend that they came across as spam? Or maybe there are uninformed SPAMCOP users who are submitting legit e-mail to SPAMCOP as representative of spam? Or even that IronPort's purchase of SPAMCOP has somehow affected the way that they do things? Just curious. These legit IPs showing up on SPAMCOP are really throwing lots of False Positives in my weighting system. Thanks, Dan [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Hi Dan, I've only seen one FP from SpamCop in the last week. I routinely see email sent by legitimate firms get tagged as spam, but usually these firms are using third party mailers to send information. Burzin At 09:10 AM 12/5/2003, you wrote: Hello, All, Has anyone noticed in the last few days that the IP addresses of a lot of legitimate e-mailers are showing up on SPAMCOP's blocklists? Specifically I've seen IP addresses for NYTIMES.COM, MICROSOFT.COM and MACROMEDIA.COM and a few others. Does anyone think it's possible that SPAMCOP's databases are being gamed by Spammers by submitting lots of e-mails with legit IP addresses and pretend that they came across as spam? Or maybe there are uninformed SPAMCOP users who are submitting legit e-mail to SPAMCOP as representative of spam? Or even that IronPort's purchase of SPAMCOP has somehow affected the way that they do things? Just curious. These legit IPs showing up on SPAMCOP are really throwing lots of False Positives in my weighting system. Thanks, Dan [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Hi, Scott, If I am using... WHITELIST REVDNS .ebay.com or WHITELIST HELO .mail.yahoo.com entries in my GLOBAL.CFG can those also be offloaded into a separate file? Or does it just apply to WHITELIST FROM entries contained in GLOBAL.CFG? Thanks, Dan - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:46 AM Subject: Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Am I correct that you can only add 100 WHITELIST entries to the GLOBAL.CFG file? Is that 100 each for REVDNS and HELO or 100 total? Is there anyway to go past that limit and/or else offload those into a separate file? Actually, it's a limit of 200. The WHITELIST FROM entries can be offloaded to a separate file (with unlimited entries), using the WHITELISTFILE option. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Yes... Like a filter file: REVDNS -20 ENDSWITH .amazon.com I put the period before Amazon to just make sure no funky domain like .spamamazon.com can get through. Hmmpfff I hoped already that that could be a reason for unlimited IPBYPASS entries... ;-) Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Kami, What is the name of the filter file that you have entries of those type in? Thanks, Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:51 AM Subject: RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Yes... Like a filter file: REVDNS -20 ENDSWITH .amazon.com I put the period before Amazon to just make sure no funky domain like .spamamazon.com can get through. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Kami: I've been taking a look at your configuration files every few weeks and based on what I saw there a couple of months ago, I also started WHITELISTing based on Reverse DNS and HELO a few months back. So there's probably many I'm not seeing as flagged by SPAMCOP because of the whitelist. It just so happened that the 3 I listed had not been whitelisted. I know that whitelisting will fix the problems but I also know that there's is definitely something up with SPAMCOP. Am I correct that you can only add 100 WHITELIST entries to the GLOBAL.CFG file? Is that 100 each for REVDNS and HELO or 100 total? Is there anyway to go past that limit and/or else offload those into a separate file? How do you do the negative Reverse DNS entries? Is that just by using the FILTER test? Thanks, Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:24 AM Subject: RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Dan: We made a decision a long time ago to whitelist REVDNS of all the folks you had listed. We now have two REVDNS negative files. 1: Whitelist as entered in the Global.cfg (I only hope one day Scott moves these entries to their own files). 2: Negative reverseDNS files that adds negative weight to the ones that are legitimate and used by our users. That took care of a lot of problems.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Hello, All, Has anyone noticed in the last few days that the IP addresses of a lot of legitimate e-mailers are showing up on SPAMCOP's blocklists? Specifically I've seen IP addresses for NYTIMES.COM, MICROSOFT.COM and MACROMEDIA.COM and a few others. Does anyone think it's possible that SPAMCOP's databases are being gamed by Spammers by submitting lots of e-mails with legit IP addresses and pretend that they came across as spam? Or maybe there are uninformed SPAMCOP users who are submitting legit e-mail to SPAMCOP as representative of spam? Or even that IronPort's purchase of SPAMCOP has somehow affected the way that they do things? Just curious. These legit IPs showing up on SPAMCOP are really throwing lots of False Positives in my weighting system. Thanks, Dan [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Scott, Do you have plans to offer offloading for WHITELIST HELO and WHITELIST REVDNS? Thanks, Dan - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 11:07 AM Subject: Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Or does it just apply to WHITELIST FROM entries contained in GLOBAL.CFG? Only the WHITELIST FROM lines can be moved out of the global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
I'm not sure if everyone has heard, but IronPort bought SpamCop. It's likely that they're fiddling with it. There's an article on Slashdot from Wednesday about it. http://yro.slashdot.org/article.pl?sid=03/12/03/2016218mode=threadtid=111tid=126tid=137tid=187 Personally, After seeing so many FPs as a result of SpamCop weighting, I stopped using it a year ago. Darin. - Original Message - From: Dan Geiser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:10 AM Subject: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Hello, All, Has anyone noticed in the last few days that the IP addresses of a lot of legitimate e-mailers are showing up on SPAMCOP's blocklists? Specifically I've seen IP addresses for NYTIMES.COM, MICROSOFT.COM and MACROMEDIA.COM and a few others. Does anyone think it's possible that SPAMCOP's databases are being gamed by Spammers by submitting lots of e-mails with legit IP addresses and pretend that they came across as spam? Or maybe there are uninformed SPAMCOP users who are submitting legit e-mail to SPAMCOP as representative of spam? Or even that IronPort's purchase of SPAMCOP has somehow affected the way that they do things? Just curious. These legit IPs showing up on SPAMCOP are really throwing lots of False Positives in my weighting system. Thanks, Dan [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Do you have plans to offer offloading for WHITELIST HELO and WHITELIST REVDNS? Not at this time, simply because we can't envision there being a need for 200 such entries. :) However, the WHITELIST limit is something that comes up frequently, so it is quite possible that more changes will be made to allow for more WHITELIST entries. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses
Dan: FILTER-REVDNS filterC:\IMail\Declude\Filters\IMail_Filter_REVDNS.txt x 0 0 This is our Global entry for the file. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 12:00 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Kami, What is the name of the filter file that you have entries of those type in? Thanks, Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:51 AM Subject: RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Yes... Like a filter file: REVDNS -20 ENDSWITH .amazon.com I put the period before Amazon to just make sure no funky domain like .spamamazon.com can get through. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:39 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Kami: I've been taking a look at your configuration files every few weeks and based on what I saw there a couple of months ago, I also started WHITELISTing based on Reverse DNS and HELO a few months back. So there's probably many I'm not seeing as flagged by SPAMCOP because of the whitelist. It just so happened that the 3 I listed had not been whitelisted. I know that whitelisting will fix the problems but I also know that there's is definitely something up with SPAMCOP. Am I correct that you can only add 100 WHITELIST entries to the GLOBAL.CFG file? Is that 100 each for REVDNS and HELO or 100 total? Is there anyway to go past that limit and/or else offload those into a separate file? How do you do the negative Reverse DNS entries? Is that just by using the FILTER test? Thanks, Dan - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 05, 2003 10:24 AM Subject: RE: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Dan: We made a decision a long time ago to whitelist REVDNS of all the folks you had listed. We now have two REVDNS negative files. 1: Whitelist as entered in the Global.cfg (I only hope one day Scott moves these entries to their own files). 2: Negative reverseDNS files that adds negative weight to the ones that are legitimate and used by our users. That took care of a lot of problems.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, December 05, 2003 10:10 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMCOP Having Legit IP Addresses Hello, All, Has anyone noticed in the last few days that the IP addresses of a lot of legitimate e-mailers are showing up on SPAMCOP's blocklists? Specifically I've seen IP addresses for NYTIMES.COM, MICROSOFT.COM and MACROMEDIA.COM and a few others. Does anyone think it's possible that SPAMCOP's databases are being gamed by Spammers by submitting lots of e-mails with legit IP addresses and pretend that they came across as spam? Or maybe there are uninformed SPAMCOP users who are submitting legit e-mail to SPAMCOP as representative of spam? Or even that IronPort's purchase of SPAMCOP has somehow affected the way that they do things? Just curious. These legit IPs showing up on SPAMCOP are really throwing lots of False Positives in my weighting system. Thanks, Dan [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing