Hi Scott: I suddenly notice quite a bit of SPAM getting through. Here I am documenting a complete case with a total weight of 26. You'll see the Declude log, the Imail log, the SMTP headers of the SPAM and the SPAM itself. I'm also including my config files (removed the license password of course).
Please let's get that fixed again. Here is the DECLUDE LOG entry: 12/07/2001 05:22:18 Q9852238 OSRELAY:6 SPAMCOP:7 BADHEADERS:5 SPAMHEADERS:3 REVDNS:5 . Total weight = 26 12/07/2001 05:22:18 Q9852238 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [c0400203].). 12/07/2001 05:22:18 Q9852238 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [c0400203].). 12/07/2001 05:22:18 Q9852238 Msg failed REVDNS (This E-mail was sent from a mail server [No Reverse DNS] with no reverse DNS entry.). 12/07/2001 05:22:18 Q9852238 Subject: 7120 Would you like to lose weight while you sleep? 3589019 12/07/2001 05:22:18 Q9852238 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Here is the Imail Log: 12:07 05:22 SMTPD(01F60238) [63.107.174.78] connect 211.101.138.245 port 2216 12:07 05:22 SMTPD(01F60238) [211.101.138.245] EHLO wapdm.com 12:07 05:22 SMTPD(01F60238) [211.101.138.245] MAIL FROM:<[EMAIL PROTECTED]> 12:07 05:22 SMTPD(01F60238) [211.101.138.245] RCPT To:<[EMAIL PROTECTED]> 12:07 05:22 SMTPD(01F60238) [211.101.138.245] D:\IMAIL\spool\D9852238.SMD 1796 Here is the entire SPAM, including mail headers: Received: from SMTP32-FWD by mail.webhost.hm-software.com (SMTP32) id A00000FC4; Fri, 7 Dec 2001 05:22:20 -0500 Received: from SMTP32-FWD by hm-software.com (SMTP32) id A00001238; Fri, 7 Dec 2001 05:22:19 -0500 Received: from wapdm.com [211.101.138.245] by hm-software.com with ESMTP (SMTPD32-7.04) id A8521F60238; Fri, 07 Dec 2001 05:22:10 -0500 Received: from plain [61.120.42.52] by wapdm.com (SMTPD32-6.04) id A6E6210062; Fri, 07 Dec 2001 18:16:06 +0800 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC:[EMAIL PROTECTED],[EMAIL PROTECTED], [EMAIL PROTECTED] Content-Type: text/plain; charset="us-ascii" Subject: 7120 Would you like to lose weight while you sleep? 3589019 Date: Fri, 7 Dec 2001 19:19:35 Mime-Version: 1.0 Message-Id: <200112071816527.SM00812@plain> X-RBL-Warning: This E-mail was sent from a broken mail client [c0400203]. X-RBL-Warning: This E-mail has headers consistent with spam [c0400203]. X-RBL-Warning: This E-mail was sent from a mail server [No Reverse DNS] with no reverse DNS entry. X-Declude-Sender: [EMAIL PROTECTED] [211.101.138.245] X-Declude-Spoolname: D9852238.SMD X-Declude-Note: Processed by Declude 1.29; remote host [No Reverse DNS] Status: U X-UIDL: 301719291 As seen on NBC, CBS, CNN, and even Oprah! The health discovery that actually reverses aging while burning fat, without dieting or exercise! This proven discovery has even been reported on by the New England Journal of Medicine. Forget aging and dieting forever! And it's Guaranteed! Click here: http://ultimatehgh.81832.com Would you like to lose weight while you sleep! No dieting! No hunger pains! No Cravings! No strenuous exercise! Change your life forever! 100% GUARANTEED! 1.Body Fat Loss 82% improvement. 2.Wrinkle Reduction 61% improvement. 3.Energy Level 84% improvement. 4.Muscle Strength 88% improvement. 5.Sexual Potency 75% improvement. 6.Emotional Stability 67% improvement. 7.Memory 62% improvement. *********************************************************** Click here to see another weight loss product: http://weighout.81832.com You are receiving this email as a subscriber to the Opt-In America Mailing List. To remove yourself from all related maillists, just click here: mailto:[EMAIL PROTECTED]?Subject=REMOVE Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.hm-software.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Friday, December 07, 2001 10:03 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude v1.29 beta - Errors >1. Many messages with WEIGHT=0 or other weights are logged with single line >entries!? No from/to/subject information > >12/07/2001 01:05:22 Q5bfc2fa . Total weight = 0 At LOGLEVEL MID or higher, Declude will log the total weight for every E-mail, spam or not. >12/07/2001 01:06:11 Q5c32194 HEUR10:4 . Total weight = 4 >12/07/2001 01:06:16 Q5c503aa HEUR9:4 . Total weight = 4 >12/07/2001 01:06:27 Q5c5b2fa HEUR8:3 . Total weight = 3 >12/07/2001 01:06:29 Q5c603aa HEUR8:3 . Total weight = 3 These failed the HEUR10/HEUR9/HEUR8 tests, with the appropriate weight. >2. Declude Crashed (DECLUDE.GP* file are attached) Thank you for pointing that out. We're investigating this. >3. Here is the problem with invalid arithmetic that carried over from 1.28. >Notice how it lists all kind of failed tests in the first log entry - but >then does NOT list any of these tests (other than SPAMROUTING) in the >subsequent lines. > >12/07/2001 01:11:15 Q5d582f0 OSRELAY:6 SPAMCOP:7 SPAMROUTING:4 HEUR8:3 . >Total weight = 20 I'm not a mathematician, but when I add 6+7+4+3, I get the same answer (20) as Declude. >12/07/2001 01:11:15 Q5d582f0 Msg failed SPAMROUTING (This E-mail was routed >in a poor manner consistent with spam [20000103].). >12/07/2001 01:11:15 Q5d582f0 Subject: Prescriptions Without Doctors >Appointment..... >12/07/2001 01:11:15 Q5d582f0 From: [EMAIL PROTECTED] To: >[EMAIL PROTECTED] If you have the action for OSRELAY, SPAMCOP, and HEUR8 set to IGNORE, then you may not see a log file entry when E-mail fails those tests. However, they will still be used towards the weighting. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
$default$.junkmail
Description: Binary data
Global.cfg
Description: Binary data
