I am also seeing a lot of spam today, but no changes have been made to my systems. I think it might just be a "storm". _M
| -----Original Message----- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Schmidt | Sent: Friday, December 07, 2001 12:13 PM | To: [EMAIL PROTECTED] | Subject: [Declude.JunkMail] Declude v1.29 beta - WEIGHT no longer | working properly | Importance: High | | | Hi Scott: | | I suddenly notice quite a bit of SPAM getting through. Here I am | documenting a complete case with a total weight of 26. You'll see the | Declude log, the Imail log, the SMTP headers of the SPAM and the SPAM | itself. I'm also including my config files (removed the license | password of | course). | | Please let's get that fixed again. | | Here is the DECLUDE LOG entry: | | 12/07/2001 05:22:18 Q9852238 OSRELAY:6 SPAMCOP:7 BADHEADERS:5 | SPAMHEADERS:3 | REVDNS:5 . Total weight = 26 | 12/07/2001 05:22:18 Q9852238 Msg failed BADHEADERS (This E-mail was sent | from a broken mail client [c0400203].). | 12/07/2001 05:22:18 Q9852238 Msg failed SPAMHEADERS (This E-mail | has headers | consistent with spam [c0400203].). | 12/07/2001 05:22:18 Q9852238 Msg failed REVDNS (This E-mail was | sent from a | mail server [No Reverse DNS] with no reverse DNS entry.). | 12/07/2001 05:22:18 Q9852238 Subject: 7120 Would you | like to lose | weight while you sleep? 3589019 | 12/07/2001 05:22:18 Q9852238 From: [EMAIL PROTECTED] To: | [EMAIL PROTECTED] | | | Here is the Imail Log: | | 12:07 05:22 SMTPD(01F60238) [63.107.174.78] connect 211.101.138.245 port | 2216 | 12:07 05:22 SMTPD(01F60238) [211.101.138.245] EHLO wapdm.com | 12:07 05:22 SMTPD(01F60238) [211.101.138.245] MAIL | FROM:<[EMAIL PROTECTED]> | 12:07 05:22 SMTPD(01F60238) [211.101.138.245] RCPT | To:<[EMAIL PROTECTED]> | 12:07 05:22 SMTPD(01F60238) [211.101.138.245] D:\IMAIL\spool\D9852238.SMD | 1796 | | | Here is the entire SPAM, including mail headers: | | Received: from SMTP32-FWD by mail.webhost.hm-software.com | (SMTP32) id A00000FC4; Fri, 7 Dec 2001 05:22:20 -0500 | Received: from SMTP32-FWD by hm-software.com | (SMTP32) id A00001238; Fri, 7 Dec 2001 05:22:19 -0500 | Received: from wapdm.com [211.101.138.245] by hm-software.com with ESMTP | (SMTPD32-7.04) id A8521F60238; Fri, 07 Dec 2001 05:22:10 -0500 | Received: from plain [61.120.42.52] by wapdm.com | (SMTPD32-6.04) id A6E6210062; Fri, 07 Dec 2001 18:16:06 +0800 | From: [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | CC:[EMAIL PROTECTED],[EMAIL PROTECTED], | [EMAIL PROTECTED] | Content-Type: text/plain; charset="us-ascii" | Subject: 7120 Would you like to lose weight while you sleep? | 3589019 | Date: Fri, 7 Dec 2001 19:19:35 | Mime-Version: 1.0 | Message-Id: <200112071816527.SM00812@plain> | X-RBL-Warning: This E-mail was sent from a broken mail client [c0400203]. | X-RBL-Warning: This E-mail has headers consistent with spam [c0400203]. | X-RBL-Warning: This E-mail was sent from a mail server [No | Reverse DNS] with | no reverse DNS entry. | X-Declude-Sender: [EMAIL PROTECTED] [211.101.138.245] | X-Declude-Spoolname: D9852238.SMD | X-Declude-Note: Processed by Declude 1.29; remote host [No Reverse DNS] | Status: U | X-UIDL: 301719291 | | As seen on NBC, CBS, CNN, and even Oprah! The health | discovery that actually reverses aging while burning fat, | without dieting or exercise! This proven discovery has even | been reported on by the New England Journal of Medicine. | Forget aging and dieting forever! And it's Guaranteed! | | Click here: | http://ultimatehgh.81832.com | | Would you like to lose weight while you sleep! | No dieting! | No hunger pains! | No Cravings! | No strenuous exercise! | Change your life forever! | | 100% GUARANTEED! | | 1.Body Fat Loss 82% improvement. | 2.Wrinkle Reduction 61% improvement. | 3.Energy Level 84% improvement. | 4.Muscle Strength 88% improvement. | 5.Sexual Potency 75% improvement. | 6.Emotional Stability 67% improvement. | 7.Memory 62% improvement. | | *********************************************************** | | Click here to see another weight loss product: | http://weighout.81832.com | | You are receiving this email as a subscriber | to the Opt-In America Mailing List. | To remove yourself from all related maillists, | just click here: | mailto:[EMAIL PROTECTED]?Subject=REMOVE | | | Best Regards | Andy Schmidt | | H&M Systems Software, Inc. | 600 East Crescent Avenue | Suite 203 | Upper Saddle River, NJ 07458-1846 | | Phone: +1 201 934-3414 x20 (Business) | Fax: +1 201 934-9206 | | http://www.hm-software.com/ | | | -----Original Message----- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry | Sent: Friday, December 07, 2001 10:03 AM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Declude v1.29 beta - Errors | | | | >1. Many messages with WEIGHT=0 or other weights are logged with | single line | >entries!? No from/to/subject information | > | >12/07/2001 01:05:22 Q5bfc2fa . Total weight = 0 | | At LOGLEVEL MID or higher, Declude will log the total weight for every | E-mail, spam or not. | | >12/07/2001 01:06:11 Q5c32194 HEUR10:4 . Total weight = 4 | >12/07/2001 01:06:16 Q5c503aa HEUR9:4 . Total weight = 4 | >12/07/2001 01:06:27 Q5c5b2fa HEUR8:3 . Total weight = 3 | >12/07/2001 01:06:29 Q5c603aa HEUR8:3 . Total weight = 3 | | These failed the HEUR10/HEUR9/HEUR8 tests, with the appropriate weight. | | >2. Declude Crashed (DECLUDE.GP* file are attached) | | Thank you for pointing that out. We're investigating this. | | >3. Here is the problem with invalid arithmetic that carried over | from 1.28. | >Notice how it lists all kind of failed tests in the first log entry - but | >then does NOT list any of these tests (other than SPAMROUTING) in the | >subsequent lines. | > | >12/07/2001 01:11:15 Q5d582f0 OSRELAY:6 SPAMCOP:7 SPAMROUTING:4 HEUR8:3 . | >Total weight = 20 | | I'm not a mathematician, but when I add 6+7+4+3, I get the same | answer (20) | as Declude. | | >12/07/2001 01:11:15 Q5d582f0 Msg failed SPAMROUTING (This E-mail | was routed | >in a poor manner consistent with spam [20000103].). | >12/07/2001 01:11:15 Q5d582f0 Subject: Prescriptions Without Doctors | >Appointment..... | >12/07/2001 01:11:15 Q5d582f0 From: [EMAIL PROTECTED] To: | >[EMAIL PROTECTED] | | If you have the action for OSRELAY, SPAMCOP, and HEUR8 set to IGNORE, then | you may not see a log file entry when E-mail fails those tests. However, | they will still be used towards the weighting. | -Scott | | --- | [This E-mail was scanned for viruses by Declude Virus | (http://www.declude.com)] | | --- | | This E-mail came from the Declude.JunkMail mailing list. To | unsubscribe, just send an E-mail to [EMAIL PROTECTED], and | type "unsubscribe Declude.JunkMail". You can E-mail | [EMAIL PROTECTED] for assistance. You can visit our web | site at http://www.declude.com . | --- | [This E-mail was scanned for viruses by Declude Virus | (http://www.declude.com)] | | --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
