flailing a deceased equine... Crap. Running through the Imail log analyzer I found some of the host names I was looking for preceded by "mail1" or some other name. I added these to the kill list in the hopes that this is actually the "MAIL FROM in the SMTP envelope" that is being reported. I also found a few of the spammers, like Top-brands.com, mailservers were named "something".bluerockdove.com so I put "bluerockdove.com" in the blacklist. I also found that they were coming from an several IPs 205.205.236.245(228,243) so I created a bannedip.txt file added 205.205.236.0/24, created a "bannedip" test in the declude files and then set the action to "delete" to hopefully block anything from them in the future. Another prolific spammer was mb00.net also using several other names in the mailfrom. They seemed to be originating from 216.39.115.66 (81,68,55) so I also added 216.39.115.0/24 to bannedip.txt. Would this work just as well, better or faster if I put these IPs in the SMTP control access list? Though I didn't see an easy way to block an entire class C.
Thanks for all the help and quick Reponses. Marc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, November 19, 2002 02:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Blacklist not working as expected >After reprinting the Junkmail manual I see why am only having partial >success. I have been using the "from" domains in the format >@emailoffers.com (occasionally using the format deals-central.com - to catch >10.dealscentral as well as 20.dealscentral). So I suppose since the "from" >and or "reply to" addresses are often going to be different than the >X-declude sender (which I don't see in the e-mail headers? I'd have to dig >through the I-mail logs to find this?) I'm really only "blacklisting" those >that happen to be the same. Correct. You can use the "XSENDER ON" option (in the \IMail\Declude\global.cfg file) to get Declude JunkMail to record the return address in the headers. >I have since added most of the e-mail address that were in the blacklist >file to the SMTP KILL list in IMAIL, which says that it checks the from >address. Lets see if that helps. Sorry -- it, too, checks the return address (also called "MAIL FROM" or "From address in the SMTP envelope"). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
