I have a similar issue but it is only with one server. I whitelist the
UNC and not the IP...don't have any particular reason other than the IP
is in a PIX pool and could conceivably be used by something else. With
25 to 30 different machines that would be hard to monitor individually.
I wonder
I understand your point. I will ponder on it to see if I come up with
anything. (Unless someone else does first. :) )
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTE
>But if each person has there own public IP address, I can not see how
>that person would send say 80 or 100 legitimate e-mails internally
>within say 1 hour.
>If there are one or two or a few, it is better to just whitelist those
>specific IP addresses.
These are valid points too. However, th
A few more for 07/29/2002
.offermarket.us 07292002-034
.onetravel.com 07292002-035
.freelotto.com 07292002-036
.tradersunite.com 07292002-037
The kill file was updated and can be dow
>Point taken. But working for an small Internet provider, all of the
employees here >are well aware of the severe beatings they will receive
(from customer and co->worker alike) if they try anything cute like
that.
But if each person has there own public IP address, I can not see how
that person
-- Original Message --
From: "John Tolmachoff" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Mon, 29 Jul 2002 16:36:11 -0700
>But wouldn't that defeat the purpose of protecting against some one in
>the office sending out bulk junk e-mail, which is
But wouldn't that defeat the purpose of protecting against some one in
the office sending out bulk junk e-mail, which is the primary purpose of
Hijack?
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From: [EMA
>Sorry if this is a bit off-topic, but I was wondering if you can use the
>ALLOWIP line in the Hijack.cfg file to allow unlimited SMTP traffic for an
>entire class C subnet. Occasionally machines in our office send out a lot
>of internal messages, enough to go over Hijacks second threshold so
Sorry if this is a bit off-topic, but I was wondering if you can use the ALLOWIP line
in the Hijack.cfg file to allow unlimited SMTP traffic for an entire class C subnet.
Occasionally machines in our office send out a lot of internal messages, enough to go
over Hijacks second threshold so I'm
This is the kind of mail I am seeing:
Subject: Motorola Cell Phone+ $50 Cash Back
X-List-Unsubscribe: <[EMAIL PROTECTED]>
From: "Melissa H." <[EMAIL PROTECTED]>
Reply-To: "Melissa H." <[EMAIL PROTECTED]>
Return-Path: [EMAIL PROTECTED]
So I have bounce listed as well as dealseveryday. Also $ and
>I'm not. Been around fighting with these stupid square headed girl
>friends since '73 when they were huge boxes with 32 and 64 Kb of ram.
I
>learned a long time ago no matter what you say, someone can justifiably
>prove you wrong. So I try to beat them to the punch...LOL
LOL
John Tolmachoff
I
I find that most legitimate lists have bounce@ as the reply.
My guess is that they're responsible about keeping their lists updated
and have automated systems to remove the address that bounced.
I suppose spammers might do the same but they're charging per email
address whether it's right or wro
> Basically that is what I have done. I have weight set to 20 before it
> stops anything so bounce alone cannot do it. Trouble is RVSDNS (5) and
> spamheaders(5) can. I figure if all three are hit, chances are it is
> real and not just a poorly run server.
Here is a portion of my CFG file, if
I'm not. Been around fighting with these stupid square headed girl
friends since '73 when they were huge boxes with 32 and 64 Kb of ram. I
learned a long time ago no matter what you say, someone can justifiably
prove you wrong. So I try to beat them to the punch...LOL
Jim Rooth
Klotron, Inc.
>I don't have good ideas for you. I just know I see quit a few
>legitimate subscriptions using bounce in the mailfrom.
Terry, we appreciate your opinion as we do others in this list.
It helps us gather information from your experiences and views.
With this information others like Scott
Basically that is what I have done. I have weight set to 20 before it
stops anything so bounce alone cannot do it. Trouble is RVSDNS (5) and
spamheaders(5) can. I figure if all three are hit, chances are it is
real and not just a poorly run server.
Jim Rooth
Klotron, Inc.
-Original Messa
> Oh well, open mouth a little wider and put the other foot in it...you
> gotta love the list...enough diversity that every subject can be covered
> and recovered. I do believe I will leave my bounce set up for the time
> being though...already have both feet in my mouth so can't go too far
> wr
Yes sir, I answered before I read all the replies...my bad.
Jim Rooth
Klotron, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Smart Business
Lists
Sent: Monday, July 29, 2002 4:39 PM
To: Jim Rooth
Subject: Re[2]: [Declude.JunkMail] Adding BOUNCE
Tom,
Monday, July 29, 2002 you wrote:
T> I see, so there are a few out there. I guess I could use another
T> list with a weighing system for the BOUNCE address. What are your
T> thoughts, if any?
"bounce" is less common now in lists than a short time back. I
suppose that's why so much spa
> Here again, I only look for it in the MAILFROM and not in the body or
> subject. Maybe that is why I haven't had any problems...yet. Knocking
> on every piece of wood I can find...
Ok, after doing some more research I came up with the following conclusion:
I created another FROMFILE called W
Oh well, open mouth a little wider and put the other foot in it...you
gotta love the list...enough diversity that every subject can be covered
and recovered. I do believe I will leave my bounce set up for the time
being though...already have both feet in my mouth so can't go too far
wrong!
Jim
Jim,
Monday, July 29, 2002 you wrote:
JR> I only look for it in the MAILFROM and not in the body or
The examples I gave were from MAILFROM not body.
They may be in the body but I don't have the messages to check
them.
---
[This E-mail was scanned for viruses by Declude Virus (http:/
Here again, I only look for it in the MAILFROM and not in the body or
subject. Maybe that is why I haven't had any problems...yet. Knocking
on every piece of wood I can find...
Jim Rooth
Klotron, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of T
> I haven't kept a running database of them but never expected to have
> to prove anything.
Your word is good enough.
>@bounces.spamcop.net - note that bounce is inside bounces
> these are sent for incident reports
>
>@bounce.forbesdigital.com
>This was a previous post, however, the subject line was incorrect.
>sorry for the inconvenience.
Periodically we clean the Kill List and start a new one based on actual
usage, that is why each item on the kill list has an ID. This ID should
appear in the Declude log file if the message fails an
Two more added to the list today!
The FULL kill file can also be downloaded from the following URL:
http://www.imagefxonline.net/apps/delog/fromfile.txt
Regards,
Tom
Image`fx
--
.thenetdeals.com07292002-032
.mynetmarketer.com
> What are people using to analyze their declude log files? I am looking
> to see if there are any utils that will break down how many messages its
> scanned versus which tests it failed the most.
>
You can try Delog. It can be downloaded from the following URL:
http://www.imagefxonline.net/a
Yes
Monday, July 29, 2002, 3:51:24 PM, you wrote:
DL> Scott,
DL> In the new version is it even able to more refined subnets like
DL> 1.1.1.16/28?
DL> Darrell
DL> -Original Message-
DL> From: [EMAIL PROTECTED]
DL> [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
DL> Sent: Monda
What are people using to analyze their declude log files? I am looking
to see if there are any utils that will break down how many messages its
scanned versus which tests it failed the most.
Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E
Tom,
Monday, July 29, 2002 you wrote:
T> Have you ever seen "BOUNCE" used in legitimate mail?
I haven't kept a running database of them but never expected to have
to prove anything.
But just from today I can list a few:
@bounces.spamcop.net - note that bounce is inside bounces
Try 66.54.32.
John Tolmachoff
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L.
Sent: Monday, July 29, 2002 1:34 PM
To: [EMAIL PROTECTED]
Subject: [Declu
Scott,
In the new version is it even able to more refined subnets like
1.1.1.16/28?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Monday, July 29, 2002 4:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] White
I believe my problem was related to lack of reading the docs closely..
It turns out the docs say to not put a * on the end but just leave the
trailing ".".
i.e.
WHITELIST IP 66.54.32.
Sorry for wasting everyone's time..
dl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTE
>I add the following line to my global.cfg file
>
>WHITELIST IP 66.54.32.*
>
>However, messages from the 66.54.32.* subnet are not being WhiteListed.
>What am I doing wrong?
That's because Declude JunkMail doesn't understand what the "*" means.
You can either use "WHITELIST IP 66.54.32.", or wi
> I personally have MAILFROM 10 CONTAINS bounce in myfilter.txt. I have
> yet to see it where it wasn't associated with some type of spam.
> However, bounce alone is not enough for me to kick - it creates a weight
> of 15 as Myfilter adds a weight of 5. I have my kick weight set at 20
> so it m
I add the following line to my global.cfg file
WHITELIST IP 66.54.32.*
However, messages from the 66.54.32.* subnet are not being WhiteListed.
What am I doing wrong?
Darrell
Received: from [66.54.32.207] by mail1.gannett-tv.com
(SMTPD32-7.11) id A3743F003C; Mon, 29 Jul 2002 16:20:04 -0400
I personally have MAILFROM 10 CONTAINS bounce in myfilter.txt. I have
yet to see it where it wasn't associated with some type of spam.
However, bounce alone is not enough for me to kick - it creates a weight
of 15 as Myfilter adds a weight of 5. I have my kick weight set at 20
so it means someth
Thanks, I was more than a little confused. I am sure Scott had told me
that but for some reason it just didn't stick. Hopefully it will this
time.
Jim Rooth
Klotron, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry
Sent: Monday, July
> T> would or could it capture legitimate mail?
>
> Yes. Lots of valid mailing lists have bounce in them too.
So far I have not received any legitimate mail from a BOUNCE address,
though, I'm sure there are some out there. This is also why I did
not use it in the kill list- yet. I really wan
Oh well, so much for my two cents worth...I'll have to keep an eye on it
a little closer I reckon...maybe have to have my eyes open??? LOL
Jim Rooth
Klotron, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Smart Business
Lists
Sent: Monday, July
Periodically we clean the Kill List and start a new based on actual usage,
that is why each item on the kill list has an ID. This ID should appear
in the Declude log file if the message fails an address from the Kill file.
The ID indicates the date of placement along wihth a unique three digit
nu
Tom,
Monday, July 29, 2002 you wrote:
T> That is, should we block them or not?
You'd have to be careful.
T> would or could it capture legitimate mail?
Yes. Lots of valid mailing lists have bounce in them too.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.decl
Post your thoughts on the following addresses...
@BOUNCE
.BOUNCE
BOUNCE.
In my research I found these addresses to be typical with
spam messages, I'd be curious to hear what your findings are.
That is, should we block them or not? would or could it capture
legitimate mail?
Regards,
Tom
Image`
Jim, with Declude, inbound messages are passed directly to Declude by IMail
for processing and if clean, then dropped directly into the spool directory
for delivery. If a legitimate message is held, you can simply move the Q &
D files of the legit message into the spool directory and IMail will d
Ok, let me rephrase...would I be able to go to that email and hit
forward and add the original address or would JunkMail catch it again?
I guess my question is what stops JunkMail from catching it the second
time?
Jim Rooth
Klotron, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailt
>Based on the ROUTETO theory, what steps would be needed to send the
>email on to the original destination if it was found to be legitimate?
It would need to be forwarded somehow.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.co
Based on the ROUTETO theory, what steps would be needed to send the
email on to the original destination if it was found to be legitimate?
Jim Rooth
Klotron, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Monday, July 29, 200
>Is there a way to have an email sent to me by the Junkmail software that
>tells me, personally, as the administrator, that a spam email has been
>sent to the spam folder? (same idea as the Declude virus sends me a
>virus notification when someone's email has been quarantined.)
The closest thing
My apologies in advance if this has already been covered.
Is there a way to have an email sent to me by the Junkmail software that
tells me, personally, as the administrator, that a spam email has been
sent to the spam folder? (same idea as the Declude virus sends me a
virus notification when som
I haven't been this amazed at how well a piece of software works since I
installed Declude Virus a year ago.
With very little configuration done so far, with HOLD turned on, based
only on the weight20 test, I am catching TONS of spam, with very little
few legit emails being caught.
Thanks Scott!
>Actually, the pop-up that I get does not directly reference
>user32.dll. It says:
>
>Sniffer.exe -- Application Error
>The application failed to initialize properly (0xc142). Click on OK
>to terminate the application.
>
>So this may not have anything to do with Declude at all.
Actually,
Thanks! Can't wait to add this one.
--Todd.
- Original Message -
From: "Mike Nice" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 29, 2002 7:57 AM
Subject: Re: [Declude.JunkMail] Oh gosh!
> This is an excellent free DNS-based blocklist from monkeys.com (infinite
> mon
Monday, July 29, 2002 you wrote:
DL> Anyone have any idea's on why they wouldn't have those addresses setup?
They don't set them up. My guess is because they handle too much
volume. I suspect it would take a significant staff to handle what
they would get in postmaster and abuse.
---
I find that interesting that the major ISP's fail those kinds of tests.
Anyone have any idea's on why they wouldn't have those addresses setup?
Dl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Tom Baker |
Netsmith Inc
Sent: Friday, July 26, 2002 4:27
This is an excellent free DNS-based blocklist from monkeys.com (infinite
monkeys!). The following statements in Global.cfg will activate it - adjust
the point value to go with your weighting scheme. monkeyproxies can be
rated more than 2/3 the amount needed to hold a message. The good part is
t
Pardon the ignorance...what is MONKEYPROXIES?
--Todd.
- Original Message -
From: "Mike Nice" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 28, 2002 10:36 PM
Subject: Re: [Declude.JunkMail] Oh gosh!
> MessageI've noticed that MONKEYPROXIES has become more effective rec
56 matches
Mail list logo