[MBF] We are changing our mailing list software
Hi everyone. I just wanted to send a quick note to let you know that this evening we are changing our mailing list software to a different platform. Everyone on this list will receive an email with an invite/link to re-subscribe. Just wanted to give everyone a heads up to let you know that the invite and link are legitimate and not a phishing attempt. Thanks and Happy Holidays! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: Export or Print Report of ALL Users
You're welcome J Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, April 29, 2016 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Export or Print Report of ALL Users WOW And Thanks! It would seem SM itself should have such a capability From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, April 29, 2016 9:08 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Export or Print Report of ALL Users Hi Martin. This utility can do what you're needing: http://josh.com/tsma/tsmadump/ Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, April 29, 2016 7:53 AM To: community@mailsbestfriend.com Subject: [MBF] Export or Print Report of ALL Users Is there no way to simply export or print a list of all email addresses (users) on a SmarterMail Server? Ideally, I would like to export all email addresses and aliases for open in an Excel Workbook. MDM ad...@kodot.com
[MBF] Re: Export or Print Report of ALL Users
Hi Martin. This utility can do what you're needing: http://josh.com/tsma/tsmadump/ Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, April 29, 2016 7:53 AM To: community@mailsbestfriend.com Subject: [MBF] Export or Print Report of ALL Users Is there no way to simply export or print a list of all email addresses (users) on a SmarterMail Server? Ideally, I would like to export all email addresses and aliases for open in an Excel Workbook. MDM ad...@kodot.com
[MBF] Re: Filter flub?
Hee hee! David is a funny guy as you all can see :P I agree. this is indeed some kind of strange glitch. Tina, your global looks just fine. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's Best Friend | 1-866-919-2075 Sent: Thursday, April 21, 2016 4:00 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Filter flub? Ah it was an HP Support ticket.. (You didn't mention that). the answer is obviously then a very very very VERY..bad spam message ;) From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Tina Cline Sent: Thursday, April 21, 2016 3:45 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Filter flub? I sent Linda a copy of my Global.cfg just in case, but I will chalk it up as wonky. The email in question was from HP support and they love to put the case# in the subject which reads as spammy as well as different languages in the body, so it is bound to fail some filters, but not like this. I have never seen it before and hopefully not again.at least to "legit" email. Thanks for being here! Tina Cline 270net Technologies IT Support Specialist Phone: 301.663.6000 x200 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's Best Friend | 1-866-919-2075 Sent: Thursday, April 21, 2016 4:32 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Filter flub? HI Tina, In 12 years I have only seen this once before. This was a very very very VERY..bad spam message or under very specific and unknown circumstances this mathematical anomaly occurs. Sorry can't be more helpful but it is exactly that. A glitch in the matrix. David From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Tina Cline Sent: Thursday, April 21, 2016 3:13 PM To: community@mailsbestfriend.com Subject: [MBF] Filter flub? We had an email get deleted because declude gave the score of: 1,601,332,592 How does that happen?? It looks like it gave the score for FROMNOMATCH which we have set up as: FROMNOMATCH FROMNOMATCH X X 2 0 How does that happen? I have not found it doing this before and there have been no recent changes to the global.cfg. 04/19/2016 13:05:37.749 165748725 Tests failed [weight=1601332592]: CATCHALLMAILS=IGNORE[0] IPNOTINMX=IGNORE[0] SPFPASS=IGNORE[0] SUBCHARS-55=IGNORE[1] SUBCHARS-60=IGNORE[1] SUBCHARS-65=IGNORE[1] FROMNOMATCH=IGNORE[1601332583] FILTER-SPAM=IGNORE[1] FILTER-SUBJECT=IGNORE[4] PRE-TESTED=IGNORE[1] WEIGHT10=WARN[10] WEIGHT14=WARN[14] WEIGHT20=WARN[20] WEIGHT30=DELETE[30] Tina Cline 270net Technologies - IT Support Specialist Phone: 301.663.6000 x200 Fax: 301.663.4410 www.270net.com "Internet Technology for Business and Government"
[MBF] Re: Filter flub?
Tina, can you send me a copy of your global.cfg? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Tina Cline Sent: Thursday, April 21, 2016 3:13 PM To: community@mailsbestfriend.com Subject: [MBF] Filter flub? We had an email get deleted because declude gave the score of: 1,601,332,592 How does that happen?? It looks like it gave the score for FROMNOMATCH which we have set up as: FROMNOMATCH FROMNOMATCH X X 2 0 How does that happen? I have not found it doing this before and there have been no recent changes to the global.cfg. 04/19/2016 13:05:37.749 165748725 Tests failed [weight=1601332592]: CATCHALLMAILS=IGNORE[0] IPNOTINMX=IGNORE[0] SPFPASS=IGNORE[0] SUBCHARS-55=IGNORE[1] SUBCHARS-60=IGNORE[1] SUBCHARS-65=IGNORE[1] FROMNOMATCH=IGNORE[1601332583] FILTER-SPAM=IGNORE[1] FILTER-SUBJECT=IGNORE[4] PRE-TESTED=IGNORE[1] WEIGHT10=WARN[10] WEIGHT14=WARN[14] WEIGHT20=WARN[20] WEIGHT30=DELETE[30] Tina Cline 270net Technologies - IT Support Specialist Phone: 301.663.6000 x200 Fax: 301.663.4410 www.270net.com "Internet Technology for Business and Government"
[MBF] SNF Engine Update to 3.2.1 / Short Buffer Bug Fix
Hi everyone. Today Arm Research has released a new SNF engine with a minor bug fix. Please update your SNF installation at your convenience. Chances are that you've not seen any problems from this bug. If you have experienced problems they most likely presented as very rare, random errors possibly causing a crash. As with most SNF engine updates the simplest process is to replace your binary with the latest. For windows users here are some links to the latest engine: http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox32-3.2.1.exe http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox64-3.2.1.exe Simply stop your SNFServer, swap in the new .exe (renamed of course) and restart SNFServer. For folks running linux platforms the packages and source tarballs on our web site have all been updated. OEMs using the windows SDK should upgrade to the latest DLL which should be a swap-in replacement. http://www.armresearch.com/Downloads/index.jsp --- Technical details: The bug fix is for a short buffer allocation in the codedweller/configuration.cpp module. The bug fix also solves problems unrelated to SNF where applications using the CodeDweller/configuration engine to parse unusually large XML attributes could cause a stack overflow. The solution allocates the buffer for attributes from the heap instead of the stack and eliminates a short-by-one allocation error. Those curious about the source code can see the important diff here: Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: My Filters
Thank you so much Martin! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker | Mail's Best Friend | 1-866-919-2075 Sent: Thursday, February 18, 2016 9:48 PM To: community@mailsbestfriend.com Subject: [MBF] Re: My Filters Wow! Martin, so kind of you to do this we appreciate your willingness to share your work. David From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Schaible Sent: Thursday, February 18, 2016 6:50 PM To: community@mailsbestfriend.com Subject: [MBF] My Filters Hello I contribute my new filters to the community. I hope, that you can use i it as a complete set or at least some filters. Maybe it gives also some inspiration J This is the link: https://gitlab.com/martin.schaible/declude-signatures Freundliche Grüsse -- netfusion GmbH | Martin Schaible Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland Tel.: +41 44 585 22 54 E-Mail: <mailto:mar...@netfusion.ch> mar...@netfusion.ch Internet: <http://www.netfusion.ch/> www.netfusion.ch Helpdesk und Community: <http://portal.netfusion.ch/> portal.netfusion.ch Wir sind auch auf Facebook präsent: <http://www.facebook.com/NetfusionGmbH> www.facebook.com/NetfusionGmbH -- nfqrcode150x150
[MBF] Re: A few helpful things that you may not be aware of
Thanks for your feedback Dan! It's much appreciated. We have some really great vids coming up over the next few months. Stay tuned for those! J Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Saturday, January 30, 2016 6:20 AM To: community@mailsbestfriend.com Subject: [MBF] Re: A few helpful things that you may not be aware of First of all, Linda, what a great idea! The You Tube Videos are time consuming to create but maybe could reduce some of the repeated responses to questions you may get tired of answering over and over. As SM administrators, there are many tasks that get done once then not touched for a long time. So if and when needed, one has to learn or re-learn A always wanted to take the entire SM helps and mount as a flipbook. The process is easily done with tools I have. Getting the collection of PDFs is a greater time consumer. You know I put Bruce Barne's SPAM setup together as a flipbook and have it available via Internet. Great effort. Thanks and keep building You Tube Videos.. Dan Martin Margheim Independent PC Consultant ad...@kodot.com 727-365-3372 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Saturday, January 30, 2016 1:33 AM To: community@mailsbestfriend.com Subject: [MBF] A few helpful things that you may not be aware of Hi everyone. I'm not sure if you are aware, but we have a Facebook page, a Twitter account, a YouTube channel and a pretty sweet knowledgebase. Here are the links if you would like to check out any of these things: Facebook: https://www.facebook.com/mailsbestfriend (Give us a Like?) Twitter: https://twitter.com/MailsBestFriend (@MailsBestFriend) (Follow us! We love being followed!) YouTube: https://www.youtube.com/channel/UCqCv4wtoZkwxB9QZQ5F1frQ (instructional vids and our cool, new TV commercial!) MBF Knowledgebase : http://know.mailsbestfriend.com/ (Let us know if there is an article that you would like us to write!) Enjoy! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1
[MBF] A few helpful things that you may not be aware of
Hi everyone. I'm not sure if you are aware, but we have a Facebook page, a Twitter account, a YouTube channel and a pretty sweet knowledgebase. Here are the links if you would like to check out any of these things: Facebook: https://www.facebook.com/mailsbestfriend (Give us a Like?) Twitter: https://twitter.com/MailsBestFriend (@MailsBestFriend) (Follow us! We love being followed!) YouTube: https://www.youtube.com/channel/UCqCv4wtoZkwxB9QZQ5F1frQ (instructional vids and our cool, new TV commercial!) MBF Knowledgebase : http://know.mailsbestfriend.com/ (Let us know if there is an article that you would like us to write!) Enjoy! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Message Sniffer New Version -- SNFMulti 3.2.0 -- Strangers
HI everyone! A new version of Message Sniffer is available. The most exciting new feature for this version is: Strangers. The "Strangers" algorithm replaces the previous White-Guard algorithm. Strangers prevents high-intensity pre-tested spam from poisoning IP reputations in GBUdb and enhances SNF's sensitivity to these kinds of attacks. Once pattern rules begin to match the pre-tested attack the IP reputations quickly climb into the black enhancing all of SNF's learning systems. Normal, but new, IP sources are held to low-confidence reputations for several hours, but after that are allowed to develop normally. Short summary: Strangers lets SNF close the door more quickly on pre-tested spam while enhancing SNF's learning sensitivity to those events and without interfering with normal IP reputation processing. Here are some links: Packages from the LabRats... http://www.armresearch.com/message-sniffer/download/packages/ SNFMilter tarball... http://www.armresearch.com/message-sniffer/download/updates/snf-milter-1.2.0 .tar.gz SNFServer tarball... http://www.armresearch.com/message-sniffer/download/updates/snf-server-3.2.0 .tar.gz SNFServer 32bit Windows exe... http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox32-3.2.0.exe Not better, but if you _really_ want it ... SNFServer 64bit Windows exe... http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox64-3.2.0.exe Thanks and Happy Holidays! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: Update on strange Message Sniffer issue
Yes, I believe this can be seamless if you do it the way that you are talking about doing it. Also, yes, if I were you, I would add the additional MX to your DNS. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Saturday, December 05, 2015 7:49 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Do you think this could be seamlessly completed meaning the existing server continues to operate until time to switch MX Records? Could | Should one set higher (MX30 | MX40) records for the new server while the old server is running on MX10 | MX20? From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Saturday, December 05, 2015 8:33 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Hi Martin. Smartermail actually has a migration tool built into their software that will help you migrate very easily. Please check out our KB article here for the details: http://know.mailsbestfriend.com/how_to_migrate_to_smartermail_from_different _email_platforms--806665523.shtml Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, December 04, 2015 10:17 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Linda: I will take care of the update with thanks for the input. Now, a question: Is there a reasonably simple and organized way to migrate from a Microsoft Hosted Exchange Server to my SmarterMail server? I am aware of an account with approximately 40 email accounts I would like to propose putting on my server. It is a pretty active commercial printer and there will be a lot of decent sized attachments flowing. The domain was once run in house on a SmarterMail server that died. At the time, a decision was made to move email off site and a Microsoft Hosted Exchange provider was chosen. If I were to take over the account on my server, a DELL 1950 III, 8GB RAM and currently or available storage space of at least 100GB operating in a professional Co-Lo center with a Windows 2008 r2 OpSys. It is the same machine you helped get operational over a year ago. It is the same machine which uses MBFs services. What I would desire is to run the email in parallel, if possible in order that I could get system setup and working before terminating the Microsoft Hosted Exchange services. I would need have all the email that resides on the MHEX available on the SmarterMail server. I would want a seamless cutover (The eternal but elusive wish for all IT related projects. Care to make any comments? Thanks Martin From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, December 04, 2015 8:33 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Hi Martin. Your rulebase will update automatically, but the Sniffer Engine will not. You will have to upgrade that using one of the links that I have provided. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, December 04, 2015 7:31 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Linda: Should I perform this process on the komailpro.com server or will ARM eventually update itself? Your last statement implies the update will naturally occur over a course of time. Dan Martin Margheim Independent PC Consultant ad...@kodot.com 727-365-3372 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, December 04, 2015 8:05 AM To: community@mailsbestfriend.com Subject: [MBF] Update on strange Message Sniffer issue Hi everyone. According to Arm Research's latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. They have not seen any significant events in their detection software since 9pm EST last evening. In the meantime, they have updated the SNF software to check for short-match events and treat them as rule-panic events. This renders them inert so that if this kind of rulebase corruption occurs again the SNF engine w
[MBF] Re: Update on strange Message Sniffer issue
Hi Martin. Smartermail actually has a migration tool built into their software that will help you migrate very easily. Please check out our KB article here for the details: http://know.mailsbestfriend.com/how_to_migrate_to_smartermail_from_different _email_platforms--806665523.shtml Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, December 04, 2015 10:17 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Linda: I will take care of the update with thanks for the input. Now, a question: Is there a reasonably simple and organized way to migrate from a Microsoft Hosted Exchange Server to my SmarterMail server? I am aware of an account with approximately 40 email accounts I would like to propose putting on my server. It is a pretty active commercial printer and there will be a lot of decent sized attachments flowing. The domain was once run in house on a SmarterMail server that died. At the time, a decision was made to move email off site and a Microsoft Hosted Exchange provider was chosen. If I were to take over the account on my server, a DELL 1950 III, 8GB RAM and currently or available storage space of at least 100GB operating in a professional Co-Lo center with a Windows 2008 r2 OpSys. It is the same machine you helped get operational over a year ago. It is the same machine which uses MBFs services. What I would desire is to run the email in parallel, if possible in order that I could get system setup and working before terminating the Microsoft Hosted Exchange services. I would need have all the email that resides on the MHEX available on the SmarterMail server. I would want a seamless cutover (The eternal but elusive wish for all IT related projects. Care to make any comments? Thanks Martin From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, December 04, 2015 8:33 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Hi Martin. Your rulebase will update automatically, but the Sniffer Engine will not. You will have to upgrade that using one of the links that I have provided. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, December 04, 2015 7:31 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Linda: Should I perform this process on the komailpro.com server or will ARM eventually update itself? Your last statement implies the update will naturally occur over a course of time. Dan Martin Margheim Independent PC Consultant ad...@kodot.com 727-365-3372 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, December 04, 2015 8:05 AM To: community@mailsbestfriend.com Subject: [MBF] Update on strange Message Sniffer issue Hi everyone. According to Arm Research's latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. They have not seen any significant events in their detection software since 9pm EST last evening. In the meantime, they have updated the SNF software to check for short-match events and treat them as rule-panic events. This renders them inert so that if this kind of rulebase corruption occurs again the SNF engine will be immune. Please update your SNF software to this latest version using the links below. NOTE: The Windows installer is in the process of being redesigned and does not have the latest software. This will take some time. If you are using SNF on Windows and use(d) the installer then use this procedure to update your software: * Stop your SNF service (usually XYNT Service based). * Copy your SNFServer.exe file to SNFServer.old * Download SNFServer-windows-7-prox32-3.1.0.exe (32 bit) or SNFServer-windows-7-prox64-3.1.0.exe (64 bit) and rename it to SNFServer.exe to replace your previous SNFServer.exe. * Start your SNF service. If you were using the 32 bit version (very likely) then replace it with the 32 bit version. There really isn't any difference, but just in case it's simpler to keep things the same. There is no benefit to running the 64 bit version -- It is not faster and is in fact less efficient due to the use of extra-large (64 bit) pointers that aren't necessary ;-) Some folks really want a 64 bit version, so we have one. Here are some links to upd
[MBF] Re: Update on strange Message Sniffer issue
Hi Martin. Your rulebase will update automatically, but the Sniffer Engine will not. You will have to upgrade that using one of the links that I have provided. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Friday, December 04, 2015 7:31 AM To: community@mailsbestfriend.com Subject: [MBF] Re: Update on strange Message Sniffer issue Linda: Should I perform this process on the komailpro.com server or will ARM eventually update itself? Your last statement implies the update will naturally occur over a course of time. Dan Martin Margheim Independent PC Consultant ad...@kodot.com 727-365-3372 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, December 04, 2015 8:05 AM To: community@mailsbestfriend.com Subject: [MBF] Update on strange Message Sniffer issue Hi everyone. According to Arm Research's latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. They have not seen any significant events in their detection software since 9pm EST last evening. In the meantime, they have updated the SNF software to check for short-match events and treat them as rule-panic events. This renders them inert so that if this kind of rulebase corruption occurs again the SNF engine will be immune. Please update your SNF software to this latest version using the links below. NOTE: The Windows installer is in the process of being redesigned and does not have the latest software. This will take some time. If you are using SNF on Windows and use(d) the installer then use this procedure to update your software: * Stop your SNF service (usually XYNT Service based). * Copy your SNFServer.exe file to SNFServer.old * Download SNFServer-windows-7-prox32-3.1.0.exe (32 bit) or SNFServer-windows-7-prox64-3.1.0.exe (64 bit) and rename it to SNFServer.exe to replace your previous SNFServer.exe. * Start your SNF service. If you were using the 32 bit version (very likely) then replace it with the 32 bit version. There really isn't any difference, but just in case it's simpler to keep things the same. There is no benefit to running the 64 bit version -- It is not faster and is in fact less efficient due to the use of extra-large (64 bit) pointers that aren't necessary ;-) Some folks really want a 64 bit version, so we have one. Here are some links to updated versions: http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox32-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox64-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/snf-server-3.1.0 .tar.gz http://www.armresearch.com/message-sniffer/download/updates/snf-milter-1.1.1 .tar.gz http://www.armresearch.com/message-sniffer/download/updates/SNFMultiSDK_Wind ows_3.2.zip And for the really adventurous: http://www.armresearch.com/message-sniffer/download/packages/ In the packages link you will find all of the latest snapshots and some old ones from Arm's LabRats. The LabRats compile and test SNF for all of the different platforms. You will find RPM and DEB packages as well as tarballs and even the windows stuff that's posted in the updates links above. Be sure to pick the latest version in all cases. It will take a bit of time before all of the ordinary links on Arm's web site are updated with the latest software, so please use the above links instead if you're going to update right now. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 703.988.3606 logo-1
[MBF] Update on strange Message Sniffer issue
Hi everyone. According to Arm Research's latest data, the Short-Match FP problem has subsided - most likely due to rule sequestration. They have not seen any significant events in their detection software since 9pm EST last evening. In the meantime, they have updated the SNF software to check for short-match events and treat them as rule-panic events. This renders them inert so that if this kind of rulebase corruption occurs again the SNF engine will be immune. Please update your SNF software to this latest version using the links below. NOTE: The Windows installer is in the process of being redesigned and does not have the latest software. This will take some time. If you are using SNF on Windows and use(d) the installer then use this procedure to update your software: * Stop your SNF service (usually XYNT Service based). * Copy your SNFServer.exe file to SNFServer.old * Download SNFServer-windows-7-prox32-3.1.0.exe (32 bit) or SNFServer-windows-7-prox64-3.1.0.exe (64 bit) and rename it to SNFServer.exe to replace your previous SNFServer.exe. * Start your SNF service. If you were using the 32 bit version (very likely) then replace it with the 32 bit version. There really isn't any difference, but just in case it's simpler to keep things the same. There is no benefit to running the 64 bit version -- It is not faster and is in fact less efficient due to the use of extra-large (64 bit) pointers that aren't necessary ;-) Some folks really want a 64 bit version, so we have one. Here are some links to updated versions: http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox32-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/SNFServer-window s-7-prox64-3.1.0.exe http://www.armresearch.com/message-sniffer/download/updates/snf-server-3.1.0 .tar.gz http://www.armresearch.com/message-sniffer/download/updates/snf-milter-1.1.1 .tar.gz http://www.armresearch.com/message-sniffer/download/updates/SNFMultiSDK_Wind ows_3.2.zip And for the really adventurous: http://www.armresearch.com/message-sniffer/download/packages/ In the packages link you will find all of the latest snapshots and some old ones from Arm's LabRats. The LabRats compile and test SNF for all of the different platforms. You will find RPM and DEB packages as well as tarballs and even the windows stuff that's posted in the updates links above. Be sure to pick the latest version in all cases. It will take a bit of time before all of the ordinary links on Arm's web site are updated with the latest software, so please use the above links instead if you're going to update right now. Thanks! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Strange Message Sniffer Anomaly Discovered and Fixed
Hi everyone. Earlier this week, we were seeing some intermittent corruption in some Message Sniffer rulebase updates. The problem has been resolved, but we wanted to explain the issue. Since Arm Research has made no changes to precipitate this and since it's only been reported by a few systems intermittently, it was a bit of a challenge to nail down. However, it has been Arm Research's top priority since it was discovered. Here is a list of what we know about the issue: * The problem appears to have started around Nov 29. * It is highly intermittent and random. * It causes some false positives. * You can identify a short-match event by looking at the index and endex of a rule match. If the difference is less than 5 then you have a short rule match. * You can mitigate the problem by temporarily putting the associated rule ID in your rule-panic list in your SNF configuration. (Visit the following link to learn how to create a rule-panic: http://know.mailsbestfriend.com/how_to_add_a_panic_rule_to_message_sniffer-8 28470693.shtml) * Normally the problem goes away on the next rulebase update. * Sometimes it doesn't go away but changes the associated rule ID. After much research and experimentation, Arm determined that some time on Nov 28th a corrupted rule entered the rulebase and caused the intermittent short-match problem. They have removed a group of rules surrounding that timeframe and have observed a 3 sigma drop in the rate of short-match events. This indicates that the problem is solved and not likely to return. Now that Arm knows this kind of event is possible (it's not supposed to be mathematically) they will be building a detection and mitigation strategy into the engine... just in case it does happen again. Once in two decades makes that seem unlikely. Arm will also be continuing their research on the sequestered rules to identify the one(s) that caused the problem and identify a way to prevent that recurring. In the meantime the detection mechanisms they used to monitor their experiments will remain in place so that if they do see any future events they we will be able to identify them much more quickly. If you have any questions about this issue, please let us know and we will be happy to help. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: smartermail website
Hi Daniel. I haven't had any issues today. You may want to clear your browser cache and try again. I know they have been making a lot of updates to their site lately. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Daniel Ivey Sent: Tuesday, November 24, 2015 3:27 PM To: community@mailsbestfriend.com Subject: [MBF] smartermail website Is anyone else having issues browsing to SmarterMail's website this afternoon? I was able to get to this morning but now cannot. Daniel # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Smartertools has modified the way SM 14x handles IMAP mailboxes
Good morning everyone. Smartertools has made a change in the way SM 14x handles IMAP mailboxes due to their added support for Outlook 2016. Please check out our KB article at the following link for details and possible changes that need to be made if applicable: http://know.mailsbestfriend.com/changes_in_the_way_smartermail_14x_handles_i map_accounts_due_to_support_for_outlook_2016-136363833.shtml If you have any questions, please feel free to contact us and we can help. Thanks! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: SNFserver crashing
Hi Carl. Please email directly with the RDP info for that server. I will hop on and take a look. Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Wednesday, November 04, 2015 11:32 AM To: community@mailsbestfriend.com Subject: [MBF] SNFserver crashing I had a server inadvertently power down and now that I reboot it, the SNFserver is crashing continuously. I had to shut it down. Any suggestions? J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 2:49 PM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Yes. You should always send them an email with any FP. Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 1:47 PM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer this worked. if I did this SNFclient.exe -drop do I also have to send them an email as per your first message? J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 10:37 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Carl, I wanted to add to this. Since your IP is on your local Sniffer truncate list, you will need to drop it from your list in order to clear your IP off of the list. Here is an article which explains how to do that: http://know.mailsbestfriend.com/how_to_drop_an_ip_from_the_gbudbtruncate_lis t--1143817730.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] Re: snifer catching emails from my domain
Hi Daniel. Are you saying that all email that gets sent to the domain is being tagged by Sniffer or is all email being sent from the domain being tagged? Either way, there is a way to stop this immediately until you can figure out the cause. Please see the following KB article: http://know.mailsbestfriend.com/how_to_add_a_panic_rule_to_message_sniffer-8 28470693.shtml The article will show you how to put a panic rule in place to stop Sniffer from tagging the messages as spam. Once you do that, see this article: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml That will show you what you need to do to submit an urgent false-positive report to Arm Research so they can assess the issue. If you have any other questions about this, please ask and I will do my best to help you. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Daniel Ivey Sent: Tuesday, November 03, 2015 8:33 AM To: community@mailsbestfriend.com Subject: [MBF] snifer catching emails from my domain Greetings, I have an Imail 8.22 server that is running the latest Declude with the integrated Message Sniffer. The single domain that is on this server is having all of its emails picked up as SPAM by Message Sniffer. Can someone tell me what the fix is for this? I have another identical mail server with a separate domain that is not having this issue. Thanks, Daniel # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: whitelist for sniffer
Yes. You should always send them an email with any FP. Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 1:47 PM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer this worked. if I did this SNFclient.exe -drop do I also have to send them an email as per your first message? J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 10:37 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Carl, I wanted to add to this. Since your IP is on your local Sniffer truncate list, you will need to drop it from your list in order to clear your IP off of the list. Here is an article which explains how to do that: http://know.mailsbestfriend.com/how_to_drop_an_ip_from_the_gbudbtruncate_lis t--1143817730.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] Re: whitelist for sniffer
Carl, I wanted to add to this. Since your IP is on your local Sniffer truncate list, you will need to drop it from your list in order to clear your IP off of the list. Here is an article which explains how to do that: http://know.mailsbestfriend.com/how_to_drop_an_ip_from_the_gbudbtruncate_lis t--1143817730.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 25, 2015 8:18 AM To: community@mailsbestfriend.com Subject: [MBF] Re: whitelist for sniffer Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] Re: whitelist for sniffer
Hi Carl. You should report all false-positives to Arm Research so they can assess the issue. Also, if this is an urgent or critical situation, you can add a panic rule to Sniffer to stop the problem immediately. The following articles will explain how to perform both procedures: http://know.mailsbestfriend.com/how_to_handle_urgent_message_sniffer_falsepo sitives-1858720502.shtml http://know.mailsbestfriend.com/message_sniffer_falsepositive_handling_proce ss--387103309.shtml Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Friday, September 25, 2015 5:52 AM To: community@mailsbestfriend.com Subject: [MBF] whitelist for sniffer Is there a way to add to a whitelist specifically for SNIFFER? A person with a mailbox named geo...@remaxottawa.com decided that a good password would be georgeremax would be a good password and was hacked. The hacker broadcast 3000 spams on Sep.23. I don't know how sniffer works but it seems now to dislike all 300 and is doing SNIFFER and SNIFFER-TRUNCATE for users at remaxottawa even though other blacklists don't seem to care. I would like to delist it from sniffer. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898
[MBF] What new features would you like to see in Declude?
Hi everyone. I just wanted to ping the community to ask what kind of features you would want to see within Declude that we don't already have? Looking forward to hearing what all of you have to say. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 703.988.3606 logo-1
[MBF] Re: Declude Log levels
Hi Marcus. I will speak with our team today to see what we can do for you. Thanks for your inquiry! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Markus Gufler | Limitis Sent: Friday, August 07, 2015 4:43 AM To: community@mailsbestfriend.com Subject: [MBF] Declude Log levels Linda I've placed this request already in the past 2 years (see attached conversion with David Barker) but will try it once again. Could you please consider re-introducing the old MID-Loglevel? Of course also as an additional MID+ if the change in the logdatails for MID made 2-3 years ago shouldn't be touched again. Up to now we're still on an very old version and would be happy to follow evolution, new functionality and also community feedback. Greetings from Italy Markus Gufler # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: Gauntlet not moving files back into spool
Nice workaround! I'm hoping to have a perm fix for you soon. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Thursday, August 06, 2015 2:24 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool What I am doing in the mean time is a simple little script. Runs every hour, moves anything in the Gauntlet folder to Gauntlet\OneHour folder then the next run moves anything in the OneHour folder into the Spool folder for reprocessing. May not be best, but functional. Delays to email will be between 1:59:59 to 59:59. -Original Message----- From: "Linda Pagillo" Sent: Thursday, July 30, 2015 2:40pm To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi everyone. I wanted to update you all on the answer to John's issue. After review, we found that the problem is happening because currently, Gauntlet does not recognize the Alligate file extensions (.dta and .ctl). I have spoken with our team and we will be including recognition of those extensions in our next release of Gauntlet which will resolve the issue for people using Alligate. I apologize, but I do not have an ETA as to when it will be available, but we will announce it here when it is released. Thanks for your patience. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Wednesday, July 29, 2015 1:55 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: "John Tolmachoff" Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' "C:\Interceptor\Alligate\declude\DRGOutflow.exe" "i=C:\Interceptor\Alligate\Spool\Gauntlet" "o=C:\Interceptor\Alligate\spool\proc" "d=60" ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queri
[MBF] Re: VIPRE AV
Play nice boys. Let's keep to the topic at hand... while this is an open forum, let's reserve ad hominems for places like reddit ;) Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Margheim Sent: Thursday, August 06, 2015 11:22 AM To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Very mature, intelligent, responsible and beneficial response. Of course, your credibility is established as the absolute, all knowing resource. Please, do not insult a meaningful community purpose with such commentary -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Tuesday, August 04, 2015 2:39 PM To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV ACK, Sunbelt, yuck patoooy help I need mouthwash now. Egotistical knowitall godsgifttosecurity. Quick, some one send me some mouthwash. No wait, make the PeptoBismal. I think I am going to throw up. -Original Message- From: "Martin Margheim" Sent: Tuesday, August 4, 2015 11:34am To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Probably better you call ThreatTrackSecurity and verify it has all that you want. VIPRE was created by Sunbelt Software who then sold to GFI who then released it back to a private company still located in ClearWater, Florida -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Tuesday, August 04, 2015 2:14 PM To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Is there a command line option? -Original Message- From: "Martin Margheim" Sent: Tuesday, August 4, 2015 10:14am To: community@mailsbestfriend.com Subject: [MBF] Re: VIPRE AV Yes Has always been AV of choice -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Tuesday, August 04, 2015 12:32 PM To: community@mailsbestfriend.com Subject: [MBF] VIPRE AV Anybody using VIPRE AV? John T eServices For You # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: Gauntlet not moving files back into spool
Hi everyone. I wanted to update you all on the answer to John's issue. After review, we found that the problem is happening because currently, Gauntlet does not recognize the Alligate file extensions (.dta and .ctl). I have spoken with our team and we will be including recognition of those extensions in our next release of Gauntlet which will resolve the issue for people using Alligate. I apologize, but I do not have an ETA as to when it will be available, but we will announce it here when it is released. Thanks for your patience. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Wednesday, July 29, 2015 1:55 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: "John Tolmachoff" Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' "C:\Interceptor\Alligate\declude\DRGOutflow.exe" "i=C:\Interceptor\Alligate\Spool\Gauntlet" "o=C:\Interceptor\Alligate\spool\proc" "d=60" ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: ISP-Yahoo and ISP-Hotmail
Hi Carl. Can you please post a full header from one of these messages? Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Wednesday, July 29, 2015 2:35 PM To: community@mailsbestfriend.com Subject: [MBF] ISP-Yahoo and ISP-Hotmail Hi. My filters for outbound senders/users do not seem to be working right and seem to be triggering ISP-Yahoo and ISP-Hotmail. Are these done by IP range? doesn't look that way. My system is triggering those filters even though the user is just connecting from a regular ISP (bell Canada fiber network). 142.167.200.21 Name:mctnnbsa51w-142167200021.pppoe-dynamic.high-speed.nb.bellaliant.net Address: 142.167.200.21 I think it must be some other unique phase in his email. I will likely just add him to the $default$.sender Thanks. Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Wednesday, July 29, 2015 2:55 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: "John Tolmachoff" Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' "C:\Interceptor\Alligate\declude\DRGOutflow.exe" "i=C:\Interceptor\Alligate\Spool\Gauntlet" "o=C:\Interceptor\Alligate\spool\proc" "d=60" ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: Gauntlet not moving files back into spool
Hi John. I apologize for the delay. Is there any way I can have RDP access to your server to check this out? If yes, please email me directly at linda.pagi...@mailsbestfriend.com with the credentials. Once I find the answer I will post it publicly to help other folks in the community. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3606 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of John Tolmachoff Sent: Wednesday, July 29, 2015 1:09 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Gauntlet not moving files back into spool Bueller? Bueller? -Original Message- From: "John Tolmachoff" Sent: Tuesday, July 28, 2015 1:21pm To: community@mailsbestfriend.com Subject: [MBF] Gauntlet not moving files back into spool I have just discovered that files (Alligate Gateway which is Imail server) being caught by the Declude Gauntlet test are never moved from the Gauntlet folder back to the spool. DRGOutflow.exe is running and I can see it checking the directory every minute using Process Monitor, but no action is ever taken. My configuration is such: (the command line is continuous, broken here for easy to read) [Process1] CommandLine= ' "C:\Interceptor\Alligate\declude\DRGOutflow.exe" "i=C:\Interceptor\Alligate\Spool\Gauntlet" "o=C:\Interceptor\Alligate\spool\proc" "d=60" ' PauseStart= 100 PauseEnd= 100 UserInterface = No Restart = Yes John T eServices For You # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Incorrect DKIM Hash Issue Resolved
Good day everyone. There was an issue reported to us a while back in reference to using DKIM in Smartermail while using Declude. It appeared that Declude was removing part of the message which caused DKIM signing to fail on the recipient's end, resulting in a "body hash did not verify" error in the message source/headers. As of this morning, we have a new build of the delcudeproc.exe that will resolve this issue. If you are having this issue, please let us know and we will provide you with the new build. Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com> www.mailsbestfriend.com Office: 703.988.3605 x7016 logo-1
[MBF] Re: Sniffer Feedback
Scott, the SNF-FEEDBACK account is there to collect messages to send to Arm Research so they can code rules for things that Sniffer hasn't picked up yet. The mailbox is being popped from this end, so there is nothing that you need to do with the account. You do not need to notify anyone to check it. I will make sure that it starts getting popped today. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Monday, November 03, 2014 10:23 AM To: community@mailsbestfriend.com Subject: [MBF] Sniffer Feedback Linda, When you tuned my system last week I see you added a test for Sniffer-Feedback and set it to forward messages to my mail server. I forgot about that until I got a message that my mailbox is full. Is this mailbox something I need to go through, or is it that I have not notified anyone they should be checking that mailbox?
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Thanks for the kind words, Mike. Yes, unfortunately, that is the only complaint we have had about the Gauntlet. the delay. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Thursday, October 30, 2014 10:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Linda and David are great. Worth every penny, always. I'd be interested in The Gauntlet, but my customers wouldn't tolerate that kind of delay at all. Sadly. - Michael Cummins From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 11:05 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Carl, my email address is linda.pagi...@mailsbestfriend.com. Thanks for the kind words, Chris! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Thursday, October 30, 2014 6:49 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns What's your email address these days Linda? I am interested. J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Carl, my email address is linda.pagi...@mailsbestfriend.com. Thanks for the kind words, Chris! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Thursday, October 30, 2014 6:49 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns What's your email address these days Linda? I am interested. J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 30, 2014 3:18 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: Thoughts on how to deal with the current SPAM campaigns
Hello everyone. I wanted to chime in here. We (MBF) actually have a utility for implementing exactly what Scott is proposing if anyone is interested in trying it. We call it The Gauntlet. Also, the following link has some additional information about how a program such as this works: http://www.lifeatwarp9.com/2012/06/gauntlet-a-solution-to-pre-tested-spam/. Please let me know if you have any questions about it. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 30, 2014 1:11 PM To: community@mailsbestfriend.com Subject: [MBF] Thoughts on how to deal with the current SPAM campaigns Here is a thought I have that may be effective on these zero-day SPAM campaigns. It does have a big drawback, but the users may be OK with it if it stops the SPAM. Here is my idea. I am going to say this is from my standpoint of using SmarterMail. The basic idea is to process each message through declude twice. Any message that declude did not whitelist or delete would be sent to a hold queue folder and after a set amount of time declude would rescan the message. The first time through declude the message would process and drop out of declude only if whitelisted, or deleted. The message would also be counted by reputation tests such as barracuda. Once the message is processed it would be put in a hold queue where it would set for a set amount of time (Say 30 min). The delay would give a chance for tests to identify SPAM campaigns. After the Queue delay has passed Declude will process the message again and take the normal action to the message when complete. Thoughts? SPAM Tests
[MBF] Re: FYI - Smartermail CSS issue with latest Chrome version
Hi Markus. If you are having the issue, the webmail login screen will look like the CSS formatting is missing. If you don't see the issue then you probably are not experiencing the problem. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Markus Gufler | Limitis Sent: Monday, October 27, 2014 2:59 AM To: community@mailsbestfriend.com Subject: [MBF] AW: FYI - Smartermail CSS issue with latest Chrome version Hi Thank you for this information. How does it look like? . because I can't see any problems here. Markus Von: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] Im Auftrag von Linda Pagillo Gesendet: Freitag, 24. Oktober 2014 18:55 An: community@mailsbestfriend.com Betreff: [MBF] FYI - Smartermail CSS issue with latest Chrome version Good afternoon everyone. There seems to be an issue with the newest version of Chrome (38.0.2125.104 m) and the way it displays the CSS in Smartermail Webmail for SSL sites. If you are experiencing this issue, we wanted you to know what we have contacted Smartertools support and reported it. They were able to replicate it. We tested with Chrome 38.0.2125.104 (without the m) and the problem does not occur. The problem also does not occur in Firefox or Internet Explorer. We wanted to give everyone a heads up that Smartertools development will be looking into the problem and releasing a fix. Unfortunately, we do not have an ETA as to when the fix will be available. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF
[MBF] Re: FYI - Smartermail CSS issue with latest Chrome version - UPDATE
I just received a call back from Smartertools support. They said that the issue is actually IIS related. To fix it, change the Smartermail Application Pool from Integrated to Classic. That fixed the issue for them and for us here at MBF. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, October 24, 2014 11:55 AM To: community@mailsbestfriend.com Subject: [MBF] FYI - Smartermail CSS issue with latest Chrome version Good afternoon everyone. There seems to be an issue with the newest version of Chrome (38.0.2125.104 m) and the way it displays the CSS in Smartermail Webmail for SSL sites. If you are experiencing this issue, we wanted you to know what we have contacted Smartertools support and reported it. They were able to replicate it. We tested with Chrome 38.0.2125.104 (without the m) and the problem does not occur. The problem also does not occur in Firefox or Internet Explorer. We wanted to give everyone a heads up that Smartertools development will be looking into the problem and releasing a fix. Unfortunately, we do not have an ETA as to when the fix will be available. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF
[MBF] FYI - Smartermail CSS issue with latest Chrome version
Good afternoon everyone. There seems to be an issue with the newest version of Chrome (38.0.2125.104 m) and the way it displays the CSS in Smartermail Webmail for SSL sites. If you are experiencing this issue, we wanted you to know what we have contacted Smartertools support and reported it. They were able to replicate it. We tested with Chrome 38.0.2125.104 (without the m) and the problem does not occur. The problem also does not occur in Firefox or Internet Explorer. We wanted to give everyone a heads up that Smartertools development will be looking into the problem and releasing a fix. Unfortunately, we do not have an ETA as to when the fix will be available. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF
[MBF] Strange Hotmail/Yahoo Issue
Hi everyone. I'm seeing something really strange and I'm wondering if any of you guys have seen this as well. Messages sent from one of my people (using Imail) to Hotmail accounts are being bounced with the 550 relaying denied error. When I check the logs I see this: 10:03 04:16 SMTP-(857d014d035eb158) Info - Found hotmail.com in DNS Cache 10:03 04:16 SMTP-(857d014d035eb158) Connect hotmail.com [63.250.192.46:25] (1) 10:03 04:16 SMTP-(857d014d035eb158) 220 mta1693.mail.gq1.yahoo.com ESMTP ready When I saw this, my first initial thought was that the DNS server my person is using with Imail is incorrectly caching information. As you can see, they are sending to a Hotmail email address, but it's trying to connect to a Yahoo server. After doing a few NSLookups using different DNS servers, I found that any DNS server I use to look up that IP resolves to that Yahoo server. I did a few tests on DNSStuff.com as well and I see that the IP does, in fact, belong to Yahoo, not Hotmail. Has anyone seen this and know why it's happening? To my knowledge, Hotmail and Yahoo aren't connected, but I could be mistaken. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF
[MBF] Re: why?
I just spit out my coffee in a fit of extreme laughter :D Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Thursday, September 11, 2014 12:40 PM To: community@mailsbestfriend.com Subject: [MBF] Re: why? What's wrong with comfortable bra's helping control underarm and side spillage from Russia ? I know of several Walmart shoppers that could benefit from such a product. David Barker Mail's Best Friend Email : <mailto:david.bar...@mailsbestfriend.com> david.bar...@mailsbestfriend.com Web : <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 866.919.2075 cid:image001.png@01CE2B2E.8B3E9EF0 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 1:04 PM To: community@mailsbestfriend.com Subject: [MBF] Re: why? My pleasure. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 11:53 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Thanks, I'll keep an eye on it. . Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 11:36 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Brian, you had a misconfiguration in your Declude global.cfg for the Sniffer tests. I fixed it. I also updated your Declude RBLs while I was in there. You should be all set. Please let me know if you see another message where you can see the Sniffer headers like this: X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f But you are unable to see Sniffer triggered in the Declude headers here: X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 11:28 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? It looks like Sniffer is triggering, but Declude is possibly not seeing it's score. I will log into your server now and have a look. Stand by. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 10:25 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? I understand my last question but what about this one? The subject line was "Comfortable bra helps control underarm and side spillage" Email from Russia for a bra gets through? Seems something isn't working to let this through. Date: Fri, 12 Sep 2014 07:01:54 -0700 X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f X-RBL-Warning: WEIGHT10: Weight of 13 reaches or exceeds the limit of 10. X-Declude-Sender: hen...@taffypull.amily.biz [93.158.215.198] X-Declude-Spoolname: 162627465.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.12.05 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [13] at 07:59:28 on 12 Sep 2014 X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] X-Country-Chain: RUSSIAN FEDERATION->destination X-Declude-Code: f X-HELO: amily.biz X-Identity: 93.158.215.198 | ionist.pw | taffypull.amily.biz X-Rcpt-To: X-SmarterMail-Spam: SPF_None, DK_None, DKIM_None, Declude: 13 X-SmarterMail-TotalSpamWeight: 13 Brian Thomforde <http://www.truck
[MBF] Re: why?
My pleasure. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 11:53 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Thanks, I'll keep an eye on it. . Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 11:36 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Brian, you had a misconfiguration in your Declude global.cfg for the Sniffer tests. I fixed it. I also updated your Declude RBLs while I was in there. You should be all set. Please let me know if you see another message where you can see the Sniffer headers like this: X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f But you are unable to see Sniffer triggered in the Declude headers here: X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 11:28 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? It looks like Sniffer is triggering, but Declude is possibly not seeing it's score. I will log into your server now and have a look. Stand by. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 10:25 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? I understand my last question but what about this one? The subject line was "Comfortable bra helps control underarm and side spillage" Email from Russia for a bra gets through? Seems something isn't working to let this through. Date: Fri, 12 Sep 2014 07:01:54 -0700 X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f X-RBL-Warning: WEIGHT10: Weight of 13 reaches or exceeds the limit of 10. X-Declude-Sender: hen...@taffypull.amily.biz [93.158.215.198] X-Declude-Spoolname: 162627465.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.12.05 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [13] at 07:59:28 on 12 Sep 2014 X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] X-Country-Chain: RUSSIAN FEDERATION->destination X-Declude-Code: f X-HELO: amily.biz X-Identity: 93.158.215.198 | ionist.pw | taffypull.amily.biz X-Rcpt-To: X-SmarterMail-Spam: SPF_None, DK_None, DKIM_None, Declude: 13 X-SmarterMail-TotalSpamWeight: 13 Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 7:10 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Good morning everyone. Dave is correct. This message made it through because it was whitelisted. I wanted to mention that Sniffer did not give this message a score of 55. The 55 that you see a Sniffer rule code, not the Sniffer score. Each test within Sniffer has a code. For example, the Sniffer code 55 is the "Malware & Scumware Greetings" code. For a full list of codes and their meanings, please see our KB article at the following link: http://know.mailsbestfriend.com/translation_table_for_sniffer_rule_codes-126 5292287.shtml Enjoy! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From
[MBF] Re: why?
Brian, you had a misconfiguration in your Declude global.cfg for the Sniffer tests. I fixed it. I also updated your Declude RBLs while I was in there. You should be all set. Please let me know if you see another message where you can see the Sniffer headers like this: X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f But you are unable to see Sniffer triggered in the Declude headers here: X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 11:28 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? It looks like Sniffer is triggering, but Declude is possibly not seeing it's score. I will log into your server now and have a look. Stand by. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 10:25 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? I understand my last question but what about this one? The subject line was "Comfortable bra helps control underarm and side spillage" Email from Russia for a bra gets through? Seems something isn't working to let this through. Date: Fri, 12 Sep 2014 07:01:54 -0700 X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f X-RBL-Warning: WEIGHT10: Weight of 13 reaches or exceeds the limit of 10. X-Declude-Sender: hen...@taffypull.amily.biz [93.158.215.198] X-Declude-Spoolname: 162627465.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.12.05 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [13] at 07:59:28 on 12 Sep 2014 X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] X-Country-Chain: RUSSIAN FEDERATION->destination X-Declude-Code: f X-HELO: amily.biz X-Identity: 93.158.215.198 | ionist.pw | taffypull.amily.biz X-Rcpt-To: X-SmarterMail-Spam: SPF_None, DK_None, DKIM_None, Declude: 13 X-SmarterMail-TotalSpamWeight: 13 Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 7:10 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Good morning everyone. Dave is correct. This message made it through because it was whitelisted. I wanted to mention that Sniffer did not give this message a score of 55. The 55 that you see a Sniffer rule code, not the Sniffer score. Each test within Sniffer has a code. For example, the Sniffer code 55 is the "Malware & Scumware Greetings" code. For a full list of codes and their meanings, please see our KB article at the following link: http://know.mailsbestfriend.com/translation_table_for_sniffer_rule_codes-126 5292287.shtml Enjoy! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 6:46 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Not sure how I missed the whitelist part. Thanks Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Friday, September 12, 2014 6:36 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? X-Declude-Tests: Whitelisted _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Fri
[MBF] Re: why?
It looks like Sniffer is triggering, but Declude is possibly not seeing it's score. I will log into your server now and have a look. Stand by. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 10:25 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? I understand my last question but what about this one? The subject line was "Comfortable bra helps control underarm and side spillage" Email from Russia for a bra gets through? Seems something isn't working to let this through. Date: Fri, 12 Sep 2014 07:01:54 -0700 X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627465.eml X-GBUdb-Analysis: 0, 93.158.215.198, Ugly c=0.071429 p=1 Source Caution X-MessageSniffer-Scan-Result: 60 X-MessageSniffer-Rules: 60-6494781-223-288-m 60-6563726-289-308-m 60-6549759-290-308-m 62-5573565-1219-1384-m 60-6494781-0-24503-f X-RBL-Warning: WEIGHT10: Weight of 13 reaches or exceeds the limit of 10. X-Declude-Sender: hen...@taffypull.amily.biz [93.158.215.198] X-Declude-Spoolname: 162627465.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.12.05 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [13] at 07:59:28 on 12 Sep 2014 X-Declude-Tests: SUBCHARS-55 [1], SIZE-300K [-3], FROMNOMATCH [2], FILTER_COUNTRY [8], FILTER-SPAM [5] X-Country-Chain: RUSSIAN FEDERATION->destination X-Declude-Code: f X-HELO: amily.biz X-Identity: 93.158.215.198 | ionist.pw | taffypull.amily.biz X-Rcpt-To: X-SmarterMail-Spam: SPF_None, DK_None, DKIM_None, Declude: 13 X-SmarterMail-TotalSpamWeight: 13 Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Friday, September 12, 2014 7:10 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Good morning everyone. Dave is correct. This message made it through because it was whitelisted. I wanted to mention that Sniffer did not give this message a score of 55. The 55 that you see a Sniffer rule code, not the Sniffer score. Each test within Sniffer has a code. For example, the Sniffer code 55 is the "Malware & Scumware Greetings" code. For a full list of codes and their meanings, please see our KB article at the following link: http://know.mailsbestfriend.com/translation_table_for_sniffer_rule_codes-126 5292287.shtml Enjoy! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 6:46 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Not sure how I missed the whitelist part. Thanks Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Friday, September 12, 2014 6:36 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? X-Declude-Tests: Whitelisted _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 6:32 AM To: community@mailsbestfriend.com Subject: [MBF] why? Why did this message get through? Sniffer gave it a 55 shouldn't that have sent it to spam? X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627262.eml X-GBUdb-Analysis: 0, 193.251.43.135, Ugly c=0 p=0 Source New X-MessageSniffer-Scan-Result: 55 X-MessageSniffer-Rules: 55-6094186-2315-2530-m 55-6031201-1411-2530-m 55-6035994-1410-2530-m 55-6094186-2315-10980-m 55-6031201-1411-10980-m 55-6035994-1410-10980-m 55-6035994-1410-11637-m 55-6031201-1411-11637-m 55-6094186-2315-11637-m 55-6094186-0-15147-f X-Declude-Sender: tendon...@qa3.com [193.251.43.135] X-Declude-Spoolname: 162627262.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.12.05 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [0] at 04:23:57 on 12 Sep 2014 X-Declude-Tests: Whitelisted X-Country-Chain: UNITED KINGDOM->FRANCE->destination X-Declude-Code: 1f X-HELO: LCaen-656-01-28-135.w193-251.abo.wanadoo.fr X-Identity: 193.251.43.135 | LCaen-656-01-28
[MBF] Re: why?
Good morning everyone. Dave is correct. This message made it through because it was whitelisted. I wanted to mention that Sniffer did not give this message a score of 55. The 55 that you see a Sniffer rule code, not the Sniffer score. Each test within Sniffer has a code. For example, the Sniffer code 55 is the "Malware & Scumware Greetings" code. For a full list of codes and their meanings, please see our KB article at the following link: http://know.mailsbestfriend.com/translation_table_for_sniffer_rule_codes-126 5292287.shtml Enjoy! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 6:46 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? Not sure how I missed the whitelist part. Thanks Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Friday, September 12, 2014 6:36 AM To: community@mailsbestfriend.com Subject: [MBF] Re: why? X-Declude-Tests: Whitelisted _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Friday, September 12, 2014 6:32 AM To: community@mailsbestfriend.com Subject: [MBF] why? Why did this message get through? Sniffer gave it a 55 shouldn't that have sent it to spam? X-MessageSniffer-Identifier: m:\SmarterMail\Spool\proc\work\162627262.eml X-GBUdb-Analysis: 0, 193.251.43.135, Ugly c=0 p=0 Source New X-MessageSniffer-Scan-Result: 55 X-MessageSniffer-Rules: 55-6094186-2315-2530-m 55-6031201-1411-2530-m 55-6035994-1410-2530-m 55-6094186-2315-10980-m 55-6031201-1411-10980-m 55-6035994-1410-10980-m 55-6035994-1410-11637-m 55-6031201-1411-11637-m 55-6094186-2315-11637-m 55-6094186-0-15147-f X-Declude-Sender: tendon...@qa3.com [193.251.43.135] X-Declude-Spoolname: 162627262.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.12.05 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [0] at 04:23:57 on 12 Sep 2014 X-Declude-Tests: Whitelisted X-Country-Chain: UNITED KINGDOM->FRANCE->destination X-Declude-Code: 1f X-HELO: LCaen-656-01-28-135.w193-251.abo.wanadoo.fr X-Identity: 193.251.43.135 | LCaen-656-01-28-135.w193-251.abo.wanadoo.fr | qa3.com X-Rcpt-To: X-SmarterMail-Spam: SPF_None, DK_None, DKIM_None, Declude: 0 X-SmarterMail-TotalSpamWeight: 0 Brian Thomforde <http://www.truckdriver.com/> http://www.truckdriver.com "Smarter Drivers...Better Jobs" Providing excellence in Internet recruiting since 1996 763-444-8998 x201
[MBF] Re: Smartermail issues with latest Firefox update.
Thanks Scott. It worked for me on both SmarterTrack 10.1 and Smartermail 12.1. Smartetools says they will have a true fix tomorrow. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Jibben Sent: Thursday, July 24, 2014 3:12 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Smartermail issues with latest Firefox update. SmarterTools is aware of this problem and will be releasing a fix. Read this forum post to learn how to fix this Firefox v31 issue if you don't want to wait for the patch: http://forums.smartertools.com/threads/firefox-31-issue-with-popup-windows-m ail-and-stats.42522/ I followed the instructions and it works on SM 12.3. sj Scott Jibben <http://runspot.net/> RunSpot [email] sc...@runspot.net [web] http://runspot.net <http://runspot.net/> [voice] 763.551.2510 [toll free] 866.635.7299 On 7/24/2014 10:49 AM, Linda Pagillo wrote: Hi Scott. I'm seeing the same issue with SmarterTrack this morning. My Firefox updated and the problems started. The scrolling function is also not working correctly. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com> www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com [ <mailto:community@mailsbestfriend.com> mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, July 24, 2014 10:38 AM To: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com Subject: [MBF] Smartermail issues with latest Firefox update. FYI: I am running Smartermail 11.7 and got a call today from one of my users stating that the new message window pop-up can not be resized and is too small to see the body of the message. He confirmed the problem existed on both the Mac and Windows versions of the Firefox browser. I upgraded my copy of Firefox and was able to recreate the problem as well. I am guessing something new in Firefox 31.0
[MBF] Re: Smartermail issues with latest Firefox update.
Hi Scott. I'm seeing the same issue with SmarterTrack this morning. My Firefox updated and the problems started. The scrolling function is also not working correctly. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, July 24, 2014 10:38 AM To: community@mailsbestfriend.com Subject: [MBF] Smartermail issues with latest Firefox update. FYI: I am running Smartermail 11.7 and got a call today from one of my users stating that the new message window pop-up can not be resized and is too small to see the body of the message. He confirmed the problem existed on both the Mac and Windows versions of the Firefox browser. I upgraded my copy of Firefox and was able to recreate the problem as well. I am guessing something new in Firefox 31.0
[MBF] Re: When Whitelisting Happens
My pleasure! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Thursday, July 03, 2014 12:33 PM To: community@mailsbestfriend.com Subject: [MBF] Re: When Whitelisting Happens Good to know, thanks! I found my whitelisted item. I had previously whitelisted the google APIs. Now apparently the Google APIs are sending spam. -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, July 03, 2014 1:27 PM To: community@mailsbestfriend.com Subject: [MBF] Re: When Whitelisting Happens Hi Michael. If you open your global.cfg you will see a directive called XWHITELIST towards the top of the file. Uncomment it and switch it to ON. Once you do that, an XWHITELIST header will be added to any email that is whitelisted by Declude and there will be a description telling you why it was whitelisted. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Thursday, July 03, 2014 11:45 AM To: community@mailsbestfriend.com Subject: [MBF] When Whitelisting Happens I have a piece of mail that I see in the SmarterMail SMTP log, then in the SmarterMail delivery log, but not in the Declude SPAM log. The recipient's mail headers say it was whitelisted. My LogLevel in global.cfg is MID. Is MID not high enough to record whitelisting? I'm trying to figure out why this was whitelisted, and where. Thanks! - Michael Cummins # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: When Whitelisting Happens
Hi Michael. If you open your global.cfg you will see a directive called XWHITELIST towards the top of the file. Uncomment it and switch it to ON. Once you do that, an XWHITELIST header will be added to any email that is whitelisted by Declude and there will be a description telling you why it was whitelisted. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Thursday, July 03, 2014 11:45 AM To: community@mailsbestfriend.com Subject: [MBF] When Whitelisting Happens I have a piece of mail that I see in the SmarterMail SMTP log, then in the SmarterMail delivery log, but not in the Declude SPAM log. The recipient's mail headers say it was whitelisted. My LogLevel in global.cfg is MID. Is MID not high enough to record whitelisting? I'm trying to figure out why this was whitelisted, and where. Thanks! - Michael Cummins # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF] Re: Hijack activation
You're welcome. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Darin Cox Sent: Friday, May 30, 2014 6:08 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Hijack activation Hi Linda, Thanks. I thought I remembered an issue that prevented using the newer versions of Declude on IMail 8.22. We'll try the upgrade and go from there. Much appreciated! Darin. -Original Message----- From: Linda Pagillo Sent: Friday, May 30, 2014 7:01 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Hijack activation HI Darin. You can use the newest version of Declude on any version of Imail. My suggestion would be to upgrade. That way you can get all of the features of Hijack. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Darin Cox Sent: Friday, May 30, 2014 5:10 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Hijack activation Hi Martin, The problem is we don't have an activation code for it. Also, my understanding is we can't upgrade that server to the latest Declude since that server is running IMail 8.22. So we're back to how to obtain an activation code for Hijack with Declude Pro 1.82/IMail 8.22. Darin. -Original Message- From: Martin Schaible Sent: Friday, May 30, 2014 5:50 PM To: community@mailsbestfriend.com Subject: [MBF] AW: Hijack activation Usualy you have to rename hijack.cfg.off to hijack.cfg. Before you do this, you should think about the configuration of hijack. I have set it to this values: LOGLEVEL HIGH #Send out notification using HijackNotify.eml when HiJack Threshold 2 reached HIJNOTIFY ON # The following options -- RELAYTHRESHOLD1 and RELAYTHRESHOLD2 -- determine the two threshold levels. # RELAYTHRESHOLD1 determines how many E-mails someone can send out before their mail is held temporarily. # RELAYTHRESHOLD2 determines how many E-mails someone can send out before their mail is held permanently (a spammer). # # The first number indicates the time period in MINUTES, and the second number indicates the number of outgoing E-mails # that can be sent out in the time period. For example, "RELAYTHRESHOLD1 10 20" would allow the user to send out 20 # E-mails in 10 minutes before his mail was held temporarily. RELAYTHRESHOLD1 10 50 RELAYTHRESHOLD2 30 100 If possible, I would recommend to update Declude to its latest (free) edition. It's done in 5 minutes. Freundliche Grüsse -- netfusion GmbH | Martin Schaible Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland Tel.: +41 44 391 30 00 E-Mail: mar...@netfusion.ch Internet: www.netfusion.ch | wiki.netfusion.ch Helpdesk: helpdesk.netfusion.ch Wird sind auch auf Facebook präsent: www.facebook.com/NetfusionGmbH -- -Ursprüngliche Nachricht- Von: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] Im Auftrag von Darin Cox Gesendet: Freitag, 30. Mai 2014 23:26 An: community@mailsbestfriend.com Betreff: [MBF] Hijack activation Anyone know what is needed to activate Hijack? We have a server with an older instance of Declude Pro (v1.82) on IMail 8.22 that needs Hijack activated to alleviate a problem with occasional hacked email accounts. We could write a utility to monitor and handle this, but it would be a lot easier if we could just activate Hijack. Appreciate it, Darin. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the IND
[MBF] Re: Hijack activation
HI Darin. You can use the newest version of Declude on any version of Imail. My suggestion would be to upgrade. That way you can get all of the features of Hijack. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Darin Cox Sent: Friday, May 30, 2014 5:10 PM To: community@mailsbestfriend.com Subject: [MBF] Re: Hijack activation Hi Martin, The problem is we don't have an activation code for it. Also, my understanding is we can't upgrade that server to the latest Declude since that server is running IMail 8.22. So we're back to how to obtain an activation code for Hijack with Declude Pro 1.82/IMail 8.22. Darin. -Original Message- From: Martin Schaible Sent: Friday, May 30, 2014 5:50 PM To: community@mailsbestfriend.com Subject: [MBF] AW: Hijack activation Usualy you have to rename hijack.cfg.off to hijack.cfg. Before you do this, you should think about the configuration of hijack. I have set it to this values: LOGLEVEL HIGH #Send out notification using HijackNotify.eml when HiJack Threshold 2 reached HIJNOTIFY ON # The following options -- RELAYTHRESHOLD1 and RELAYTHRESHOLD2 -- determine the two threshold levels. # RELAYTHRESHOLD1 determines how many E-mails someone can send out before their mail is held temporarily. # RELAYTHRESHOLD2 determines how many E-mails someone can send out before their mail is held permanently (a spammer). # # The first number indicates the time period in MINUTES, and the second number indicates the number of outgoing E-mails # that can be sent out in the time period. For example, "RELAYTHRESHOLD1 10 20" would allow the user to send out 20 # E-mails in 10 minutes before his mail was held temporarily. RELAYTHRESHOLD1 10 50 RELAYTHRESHOLD2 30 100 If possible, I would recommend to update Declude to its latest (free) edition. It's done in 5 minutes. Freundliche Grüsse -- netfusion GmbH | Martin Schaible Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland Tel.: +41 44 391 30 00 E-Mail: mar...@netfusion.ch Internet: www.netfusion.ch | wiki.netfusion.ch Helpdesk: helpdesk.netfusion.ch Wird sind auch auf Facebook präsent: www.facebook.com/NetfusionGmbH -- -Ursprüngliche Nachricht- Von: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] Im Auftrag von Darin Cox Gesendet: Freitag, 30. Mai 2014 23:26 An: community@mailsbestfriend.com Betreff: [MBF] Hijack activation Anyone know what is needed to activate Hijack? We have a server with an older instance of Declude Pro (v1.82) on IMail 8.22 that needs Hijack activated to alleviate a problem with occasional hacked email accounts. We could write a utility to monitor and handle this, but it would be a lot easier if we could just activate Hijack. Appreciate it, Darin. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Information - Possible Smartermail Upgrade Issue When Upgrading From A Version Prior To 7 To A Newer Version
Hello everyone. We have discovered that some folks have a file structure issue when trying to upgrade from a Smartermail version prior to 7, to one of the newer versions such as 10, 11 or 12. If you are planning an upgrade from a version prior to 7, such as 5, please check out our following KB article for important information prior to upgrading: http://know.mailsbestfriend.com/file_structure_issue_when_trying_to_upgrade_ from_sm_5_to_sm_12--1139875205.shtml Hopefully this will save you a lot of frustration and time. Enjoy! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF <>
[MBF]Re: Great number of hijacked accounts last few days
Also everyone. we put together a great paper for our KB on how to prevent/handle compromised accounts. All of you should check it out because it's very helpful. You can find it here: http://know.mailsbestfriend.com/papers/Handling-Compromised-Accounts.shtml Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, February 26, 2014 1:28 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days Make sure you are running the latest version of Declude 4.12.05 it has some improvements with the Hijack as well as make sure you use the HIJADDR ON is used in the hijack.cfg From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Wednesday, February 26, 2014 2:17 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days Now NINE. Four different domains. The originating IP's are all foreign - and lots of them. In fact, they are changing spoofed IP's after just a few messages, so Declude hijack isn't working as well as HAMR, since it is IP based, but it has pegged 2 of the 9 while HAMR has done its thing on all nine so far. So, while I'm suggesting that clients run independent scans just as general good practice, I don't suspect infected customer computers. I am certainly advising that that password is compromised and that if it is used for other accounts, those accounts need to be changed as well and urging them to not use the same password for everything, but, as you are all quite well aware, people are very resistant to that idea. They don't get that making it easy for themselves also makes it easy for the bad guys. <http://www.centric.net/> centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, February 26, 2014 11:58 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days Sometimes the problem is that a user's computer is infected by a virus which then has access to the mail client in which case the password is irrelevant to the conversation. From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Wednesday, February 26, 2014 1:49 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days We are seeing a 3 to 4 fold increase in spam in the last months and a few hijacked accounts, almost one a day, where they seem to magically know the password. Someone suggested I'ts because they have hacked Linked-in, adobe, target and other database in recent months. People have to use different passwords for every system! Carl J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Wednesday, February 26, 2014 1:40 PM To: community@mailsbestfriend.com Subject: [MBF]Great number of hijacked accounts last few days We have had EIGHT hijacked accounts in the last two days. For us, that's a great many. Imail HAMR and Declude hijack have been doing their jobs, for which I am very grateful. Is anyone else seeing an increase in hijacked accounts the last couple days, or are they just picking on us? <http://www.centric.net/> centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 <><>
[MBF]Re: Great number of hijacked accounts last few days
Katie, if you add the following directive to your Hijack.cfg file, you can have Hijack count by authenticated address rather than IP. It's called HIJADDR ON. This will help Hijack to catch the spammers regardless of IP. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Wednesday, February 26, 2014 1:17 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days Now NINE. Four different domains. The originating IP's are all foreign - and lots of them. In fact, they are changing spoofed IP's after just a few messages, so Declude hijack isn't working as well as HAMR, since it is IP based, but it has pegged 2 of the 9 while HAMR has done its thing on all nine so far. So, while I'm suggesting that clients run independent scans just as general good practice, I don't suspect infected customer computers. I am certainly advising that that password is compromised and that if it is used for other accounts, those accounts need to be changed as well and urging them to not use the same password for everything, but, as you are all quite well aware, people are very resistant to that idea. They don't get that making it easy for themselves also makes it easy for the bad guys. <http://www.centric.net/> centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, February 26, 2014 11:58 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days Sometimes the problem is that a user's computer is infected by a virus which then has access to the mail client in which case the password is irrelevant to the conversation. From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Wednesday, February 26, 2014 1:49 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Great number of hijacked accounts last few days We are seeing a 3 to 4 fold increase in spam in the last months and a few hijacked accounts, almost one a day, where they seem to magically know the password. Someone suggested I'ts because they have hacked Linked-in, adobe, target and other database in recent months. People have to use different passwords for every system! Carl J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:jcwa...@entrenet.com> jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Wednesday, February 26, 2014 1:40 PM To: community@mailsbestfriend.com Subject: [MBF]Great number of hijacked accounts last few days We have had EIGHT hijacked accounts in the last two days. For us, that's a great many. Imail HAMR and Declude hijack have been doing their jobs, for which I am very grateful. Is anyone else seeing an increase in hijacked accounts the last couple days, or are they just picking on us? <http://www.centric.net/> centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 <><>
[MBF]Re: SmarterMail exploit
If you are already using Hijack, it should be preventing mass spam messages from leaving your server. Just make sure your thresholds are low enough. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Noah Sent: Monday, February 24, 2014 8:28 AM To: community@mailsbestfriend.com Subject: [MBF]Re: SmarterMail exploit Hi Linda, How does HiJack stop it? Do we need to add a rule to it, or is it already catching them? Thanks, Noah Duarte n...@resposio.com -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Monday, February 24, 2014 8:57 AM To: community@mailsbestfriend.com Subject: [MBF]Re: SmarterMail exploit Thanks for the heads-up Gary. I just chimed in on the forum thread letting people know that they can get Declude from us for free if they wanted a temp solution until ST can assess and fix the issue if needed. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Gary Steiner Sent: Monday, February 24, 2014 7:16 AM To: community@mailsbestfriend.com Subject: [MBF]SmarterMail exploit SmarterMail admins should be following this thread on the SmarterMail forums: http://forums.smartertools.com/threads/spammers-authenticating-once.41207/ There seems to be a new spamming attack that somehow allows the spammer to bypass authentication and somehow exploit a user account to send spam. The problem is it is very subtle and may not be noticeable to an administrator right away. SmarterTools shuts down over the weekend, so they may not even be aware of the problem yet. Declude seems to be a decent tool for catching this problem, but only if you have your outbound spamchecks configured for it. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: SmarterMail exploit
Thanks for the heads-up Gary. I just chimed in on the forum thread letting people know that they can get Declude from us for free if they wanted a temp solution until ST can assess and fix the issue if needed. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Gary Steiner Sent: Monday, February 24, 2014 7:16 AM To: community@mailsbestfriend.com Subject: [MBF]SmarterMail exploit SmarterMail admins should be following this thread on the SmarterMail forums: http://forums.smartertools.com/threads/spammers-authenticating-once.41207/ There seems to be a new spamming attack that somehow allows the spammer to bypass authentication and somehow exploit a user account to send spam. The problem is it is very subtle and may not be noticeable to an administrator right away. SmarterTools shuts down over the weekend, so they may not even be aware of the problem yet. Declude seems to be a decent tool for catching this problem, but only if you have your outbound spamchecks configured for it. # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: SmarterMail 12
HI Mike. Yes, you can use Declude. There are no known issues so far. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Tuesday, February 18, 2014 3:05 PM To: community@mailsbestfriend.com Subject: [MBF]SmarterMail 12 They've released SM12 now ; can we still use Declude with it? Anything we should be aware of? <>
[MBF]Re: 553 Message refused
What outgoing server are you using in Outlook? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Alejandro de los Rios Sent: Monday, January 13, 2014 8:35 AM To: community@mailsbestfriend.com Subject: [MBF]Re: 553 Message refused Hi Linda, thanks for the info, but the mail is not relaying because was sent to another user in the same domain , the same server and it is happening with outlook 2010. Cordialmente, Alejandro de los Rios Gerente de Tecnologia <mailto:alejan...@pandacons.com> alejan...@pandacons.com Carrera 49B No. 93 - 94 PBX: (+571) 533 3100 FAX: (+571) 533 3107 Bogotá - Colombia Descripción: Descripción: Descripción: Descripción: cid:image001.png@01CC6991.6B2E69C0 Descripción: Descripción: Descripción: Descripción: cid:image002.png@01CC6991.6B2E69C0 "La información contenida en este correo y sus anexos es confidencial y solo puede ser utilizada por la persona o empresa a la cual está dirigida. Si usted no es el receptor autorizado, cualquier retención, difusión, distribución o copia de este correo es prohibida y sancionada por la ley. Si por error recibe este correo, por favor reenviarlo al remitente de PANDA CONSULTING S.A. y/o borrar el correo inmediatamente. Esta información es propiedad de PANDA CONSULTING S.A. toda distribución o copia de este documento sin la autorización expresa de PANDA CONSULTING S.A. es prohibida y sancionada por la ley." Descripción: Descripción: Descripción: Descripción: Descripción: Descripción: http://calijaz.files.wordpress.com/2010/08/iso_9001-2008.jpg From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, January 09, 2014 9:54 PM To: community@mailsbestfriend.com Subject: [MBF]Re: 553 Message refused Hi Alejandro. Check out the following article. It may help you to understand what is happening: <http://office.microsoft.com/en-ca/outlook-help/troubleshoot-550-553-and-rel ay-prohibited-errors-HA001112833.aspx> http://office.microsoft.com/en-ca/outlook-help/troubleshoot-550-553-and-rela y-prohibited-errors-HA001112833.aspx Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com> www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com [ <mailto:community@mailsbestfriend.com> mailto:community@mailsbestfriend.com] On Behalf Of Alejandro de los Rios Sent: Thursday, January 09, 2014 7:24 PM To: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com Subject: [MBF]553 Message refused Hi we are experiencing some problems with calendar appointments sent by Outlook with some customers, the error is the following: Some of the recipients did not receive your message. Asunto: Apalita - cita cirujano cabeza y cuello Enviado el: 09/01/2014 05:51 p.m. Unable to locate the following recipients: 'hugo.sa...@inter-consultant.com' en 09/01/2014 05:51 p.m. 553 Message refused Is an intradomain email. Nothing in logs, only the sent mail in SMTP but nothing in delivery. Server: 2 x Xeon QuadCore 2.2 8 GB RAM 2x80 GB SAS RAID1 for OS, 4x400 RAID10 for Data Windows 2008R2 Smartermail 11.7 Client: Outlook 2010 Cordialmente, Alejandro de los Rios Gerente de Tecnologia <mailto:alejan...@pandacons.com> alejan...@pandacons.com Carrera 49B No. 93 - 94 PBX: (+571) 533 3100 FAX: (+571) 533 3107 Bogotá - Colombia Descripción: Descripción: Descripción: Descripción: cid:image001.png@01CC6991.6B2E69C0 Descripción: Descripción: Descripción: Descripción: cid:image002.png@01CC6991.6B2E69C0 "La información contenida en este correo y sus anexos es confidencial y solo puede ser utilizada por la persona o empresa a la cual está dirigida. Si usted no es el receptor autorizado, cualquier retención, difusión, distribución o copia de este correo es prohibida y sancionada por la ley. Si por error recibe este correo, por favor reenviarlo al remitente de PANDA CONSULTING S.A. y/o borrar el correo inmediatamente. Esta información es propiedad de PANDA CONSULTING S.A. toda distribución o copia de este documento sin la autorización expresa de PANDA CONSULTING S.A. es prohibida y sancionada por la ley." Descripción: Descripción: Descripción: Descripción: Descripción: Descripción: http://calijaz.files.wordpress.com/2010/08/iso_9001-2008.jpg <><><><>
[MBF]Re: 553 Message refused
Hi Alejandro. Check out the following article. It may help you to understand what is happening: http://office.microsoft.com/en-ca/outlook-help/troubleshoot-550-553-and-rela y-prohibited-errors-HA001112833.aspx Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Alejandro de los Rios Sent: Thursday, January 09, 2014 7:24 PM To: community@mailsbestfriend.com Subject: [MBF]553 Message refused Hi we are experiencing some problems with calendar appointments sent by Outlook with some customers, the error is the following: Some of the recipients did not receive your message. Asunto: Apalita - cita cirujano cabeza y cuello Enviado el: 09/01/2014 05:51 p.m. Unable to locate the following recipients: 'hugo.sa...@inter-consultant.com' en 09/01/2014 05:51 p.m. 553 Message refused Is an intradomain email. Nothing in logs, only the sent mail in SMTP but nothing in delivery. Server: 2 x Xeon QuadCore 2.2 8 GB RAM 2x80 GB SAS RAID1 for OS, 4x400 RAID10 for Data Windows 2008R2 Smartermail 11.7 Client: Outlook 2010 Cordialmente, Alejandro de los Rios Gerente de Tecnologia <mailto:alejan...@pandacons.com> alejan...@pandacons.com Carrera 49B No. 93 - 94 PBX: (+571) 533 3100 FAX: (+571) 533 3107 Bogotá - Colombia Descripción: Descripción: Descripción: Descripción: cid:image001.png@01CC6991.6B2E69C0 Descripción: Descripción: Descripción: Descripción: cid:image002.png@01CC6991.6B2E69C0 "La información contenida en este correo y sus anexos es confidencial y solo puede ser utilizada por la persona o empresa a la cual está dirigida. Si usted no es el receptor autorizado, cualquier retención, difusión, distribución o copia de este correo es prohibida y sancionada por la ley. Si por error recibe este correo, por favor reenviarlo al remitente de PANDA CONSULTING S.A. y/o borrar el correo inmediatamente. Esta información es propiedad de PANDA CONSULTING S.A. toda distribución o copia de este documento sin la autorización expresa de PANDA CONSULTING S.A. es prohibida y sancionada por la ley." Descripción: Descripción: Descripción: Descripción: Descripción: Descripción: http://calijaz.files.wordpress.com/2010/08/iso_9001-2008.jpg <><><><>
[MBF]Re: URIBL-BLACK
Yes, it is a mistake. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Martin Schaible (netfusion GmbH)) Sent: Monday, December 30, 2013 2:11 PM To: community@mailsbestfriend.com Subject: [MBF]URIBL-BLACK Hello Actually im comparing my global.cfg with the master file of MBF. I found out that URIBL-BLACK is listed twice with the same parameters. Is that a mistake? Freundliche Grüsse --- netfusion GmbH | Martin Schaible Mittelfeldstrasse 27 | CH-8700 Küsnacht | Switzerland Tel.: +41 44 391 30 00 E-Mail: mar...@netfusion.ch | www.netfusion.ch Wird sind nun auch auf Facebook präsent: www.facebook.com/NetfusionGmbH --- <>
[MBF]Re: Testing Email system
You can send yourself the Ecair: http://www.eicar.org/86-0-Intended-use.html Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Tuesday, November 12, 2013 11:56 AM To: community@mailsbestfriend.com Subject: [MBF]Testing Email system Declude back in the day had a test to send the ecair virus to test an email server. What is available for us to use today? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Working on using NOD32 as a scanner for Declude
Try uninstalling NOD and reinstalling it in a directory with no spaces. Such as C:\NOD and see if that helps. A little unconventional, I know, but it would be a good test. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 6:29 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude BLANK for that directory mean it does not know what to do. -Original Message- From: "Andy Schmidt" Sent: Monday, November 11, 2013 4:19pm To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude John, Rather than guessing, just use the command link "DIR" command with the /X option. Start at the C: drive and then work your way through the two subfolders. The /X option will tell you the 8.3 "MSDOS" style name for each folder/file. Best Regards, Andy -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 6:45 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude Did not work. Your virus scanner DOES NOT EXIST (at C:\Progra~1\ESETNO~1\ecls.exe # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Working on using NOD32 as a scanner for Declude
If you have a 64-bit system, try Progra~2 instead of ~1 Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 5:45 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude Did not work. Your virus scanner DOES NOT EXIST (at C:\Progra~1\ESETNO~1\ecls.exe -Original Message- From: "Linda Pagillo" Sent: Monday, November 11, 2013 3:35pm To: community@mailsbestfriend.com Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude Hi John. Try ESETNO~1 instead of ESET~1 Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 5:32 PM To: community@mailsbestfriend.com Subject: [MBF]Working on using NOD32 as a scanner for Declude I am working on using NOD32 as an additional scanner for Declude Virus but am running into a problem with spaces in the path. Setting Scan File 2 to C:\Program Files\ESET NOD32 Antivirus\ecls.exe /no-boots /sfx /rtp /adware /unsafe /unwanted /pattern /heur /clean-mode=NONE /no-log-console ERROR: SCANFILE option must not have any spaces in the pathname The problem is \ESET NOD32 Antivirus\ as if I try to use \ESET~1\ it can not find it. Your virus scanner DOES NOT EXIST (at C:\Progra~1\ESET~1\ecls.exe Suggestions? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to John T eServices For You # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Working on using NOD32 as a scanner for Declude
Hi John. Try ESETNO~1 instead of ESET~1 Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Monday, November 11, 2013 5:32 PM To: community@mailsbestfriend.com Subject: [MBF]Working on using NOD32 as a scanner for Declude I am working on using NOD32 as an additional scanner for Declude Virus but am running into a problem with spaces in the path. Setting Scan File 2 to C:\Program Files\ESET NOD32 Antivirus\ecls.exe /no-boots /sfx /rtp /adware /unsafe /unwanted /pattern /heur /clean-mode=NONE /no-log-console ERROR: SCANFILE option must not have any spaces in the pathname The problem is \ESET NOD32 Antivirus\ as if I try to use \ESET~1\ it can not find it. Your virus scanner DOES NOT EXIST (at C:\Progra~1\ESET~1\ecls.exe Suggestions? # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Dead Blacklists - Please update your global.cfg
Yes, MSRBL (combined.rbl.msrbl.net) is verified as working. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Gary Steiner Sent: Friday, November 08, 2013 5:31 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Dead Blacklists - Please update your global.cfg Does MSRBL still work? I thought they were offline. Original Message > From: "David Barker" > Sent: Friday, November 08, 2013 3:21 PM > To: community@mailsbestfriend.com > Subject: [MBF]Re: Dead Blacklists - Please update your global.cfg > > I just updated the global.cfg at > <http://mailsbestfriend.com/downloads> > http://mailsbestfriend.com/downloads > > > > Note that <http://www.rfc-ignorant.de/> http://www.rfc-ignorant.de/ > is taking over the <http://www.rfc-ignorant.org> http://www.rfc-ignorant.org > lists. > > David Barker > Mail's Best Friend > > Email : david.bar...@mailsbestfriend.com > Web : www.mailsbestfriend.com <http://www.mailsbestfriend.com/> > Office: 866.919.2075 > Mobile : 978.518.6461 > > cid:image001.png@01CE2B2E.8B3E9EF0 > > > > > > > > From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] > On Behalf Of Linda Pagillo > Sent: Friday, November 8, 2013 3:12 PM > To: community@mailsbestfriend.com > Subject: [MBF]Re: Dead Blacklists - Please update your global.cfg > > > > Yes. You can find our latest global.cfg file here. > http://mailsbestfriend.com/downloads. Be advised that I have not yet removed > the dead tests from that global. So in other words, it is current, > minus the > tests I instructed you guys to remove this morning. > > > > Linda Pagillo > Mail's Best Friend > Email: linda.pagi...@mailsbestfriend.com > Web: www.mailsbestfriend.com > Office: 703.988.3605 x7016 > > > > MBF > > > > From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] > On Behalf Of Richard Mazur > Sent: Friday, November 08, 2013 2:02 PM > To: community@mailsbestfriend.com > Subject: [MBF]Re: Dead Blacklists - Please update your global.cfg > > > > okay i got rid of these and now only have a few. Is there a current > list or > global.cfg example you have so i can compare? > > > # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]You can renew your Smartermail Upgrade Protection with MBF
Hi everyone. Some of you may have purchased your Smartermail software through Declude (the company) when it was still in business. I was looking through some records here and I'm not sure if you are aware, but you can renew any/all of your Smartermail products through MBF. We are a reseller for Smartertools and can offer discounts on all Smartertools products. I just wanted to give everyone a heads up in case you were not aware. If your software is 60 days or less away from expiring and you would like a quote from MBF, please send me an email directly with your Smartertools license keys and I will be happy to help. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF <>
[MBF]Re: Update to AVG
Thanks Don. Can you send me a header from one of the virus-infected emails that made it through to your customers? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Don Winsauer Sent: Friday, November 08, 2013 1:03 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Update to AVG Yes, I am running Message Sniffer. Don -- Original Message -- From: "Linda Pagillo" Reply-To: Date: Fri, 8 Nov 2013 13:00:01 -0600 >Hi Don. At this time there is no way to update Declude's AVG manually. >Question for you... are you running Message Sniffer? > >Linda Pagillo >Mail's Best Friend >Email: linda.pagi...@mailsbestfriend.com >Web: www.mailsbestfriend.com >Office: 703.988.3605 x7016 > > > > >-Original Message- >From: community@mailsbestfriend.com >[mailto:community@mailsbestfriend.com] >On Behalf Of Don Winsauer >Sent: Friday, November 08, 2013 12:37 PM >To: community@mailsbestfriend.com >Subject: [MBF]Update to AVG > >Is there any way to update the AVG files manually? Our customers are >getting hit with the Cryptovirus. > >Thanks, >Don > > > > > > >Sent via the WebMail system at net1media.com > > > > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >To switch to the INDEX mode, E-mail to > >Send administrative queries to > > ># >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to > >To switch to the INDEX mode, E-mail to > >Send administrative queries to > > Sent via the WebMail system at net1media.com # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Dead Blacklists - Please update your global.cfg
Yes. You can find our latest global.cfg file here. http://mailsbestfriend.com/downloads. Be advised that I have not yet removed the dead tests from that global. So in other words, it is current, minus the tests I instructed you guys to remove this morning. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Friday, November 08, 2013 2:02 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Dead Blacklists - Please update your global.cfg okay i got rid of these and now only have a few. Is there a current list or global.cfg example you have so i can compare? On Nov 8, 2013, at 11:30 AM, Scott Fosseen - Prairie Lakes AEA wrote: Thanks! From: <mailto:linda.pagi...@mailsbestfriend.com> Linda Pagillo Sent: Friday, November 08, 2013 10:23 AM To: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com Subject: [MBF]Dead Blacklists - Please update your global.cfg Good morning everyone. The following RBLs should be removed from your Declude global.cfg if you are using them: FIVETEN-DUL DSN NOABUSE NOPOSTMASTER BOGUSMX They have all been verified as dead. Thanks! Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com> www.mailsbestfriend.com Office: 703.988.3605 x7016 Richard Mazur Director of Sales SurfNet Corporation r...@surfmail.net <>
[MBF]Re: Update to AVG
HI Mike. To answer your questions... Are there any other ways to protect ourselves from the Cryptovirus? Yes, you can install a command line virus scanner to use with Declude or you can install a virus scanner on your actual mail server box. Will Sniffer filter things like this? I am under the impression that Sniffer also functions as an anti-virus. Is this a false assumption? Yes, Sniffer should be filtering these. If you are running Sniffer and still having viruses come through, I will need a copy of the email with the virus included and the full headers so I can send them to Arm to have a rule built. The only thing I have at my disposal is Clam. AVG has been dysfunctional since Declude folded, due to licensing rights, yes? AVG has been dysfunctional because when Declude closed, the AVG server they had went with them. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Friday, November 08, 2013 12:47 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Update to AVG > Is there any way to update the AVG files manually? Our customers are getting hit with the Cryptovirus. Are there any other ways to protect ourselves from the Cryptovirus? Will Sniffer filter things like this? I am under the impression that Sniffer also functions as an anti-virus. Is this a false assumption? The only thing I have at my disposal is Clam. AVG has been dysfunctional since Declude folded, due to licensing rights, yes? - Michael Cummins # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Update to AVG
Hi Don. At this time there is no way to update Declude's AVG manually. Question for you... are you running Message Sniffer? Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Don Winsauer Sent: Friday, November 08, 2013 12:37 PM To: community@mailsbestfriend.com Subject: [MBF]Update to AVG Is there any way to update the AVG files manually? Our customers are getting hit with the Cryptovirus. Thanks, Don Sent via the WebMail system at net1media.com # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Whitelist FROM in Declude Virus
Hi John. You can allow vulnerabilities to be sent from a certain address and bypass Declude Virus. Open your virus.cfg and add the following line: ALLOWVULNERABILITIESFROM sen...@domain.com There is no way to disable the actual virus scanning part of Declude Virus for a sender outside of your server. However, you can disable it for a recipient or domain on your server. You would need to use the virus_users.txt and virus_domains.txt which are found in your Declude directory. If you open those files you will see an explanation on how to use them. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of johnl...@eservicesforyou.com Sent: Friday, November 08, 2013 11:43 AM To: community@mailsbestfriend.com Subject: [MBF]Whitelist FROM in Declude Virus Is there a way to whitelist an email in Declude Virus based upon the from address? All I remember is the ability to configured on a per receipient (user) basis, not sender. John T eServices For You # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to
[MBF]Re: Dead Blacklists - Please update your global.cfg
My pleasure Uwe! I have also updated the paper I wrote for our KB. http://know.mailsbestfriend.com/papers/SmarterMail-Antispam-Settings.shtml. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Info Wind Internethaus GmbH Sent: Friday, November 08, 2013 10:55 AM To: community@mailsbestfriend.com Subject: [MBF]AW: Dead Blacklists - Please update your global.cfg Great. Thank you a lot, that is perfect service! Uwe Von: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] Im Auftrag von Linda Pagillo Gesendet: Freitag, 8. November 2013 17:24 An: community@mailsbestfriend.com Betreff: [MBF]Dead Blacklists - Please update your global.cfg Good morning everyone. The following RBLs should be removed from your Declude global.cfg if you are using them: FIVETEN-DUL DSN NOABUSE NOPOSTMASTER BOGUSMX They have all been verified as dead. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF <>
[MBF]Dead Blacklists - Please update your global.cfg
Good morning everyone. The following RBLs should be removed from your Declude global.cfg if you are using them: FIVETEN-DUL DSN NOABUSE NOPOSTMASTER BOGUSMX They have all been verified as dead. Thanks! Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF <>
[MBF]Follow MBF on Twitter
Good day everyone! MBF is excited to announce that we now have a Twitter account! You can now keep up with all of our latest news, KB articles and everything else we are doing! Follow us today! - @MailsBestFriend. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 MBF <>
[MBF]Re: Smartermail, Delays and non-delivered messages
Scott, I have seen this happen before. The SM delivery log is not deleting the messages. They are never making it to delivery so there is no entry. I have found the culprit to be Smartermail’s SpamAssassin. Disable SpamAssassin then go to your spool via the SM admin interface and force delivery on the messages. They will go out. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Thursday, October 17, 2013 4:55 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Smartermail, Delays and non-delivered messages Is there a spam filter on the user account or domain that is deleting the message ? Users have the ability to setup their own filters in SM which can cause this. David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 866.919.2075 cid:image001.png@01CE2B2E.8B3E9EF0 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Thursday, October 17, 2013 5:51 PM To: community@mailsbestfriend.com Subject: [MBF]Smartermail, Delays and non-delivered messages I have several of my customers complaining about messages that are either delayed, or not delivered. When I look in the logs I see no issues with the messages they say are delayed. We did find one message that in the Smartermail Delivery logs said it was deleted due to a filter. I looked at my spam settings for Smartermail, and all I have enabled is Declude. I don’t understand why the Smartermail Delivery log deleted the message. Most of my customers said this started about 1 week and a half ago. <><>
[MBF]Re: whitelist problem
Hi Mike. Yes, those tests are used in Declude, but not at the smtp level. Declude does not do smtp level scanning. The best way to use Declude and SM together is to set up those 4 blacklists at the SM smtp level scanning and use the global.cfg in Declude as is. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Michael Cummins Sent: Thursday, October 17, 2013 8:14 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Dont we already use SORBS, SPAMCOP, BARRACUDA and ZEN in Declude? Is that an efficient synergy? Whats the best way to use SmarterMail and Delcude together? - Michael Cummins From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, October 17, 2013 8:56 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Hey guys. Here is what I normally do when setting up checks at SMs smtp level. In the Spam Checks area, I add 4 blacklists and give them each a weight of 10. The lists I use are SORBS, SPAMCOP, BARRACUDA and ZEN. Then in the SMTP Blocking area, I set my Incoming Weight Threshold to 30 and put a check in the Enabled box. This means that an incoming connection has to trigger at least 3 out of the 4 lists to be dropped at the SMTP level. This has always worked very well for me. I agree that you should never drop connections or reject email based on one test. I hope this helps. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Todd Hunter Sent: Thursday, October 17, 2013 7:36 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Brian, The short answer would be no. If something is checked then email will be rejected based on triggering that one test.Thats a bad idea and you will rejecting a LOT email, both spam and non-spam. No single test in 100% right. What you are looking to do is run a series of tests/filters that in combination help you determine the likelihood that an email is spam and give it a weight. You then have several action you can perform on an email once it has been given a weight. The options and weights are on the Filtering tab in the same Security section David directed you to. Todd From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Thursday, October 17, 2013 7:14 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Should anything be checked in enable for incoming SMTP blocking? Brian From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Thursday, October 17, 2013 12:23 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Declude does not block at SMTP level. What you are seeing is your mail server blocking the mail, in SM its a setting under SecurityàAntispam Administration à Enable for Incoming SMTP blocking It is not recommended that you block on 1 RBL only. David Barker Mails Best Friend Email : <mailto:david.bar...@mailsbestfriend.com> david.bar...@mailsbestfriend.com Web : <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 1.866.919.2075 cid:image001.png@01CE2B2E.8B3E9EF0 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Wednesday, October 16, 2013 11:25 PM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Thanks why I asked, all I know is what it says in the log files, Mail rejected due to SMTP Spam Blocking: Baracuda Brian From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Todd Hunter Sent: Wednesday, October 16, 2013 10:59 PM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Are you sure that this not a rule setup on your mail server and not Declude. In general Declude does not block at the smtp level but gives weight to email after it has been received by your email server and handed over to Declude for testing. Todd Hunter The Smart IT Group Smart IT Services Smart-Mail Law IT Services Your Smart Cloud Partner From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Wednesday, October 16, 2013 9:36 PM To: community@mailsbestfriend.com Subject: [MBF]whitelist problem Ive whitelisted and email address in global.cfg but the emails still are blocked what can I do to allow these emails? The file
[MBF]Re: whitelist problem
Hey guys. Here is what I normally do when setting up checks at SMs smtp level. In the Spam Checks area, I add 4 blacklists and give them each a weight of 10. The lists I use are SORBS, SPAMCOP, BARRACUDA and ZEN. Then in the SMTP Blocking area, I set my Incoming Weight Threshold to 30 and put a check in the Enabled box. This means that an incoming connection has to trigger at least 3 out of the 4 lists to be dropped at the SMTP level. This has always worked very well for me. I agree that you should never drop connections or reject email based on one test. I hope this helps. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Todd Hunter Sent: Thursday, October 17, 2013 7:36 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Brian, The short answer would be no. If something is checked then email will be rejected based on triggering that one test.Thats a bad idea and you will rejecting a LOT email, both spam and non-spam. No single test in 100% right. What you are looking to do is run a series of tests/filters that in combination help you determine the likelihood that an email is spam and give it a weight. You then have several action you can perform on an email once it has been given a weight. The options and weights are on the Filtering tab in the same Security section David directed you to. Todd From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Thursday, October 17, 2013 7:14 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Should anything be checked in enable for incoming SMTP blocking? Brian From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Thursday, October 17, 2013 12:23 AM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Declude does not block at SMTP level. What you are seeing is your mail server blocking the mail, in SM its a setting under SecurityàAntispam Administration à Enable for Incoming SMTP blocking It is not recommended that you block on 1 RBL only. David Barker Mails Best Friend Email : <mailto:david.bar...@mailsbestfriend.com> david.bar...@mailsbestfriend.com Web : <http://www.mailsbestfriend.com/> www.mailsbestfriend.com Office: 1.866.919.2075 cid:image001.png@01CE2B2E.8B3E9EF0 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Wednesday, October 16, 2013 11:25 PM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Thanks why I asked, all I know is what it says in the log files, Mail rejected due to SMTP Spam Blocking: Baracuda Brian From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Todd Hunter Sent: Wednesday, October 16, 2013 10:59 PM To: community@mailsbestfriend.com Subject: [MBF]Re: whitelist problem Are you sure that this not a rule setup on your mail server and not Declude. In general Declude does not block at the smtp level but gives weight to email after it has been received by your email server and handed over to Declude for testing. Todd Hunter The Smart IT Group Smart IT Services Smart-Mail Law IT Services Your Smart Cloud Partner From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Brian Thomforde Sent: Wednesday, October 16, 2013 9:36 PM To: community@mailsbestfriend.com Subject: [MBF]whitelist problem Ive whitelisted and email address in global.cfg but the emails still are blocked what can I do to allow these emails? The files say they are blocked, rsp: 554 Sending address not accepted due to spam filter 05:06:02 [63.131.134.26][13498060] Mail rejected due to SMTP Spam Blocking: Baracuda TIA Brian <><>
[MBF]Re: False positive on McAfee
You're welcome Katie J Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Monday, October 07, 2013 2:19 PM To: community@mailsbestfriend.com Subject: [MBF]Re: False positive on McAfee Thanks, Linda. I didn't look at blacklists because the headers showed McAfee. Silly me! The client has found a rootkit on one of the machines in their network. <http://www.centric.net/> centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Monday, October 07, 2013 10:58 AM To: community@mailsbestfriend.com Subject: [MBF]Re: False positive on McAfee Hi Katie. I did a lookup on the sender's IP - 209.137.225.54. It seems that IP is on several, major real-time blacklists. b.barracudacentral.org - Barracuda Reputation Block List hostkarma.junkemailfilter.com - Hostkarma all.spamrats.com - SpamRATS! all xbl.spamhaus.org - Spamhaus XBL Exploits Block List zen.spamhaus.org - Spamhaus ZEN Combined Block List cbl.abuseat.org - Composite Blocking List It looks like the admin of that mail server needs to find out what caused the IP to land on all of those lists, fix the issue then request removal. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Monday, October 07, 2013 11:35 AM To: community@mailsbestfriend.com Subject: [MBF]False positive on McAfee Hello, Please cc spamfil...@centric.net on any responses to this thread so they don't get caught in our filter. One of our hosting client's messages are getting caught by the McAfee filter in Declude. It has a few other issues, but McAfee is the biggie. Attached is an example. Here are the headers: Received: from CustomPC [209.137.225.54] by mail.centric.net with ESMTP (SMTPD-12.3.0.100) id 6eb4000972d8def1; Mon, 7 Oct 2013 10:22:32 -0600 From: "Jared Barnard" To: Subject: Mail Date: Mon, 7 Oct 2013 10:22:35 -0600 Message-ID: <003a01cec379$6f023d80$4d06b880$@com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_003B_01CEC347.2467CD80" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac7DeW50L495rxr9QfykRzOo0EY9VA== Content-Language: en-us X-MessageSniffer-Identifier: C:\IMail\spool\proc\work\D6eb4000972d8def1.smd X-GBUdb-Analysis: 0, 209.137.225.54, Ugly c=0.297854 p=-0.22 Source Normal X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10. X-Declude-Sender: jbarn...@missoulaconcrete.com [209.137.225.54] X-Declude-Spoolname: D6eb4000972d8def1.smd X-Declude-RefID: X-Declude-Note: Scanned by Centric Internet Services using Declude 4.12.01 for spam. "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [12] at 10:22:40 on 07 Oct 2013 X-Declude-Fail: HOSTKARMA-BLACK [5], MCAFEE [10], CMDSPACE [0], HAM-INDICATOR [-2], WEIGHT10 [10] X-Country-Chain: UNITED STATES->destination X-RCPT-TO: Status: X-UIDL: 681075816 X-IMail-ThreadID: 6eb4000972d8def1 Thanks, <http://www.centric.net/> centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 <><>
[MBF]Re: False positive on McAfee
Hi Katie. I did a lookup on the sender's IP - 209.137.225.54. It seems that IP is on several, major real-time blacklists. b.barracudacentral.org - Barracuda Reputation Block List hostkarma.junkemailfilter.com - Hostkarma all.spamrats.com - SpamRATS! all xbl.spamhaus.org - Spamhaus XBL Exploits Block List zen.spamhaus.org - Spamhaus ZEN Combined Block List cbl.abuseat.org - Composite Blocking List It looks like the admin of that mail server needs to find out what caused the IP to land on all of those lists, fix the issue then request removal. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Katie La Salle-Lowery Sent: Monday, October 07, 2013 11:35 AM To: community@mailsbestfriend.com Subject: [MBF]False positive on McAfee Hello, Please cc spamfil...@centric.net on any responses to this thread so they don't get caught in our filter. One of our hosting client's messages are getting caught by the McAfee filter in Declude. It has a few other issues, but McAfee is the biggie. Attached is an example. Here are the headers: Received: from CustomPC [209.137.225.54] by mail.centric.net with ESMTP (SMTPD-12.3.0.100) id 6eb4000972d8def1; Mon, 7 Oct 2013 10:22:32 -0600 From: "Jared Barnard" To: Subject: Mail Date: Mon, 7 Oct 2013 10:22:35 -0600 Message-ID: <003a01cec379$6f023d80$4d06b880$@com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_003B_01CEC347.2467CD80" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Ac7DeW50L495rxr9QfykRzOo0EY9VA== Content-Language: en-us X-MessageSniffer-Identifier: C:\IMail\spool\proc\work\D6eb4000972d8def1.smd X-GBUdb-Analysis: 0, 209.137.225.54, Ugly c=0.297854 p=-0.22 Source Normal X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10. X-Declude-Sender: jbarn...@missoulaconcrete.com [209.137.225.54] X-Declude-Spoolname: D6eb4000972d8def1.smd X-Declude-RefID: X-Declude-Note: Scanned by Centric Internet Services using Declude 4.12.01 for spam. "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [12] at 10:22:40 on 07 Oct 2013 X-Declude-Fail: HOSTKARMA-BLACK [5], MCAFEE [10], CMDSPACE [0], HAM-INDICATOR [-2], WEIGHT10 [10] X-Country-Chain: UNITED STATES->destination X-RCPT-TO: Status: X-UIDL: 681075816 X-IMail-ThreadID: 6eb4000972d8def1 Thanks, <http://www.centric.net/> centric logo - signature sized Katie LaSalle-Lowery ka...@centric.net 1120 S. Russell; Ste B Missoula, MT 59801 ph (406)549-3337 fax (406)541-9338 <><>
[MBF]Re: SNIFFER
Yes, please send me the headers and the actual emails. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Sunday, September 22, 2013 12:14 PM To: community@mailsbestfriend.com Subject: [MBF]Re: SNIFFER i dont have the full emails. do you want me to have client forward me the actual email as well? you need more than just the headers? Richard Mazur Director of Accounts SurfNet Corporation http://www.surfnetcorp.com Main Office - 888-704-7773 x1 Direct - 847-483-8788 Fax - 888-704-7773 Email - r...@surfmail.net Skype - rickmaz1106 Follow us on Twitter: www.twitter.com/surfnethosting On Sep 22, 2013, at 12:10 PM, Linda Pagillo wrote: Hi Richard. I received your email about this Friday and replied to you. I apologize if you didn't receive it. Could you please forward to me the actual emails that went along with the headers that you sent? Thanks. Linda Pagillo Mail's Best Friend Email: <mailto:linda.pagi...@mailsbestfriend.com> linda.pagi...@mailsbestfriend.com Web: <http://www.mailsbestfriend.com> www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 From: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com [mailto:community@ <http://mailsbestfriend.com> mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Sunday, September 22, 2013 9:10 AM To: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com Subject: [MBF]SNIFFER Ive suddenly got a lot of mail even stuff that should be whitelisted cause by spam filter declude and put in my 'spam' folder. This al started about a week ago or so and i have not changed any settings. i see mail even coming from google or my own domain (that should be whitelisted) is getting a 20 SCORE and thus marking it with a higher weight and marking it as spam. People who have had friends emailing them for years without a problem all of a sudden are getting caught. I do no know what this SNIFFER filter is or how to tweak it or if it is needed to still properly catch the spam. If any one can help that would be great. here is a few examples of headers that have been caught. X-Declude-Scan: Incoming Score [20] at 13:29:49 on 17 Sep 2013 X-Declude-Tests: SPFPASS [-1], SNIFFER [20], FILTER-SPAM [5] X-Country-Chain: X-Declude-Code: f X-Helo: <http://mail-ee0-f51.google.com/> mail-ee0-f51.google.com X-Identity: 74.125.83.51 | mail-ee0- <http://f51.google.com/> f51.google.com | <http://googlemail.com/> googlemail.com Richard Mazur Director of Accounts SurfNet Corporation <http://www.surfnetcorp.com> http://www.surfnetcorp.com Main Office - 888-704-7773 x1 Direct - 847-483-8788 Fax - 888-704-7773 Email - <mailto:r...@surfmail.net> r...@surfmail.net Skype - rickmaz1106 Follow us on Twitter: <http://www.twitter.com/surfnethosting> www.twitter.com/surfnethosting On Sep 18, 2013, at 9:53 AM, Darin Cox < <mailto:dc...@4cweb.com> dc...@4cweb.com> wrote: That is a fairly high load. You might see about blocking spammy IPs at the firewall or a separate filtering server to reduce the amount processed on your mail server. An additional thing you can check is for a large number of files in log directories. Windows in general doesn't like more than a couple thousand files in a directory. Performance degrades significantly. Darin. -Original Message- From: Daniel Ivey Sent: Wednesday, September 18, 2013 9:19 AM To: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com Subject: [MBF]high cpu usage I have a virtualized Windows 2000 Server that has all of a sudden starting having high CPU usage (according to Vmware). When I check the CPU usage in Performance in Windows Task Manager, it bounces up to about 98% at times, but quickly backs down and has been as low as 20%. When I go under processes and see what is using most of the CPU, it is either decludeproc.exe (I am running version 4.12.02) or SNFServer.exe constantly. I have tightened my restraints on HiJack to see if someone was coming in under my thresholds, but have not gotten any alerts to that being the problem. The server is keeping up with only around 70 - 100 items in the PROC folder when I check it using DecludeCount.exe. Occasionally, it will get up to 150 in the PROC folder but then comes back down. The server seems to be processing about 300 messages every 15 seconds according to DecludeCount.exe. I was just wondering if anyone had ran into this issue and if so, what the fix was or if anyone had any suggestions for settings to tweak? Any help is greatly appreciated, as I want to nip this in the bud before it becomes a l
[MBF]Re: SNIFFER
Hi Richard. I received your email about this Friday and replied to you. I apologize if you didn't receive it. Could you please forward to me the actual emails that went along with the headers that you sent? Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Richard Mazur Sent: Sunday, September 22, 2013 9:10 AM To: community@mailsbestfriend.com Subject: [MBF]SNIFFER Ive suddenly got a lot of mail even stuff that should be whitelisted cause by spam filter declude and put in my 'spam' folder. This al started about a week ago or so and i have not changed any settings. i see mail even coming from google or my own domain (that should be whitelisted) is getting a 20 SCORE and thus marking it with a higher weight and marking it as spam. People who have had friends emailing them for years without a problem all of a sudden are getting caught. I do no know what this SNIFFER filter is or how to tweak it or if it is needed to still properly catch the spam. If any one can help that would be great. here is a few examples of headers that have been caught. X-Declude-Scan: Incoming Score [20] at 13:29:49 on 17 Sep 2013 X-Declude-Tests: SPFPASS [-1], SNIFFER [20], FILTER-SPAM [5] X-Country-Chain: X-Declude-Code: f X-Helo: <http://mail-ee0-f51.google.com/> mail-ee0-f51.google.com X-Identity: 74.125.83.51 | mail-ee0- <http://f51.google.com/> f51.google.com | <http://googlemail.com/> googlemail.com Richard Mazur Director of Accounts SurfNet Corporation http://www.surfnetcorp.com Main Office - 888-704-7773 x1 Direct - 847-483-8788 Fax - 888-704-7773 Email - r...@surfmail.net Skype - rickmaz1106 Follow us on Twitter: www.twitter.com/surfnethosting On Sep 18, 2013, at 9:53 AM, Darin Cox wrote: That is a fairly high load. You might see about blocking spammy IPs at the firewall or a separate filtering server to reduce the amount processed on your mail server. An additional thing you can check is for a large number of files in log directories. Windows in general doesn't like more than a couple thousand files in a directory. Performance degrades significantly. Darin. -Original Message- From: Daniel Ivey Sent: Wednesday, September 18, 2013 9:19 AM To: community@mailsbestfriend.com Subject: [MBF]high cpu usage I have a virtualized Windows 2000 Server that has all of a sudden starting having high CPU usage (according to Vmware). When I check the CPU usage in Performance in Windows Task Manager, it bounces up to about 98% at times, but quickly backs down and has been as low as 20%. When I go under processes and see what is using most of the CPU, it is either decludeproc.exe (I am running version 4.12.02) or SNFServer.exe constantly. I have tightened my restraints on HiJack to see if someone was coming in under my thresholds, but have not gotten any alerts to that being the problem. The server is keeping up with only around 70 - 100 items in the PROC folder when I check it using DecludeCount.exe. Occasionally, it will get up to 150 in the PROC folder but then comes back down. The server seems to be processing about 300 messages every 15 seconds according to DecludeCount.exe. I was just wondering if anyone had ran into this issue and if so, what the fix was or if anyone had any suggestions for settings to tweak? Any help is greatly appreciated, as I want to nip this in the bud before it becomes a larger problem. Daniel # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to # This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to To switch to the INDEX mode, E-mail to Send administrative queries to <>
[MBF]Re: Filter updates
Hi Scott. Yes, you can find updated filters here.. http://mailsbestfriend.com/downloads . I believe the FILTER-SPAM is updated for the current year. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Scott Fosseen - Prairie Lakes AEA Sent: Wednesday, September 18, 2013 9:07 AM To: community@mailsbestfriend.com Subject: [MBF]Filter updates I probably missed this someplace in an older message. Are the declude filter files still being updated? If so where can I find them, if not I need help with the line in the “SPAM” filter that is looking for the current year in the header. I think I understand how it works, but I am missing the critical part about how to define the current year. <>
[MBF]Re: ratings on chinese characters?
Hi Carl. Can you post the full headers from a few of those messages please? Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Carl Wagar Sent: Tuesday, September 03, 2013 11:14 AM To: community@mailsbestfriend.com Subject: [MBF]ratings on chinese characters? Hi. I have a customer who says: " it is possible to raise the spam score on e-mail with Chinese and Hebrew characters? I am getting a lot of spam that comes thru written in Chinese and in Hebrew characters. I cannot read those languages. Many come with an .xls attachment." I've not looked into this before. I know where to adjust country domain TLD weights. But does declude have filters based on character set? Does anyone have some advice? Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: jcwa...@entrenet.com, skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 -Original Message- From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Andy Schmidt Sent: Saturday, August 10, 2013 3:31 PM To: community@mailsbestfriend.com Subject: [MBF]Re: declude not processing messages Hi Daniel, Although there is a steady stream of messages going in and out of my imail/spool/proc folder, I never manage to see any "declude.exe" process in my windows task manager. So that may not really indicate anything. Your first stop is of course the declude log files - what do they indicate? If necessary, turn up the debug level to see more detail. You can try running "decludeproc -diag" from the command line. It doesn't do anything but it will show you the valid commands that allow you to install/uninstall the service and show the Declude version. If you restart the DecludeProc service, it will generate a "\IMail\Declude\diags.txt" file that might point you to what's correctly recognized - and what NOT, what's product features are turned on etc. Best Regards, Andy -Original Message- From: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com [ <mailto:community@mailsbestfriend.com> mailto:community@mailsbestfriend.com] On Behalf Of Daniel Ivey Sent: Saturday, August 10, 2013 7:06 AM To: <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com Subject: [MBF]declude not processing messages I have an issue with one of my Imail servers where the decludeproc.exe is running, but I am not getting any Declude.exe processes and not processing any messages. No issues with my other 2 Imail servers (one of which is identical to this one). Does anyone have any ideas on what the fix is? Daniel # This message is sent to you because you are subscribed to the mailing list < <mailto:community@mailsbestfriend.com> community@mailsbestfriend.com>. To unsubscribe, E-mail to: < <mailto:community-...@mailsbestfriend.com> community-...@mailsbestfriend.com> To switch to the DIGEST mode, E-mail to < <mailto:community-dig...@mailsbestfriend.com> community-dig...@mailsbestfriend.com> To switch to the INDEX mode, E-mail to < <mailto:community-in...@mailsbestfriend.com> community-in...@mailsbestfriend.com> Send administrative queries to < <mailto:community-requ...@mailsbestfriend.com> community-requ...@mailsbestfriend.com> <>
[MBF]Re: Help with Perl
Thanks Darin. I will be contacting you directly via email in just a minute. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Darin Cox Sent: Tuesday, August 06, 2013 10:16 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Help with Perl Hi Linda, If it’s web development, we speak it.. including PERL. Let me know what you’re looking to do. Darin. From: Linda Pagillo <mailto:linda.pagi...@mailsbestfriend.com> Sent: Tuesday, August 06, 2013 9:21 PM To: community@mailsbestfriend.com Subject: [MBF]Help with Perl Hi everyone. I’m working on a project and I need to speak with someone familiar with Perl. Is anyone out there a Perl developer? Your help would be greatly appreciated. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF <>
[MBF]Help with Perl
Hi everyone. I'm working on a project and I need to speak with someone familiar with Perl. Is anyone out there a Perl developer? Your help would be greatly appreciated. Thanks. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF <>
[MBF]Re: Spam Flurry ?
This is directly from the Declude Release Notes. The format blklst.txt file is Date|time|spool#|IP|TotalWeight|LastAction|RecpList|mailfrom|subject|testsfa iled Example Multiple Recipients: 10/14/2009|11:40:06.109|53|24.177.234.76|18|testing@yahoo,beg...@yahoo.com,d onotlike@gmail,|owner-nolist-30960_*bigm**ridgecable*-com@soar.soulfulbliss. com|[59]Guaranteed*-payment-center|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINM X=0,SORBS-DUL=5,FIVETEN-SRC=2,ZEN=7,SORBS=7,DYNHELO=5,FROMNOMATCH=2,WEIGHT10 =10,WEIGHT14=14,| Example One Recipient: 10/14/2009|11:40:06.296|15|218.16.123.185|37|s...@hcas.net,|info_claimsproce ssgabjgfu...@gmx.net|CONTACT AGENT FOR CONFIRMATION|CATCHALLMAILS=0,NOLEGITCONTENT=0,IPNOTINMX=0,FIVETEN-SRC=2,NJAB L=4,BASE64=4,CMDSPACE=8,DYNHELO=5,HELOBOGUS =5,REVDNS=10,SPFFAIL=10,WEIGHT10=10,WEIGHT14=14,WEIGHT20=20,WEIGHT30=30,| Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Thursday, June 06, 2013 11:22 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? Linda, Thanks. I have a few questions since I wasn't able to find any info in the manual. Does it log every IP or just IPs that sent email that had a weight that indicated it was Spam? I have a log entry of: 151.49.14.245 95 What does the "95" at the end of the line indicate? Is that the number of emails from that IP? _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Linda Pagillo Sent: Thursday, June 06, 2013 9:59 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? Open your delcude.cfg file and add the following line to the bottom. BLKLST ON Once you do that, restart your decludeproc service and you will see the blklst.txt in your Spool directory. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Thursday, June 06, 2013 10:52 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? I searched the declude manual for "blklst" and found nothing. How do I go about enabling this feature? _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, May 29, 2013 3:15 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? You can also use the blklst*.txt file which will provide this information for easy extraction David Barker Mail's Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 866.919.2075 Mobile : 978.518.6461 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Wednesday, May 29, 2013 3:29 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? Yes. I've been seeing a lot of patterns like that where I can block a whole subnet. I wish we had something that would parse the declude log files and give stats on spam by IP so that it wasn't a manual process of identifying those IP blocks. _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, May 29, 2013 11:19 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? Anyone else seeing spam flurry coming from 96.9.155.0/24 ? David Barker Mail's Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 866.919.2075 Mobile : 978.518.6461 cid:image001.png@01CE2B2E.8B3E9EF0 <><>
[MBF]Re: Spam Flurry ?
Open your delcude.cfg file and add the following line to the bottom. BLKLST ON Once you do that, restart your decludeproc service and you will see the blklst.txt in your Spool directory. Linda Pagillo Mail's Best Friend Email: linda.pagi...@mailsbestfriend.com Web: www.mailsbestfriend.com Office: 703.988.3605 x7016 Mobile: 931-284-9291 MBF From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Thursday, June 06, 2013 10:52 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? I searched the declude manual for "blklst" and found nothing. How do I go about enabling this feature? _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, May 29, 2013 3:15 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? You can also use the blklst*.txt file which will provide this information for easy extraction David Barker Mail's Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 866.919.2075 Mobile : 978.518.6461 From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of Dave Beckstrom Sent: Wednesday, May 29, 2013 3:29 PM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? Yes. I've been seeing a lot of patterns like that where I can block a whole subnet. I wish we had something that would parse the declude log files and give stats on spam by IP so that it wasn't a manual process of identifying those IP blocks. _ From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On Behalf Of David Barker Sent: Wednesday, May 29, 2013 11:19 AM To: community@mailsbestfriend.com Subject: [MBF]Re: Spam Flurry ? Anyone else seeing spam flurry coming from 96.9.155.0/24 ? David Barker Mail's Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com <http://www.mailsbestfriend.com/> Office: 866.919.2075 Mobile : 978.518.6461 cid:image001.png@01CE2B2E.8B3E9EF0 <><>
