RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
> ORDB is not going to put a server on the blacklist unless they have > tested successfully for an open relay. BTW: I was only making a comment about the abuse account and just stating that it could benefit some poor soul that was hacked or had an open relay without knowing it. But, this is entirely up to the SysOp. In any-case depending on what service you use it is possible they may add some one to their blacklist without investigating it and without allowing the offender to respond. What it comes down to is we should consider the fact that no one is perfect and we should not react on a message that one of these companies decided to claim it as spam. I have seem allot of legitimate mailings listed with some of these companies and because of this I can not trust them. However, because of Declude I can take advantage of different tests to validate their findings. I have created my own blacklist as some of you might already know, but not every one agrees with my list, though it has been very similar to Spamcop's findings. Because of this I strongly suggest using weight values to declare spam or junk mail. My post is not meant to be an argument and/or agreement, just another opinion for those reading it to consider. PS: Happy Thanks Giving! Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fwd: spam hit counter
This may be interesting (forwarded from an anti-spam mailing list): -Scott I recently received a spam where the sender left a javascript hit counter which my pine kindly ignored. It did, however, give the URL where he, and you, can watch the hits accumulate from the spam. Pretty eye opening. http://www.stats4all.com/asp/login.asp?sSiteName=vventer11 Click on the blue graph corresponding to today to see the hourly breakdown. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] forum for fighting fake From:fingerprint
Scott, do you recommend using both BADHEADERS and SPAMHEADERS? I use both, along with the LOOSENSPAMHEADERS directive, and I'm wondering if SPAMHEADERS incorporates BADHEADERS... It seems that when I see SPAMHEADERS, I very often see BADHEADERS. They are two different sets of tests, although E-mails that fail one are likely to fail the other. Both check for spam-like headers that will rarely, if ever, appear in E-mail from legitimate mail clients. The difference is that the BADHEADERS test looks for headers that are illegal (not RFC compliant), whereas the SPAMHEADERS test looks for ones that are RFC compliant. I personally do not recommend using LOOSENSPAMHEADERS, as that will significantly reduce the amount of spam that the SPAMHEADERS test will catch. It will help prevent catching some legitimate mail as spam, but only from people who know that their mail will get caught as spam (or wrote software without looking at the RFCs) -- and if they know it will get caught as spam, well, they don't care much in my opinion. As spam gets worse, legitimate mailers that send problem E-mails are going to have to fix the problems; they might as well do it sooner rather than later. FWIW, we assist any legitimate mailers that contact us about header problems, even though they aren't customers of ours. On the other hand, maybe I'm just getting used to seeing BADHEADERS in Spam Review because so many mailing lists set it off! It's *very* important to note that the BADHEADERS test will only be set off from broken mailservers (or broken mail clients). It will not catch legitimate mail. In most cases, the E-mail that fails the BADHEADERS test will either never reach the recipient, or get hidden at the bottom of the inbox behind old mail. I haven't used your web lookup tool much, but I'm getting used to seeing the date violation code in both. That's typically a throwback to the Technology Bubble, where CEOs would say "Let's hire a team of web programmers to write a web app to send out mail!", and they would hire people with great web programming resumes that have never written an actual Internet program (having written plenty of web apps, where the only rule is that the program needs to do what it is designed to do). They then would play around and get something that seemed to work, and say "We did it!". If people break the rules, they've got to face the consequences. On the other hand, I should also say that we don't block any E-mail here. We do handle spam differently, but never actually block it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
Title: Message I would argue that we're not being professional if we respond hastily to another, regardless of what our perceptions of another's comments are. Professionalism is not just the avoidance of insults, slights, slander, etc., but the decision to not react to another's perceived insults, slights, slander, etc. in a way that could be perceived as argumentative, insulting, etc. Not to say that I haven't done it myself, but this has been a very clean, well-meaning, generally humble, and helpful group and I would hate to see us get too sidetracked by emotions. Enough on that...Happy Thanksgiving all!!! To comment on the issue at hand, I have to say that regardless of the status of a particular network's listing on blacklists, it is our PRIMARY responsibility as mail system administrators or IT infrastructure management to ensure that ALL legitimate email makes it to it's intended destination. Businesses rely on our keeping them connected in a faster and faster moving economy. Timely and accurate delivery of their correspondence is a MUST. SECONDARILY to that, though still mightily important, we should filter out objectionable and/or wasteful UCE/UBE. I think most of us agree that Declude is a wonderful product with the weighting system to help us achieve that goal. From what I heard over the few months I've been on the list, Declude coupled with Message Sniffer do an amazing job of identifying UBE/UCE without interfering with non-UBE/UCE mail. I look forward to implementing Message Sniffer on our systems after the first of the year. For what it's worth, we've decided to never delete or hold emails for our customers, and instead prepend the message subject with a [SPAM] token for our users to use as they see fit. Most of our users add a simple rule to their email client to route these messages into a separate folder. That way they have the messages in case a critical communication they needed was identified as spam, but don't have to deal with a glut of probable spam in their inboxes. Until we have a new mail protocol that enforces validation rules which make UBE/UCE impractical or impossible, I think that's the best we will be able to do. Identifying spam is good, but stopping it altogether at the protocol level should be the ultimate goal. Any other response has little chance of success at dealing with the impact on both individuals AND networks. There will always be individuals or organizations that will take advantage of any loophole they can find to send out their cheap and flagrant marketing materials. Just my four cents...two cents for each issue... Darin. - Original Message - From: Phillip B. Holmes To: [EMAIL PROTECTED] Sent: Thursday, November 28, 2002 2:17 PM Subject: RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail? John,Why don't you keep this on a professional level and keep your snide little comments to yourself?I manage 4 ISP's John with revenues over 5 million a year. Declude is a godsend to us as some over our clients have been receiving over 200 spam emails a day to a single POP account. If you are blacklisted, you are there for a reason. Either your server allows relay or you are not RFC compliant. Either way, in 99% of the cases, the mail server implementation is broken and should not be running in production. Trust me when I say that they find out VERY quickly that they can't send mail to half the world when they are violating spam AUPs. It is not my responsibility to baby sit those people or tell them how to run their mail servers. They will have to learn the hard way that spam is unacceptable and won't be tolerated on most networks.Spam is a huge issue that costs ISPs millions in man-hours and bandwidth. We do not tolerate blacklisted SMTP servers, period.And yes... I would love to have the revenues of AOL, RoadRunner, SBC or PacBell. They all delete blacklisted mail and report the issue back to the sending ISPs via logging (which is totally acceptable). A good email admin would simply need to investigate his logs to find out why their mail is rejected around half the planet. If more ISPs took a hard line on spam, there would not be the huge problem that it is today.Regards,Phillip B. HolmesMedia Resolutions Inc.Macromedia Alliance Partnerhttp://www.mediares.com[EMAIL PROTECTED]1-888-395-4678 ext. 101972-889-0201 ext. 101/* Please send support requests to[EMAIL PROTECTED] */Failure is not falling down but refusing to get up.--- Chinese Proverb-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John TolmachoffSent: Thursday, November 28, 2002 12:43 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?>If you have earned a place on the blacklists, you wont be sending mailto my networks
RE: [Declude.JunkMail] forum for fighting fake From: fingerprint
Scott, do you recommend using both BADHEADERS and SPAMHEADERS? I use both, along with the LOOSENSPAMHEADERS directive, and I'm wondering if SPAMHEADERS incorporates BADHEADERS... It seems that when I see SPAMHEADERS, I very often see BADHEADERS. On the other hand, maybe I'm just getting used to seeing BADHEADERS in Spam Review because so many mailing lists set it off! I haven't used your web lookup tool much, but I'm getting used to seeing the date violation code in both. Andrew. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 4:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] forum for fighting fake From: fingerprint >I've found that HELOBOGUS, REVDNS, BADHEADERS and MAILFROM are all really >good indicators of spam, but that they are also indicators of a sloppy mail >admin and are thus way too common with normal mail. I've lowered their >weight, therefore, my HOLD weight is high enough to not hit on them in >combination. Note that while the HELOBOGUS and REVDNS tests are signs of a sloppy admin, the MAILFROM and BADHADHEADERS tests indicate RFC violations that aren't trivial. In the case of MAILFROM, bounce messages won't be deliverable, and in the case of BADHEADERS, the E-mail may just disappear. Those are problems that must be fixed. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
Tom, ORDB is not going to put a server on the blacklist unless they have tested successfully for an open relay. Phil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Thomas Juliano Sent: Thursday, November 28, 2002 3:45 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail? >If you are blacklisted, you are there for a reason. >Either your server allows relay or you are not RFC >compliant. Either way, in 99% of the cases, the mail >server implementation is broken and should not be >running in production. While that may be true, you must be aware that headers are forged and with that in mind you have to be careful when you blacklist someone. I would suggest you leave abuse open and allow then to reply to that account. However, it is up to you. Some times others deserve a second chance as much as I hate spam, I have to be somewhat considerate. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
>If you are blacklisted, you are there for a reason. >Either your server allows relay or you are not RFC >compliant. Either way, in 99% of the cases, the mail >server implementation is broken and should not be >running in production. While that may be true, you must be aware that headers are forged and with that in mind you have to be careful when you blacklist someone. I would suggest you leave abuse open and allow then to reply to that account. However, it is up to you. Some times others deserve a second chance as much as I hate spam, I have to be somewhat considerate. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
Title: Message John,Why don't you keep this on a professional level and keep your snide little comments to yourself?I manage 4 ISP's John with revenues over 5 million a year. Declude is a godsend to us as some over our clients have been receiving over 200 spam emails a day to a single POP account. If you are blacklisted, you are there for a reason. Either your server allows relay or you are not RFC compliant. Either way, in 99% of the cases, the mail server implementation is broken and should not be running in production. Trust me when I say that they find out VERY quickly that they can't send mail to half the world when they are violating spam AUPs. It is not my responsibility to baby sit those people or tell them how to run their mail servers. They will have to learn the hard way that spam is unacceptable and won't be tolerated on most networks.Spam is a huge issue that costs ISPs millions in man-hours and bandwidth. We do not tolerate blacklisted SMTP servers, period.And yes... I would love to have the revenues of AOL, RoadRunner, SBC or PacBell. They all delete blacklisted mail and report the issue back to the sending ISPs via logging (which is totally acceptable). A good email admin would simply need to investigate his logs to find out why their mail is rejected around half the planet. If more ISPs took a hard line on spam, there would not be the huge problem that it is today.Regards,Phillip B. HolmesMedia Resolutions Inc.Macromedia Alliance Partnerhttp://www.mediares.com[EMAIL PROTECTED]1-888-395-4678 ext. 101972-889-0201 ext. 101/* Please send support requests to[EMAIL PROTECTED] */Failure is not falling down but refusing to get up.--- Chinese Proverb-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John TolmachoffSent: Thursday, November 28, 2002 12:43 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?>If you have earned a place on the blacklists, you wont be sending mailto my networks.Oh wait, I get it, he wants to be AOL.John Tolmachoff MCSE, CSSAIT Manager, Network EngineerRelianceSoft, Inc.Fullerton, CA 92835www.reliancesoft.com---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
>If you have earned a place on the blacklists, you wont be sending mail to my networks. Oh wait, I get it, he wants to be AOL. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Wired: Archive: Fresh Spam for Everyone
http://www.wired.com/news/technology/0,1282,56624,00.html http://www.spamarchive.org/ Good place to soon begin building super Declude filters? -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com -- ActivatorMail(tm) ver.082302 Scanned for all viruses by www.activatormail.com intelligent anti-virus anti-spam service --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
John.. I commented on blacklists only.. i.e. spamcop, open relay db, etc... NOT badheaders, revdns etc. I do not kill email based on REVDNS or badheaders.. I hold mail based on weight 20 (based on those criteria). Bottom line: If you have earned a place on the blacklists, you wont be sending mail to my networks. Regards, Phillip B. Holmes Media Resolutions Inc. Macromedia Alliance Partner http://www.mediares.com [EMAIL PROTECTED] 1-888-395-4678 ext. 101 972-889-0201 ext. 101 /* Please send support requests to [EMAIL PROTECTED] */ Failure is not falling down but refusing to get up.--- Chinese Proverb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, November 28, 2002 11:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail? >Ah. Well, there it is. >My opinion still stands. If clients are on the blacklists, there is no >point in receiving mail from them AT ALL. Screw em till they remove >themselves... Just my opinion. I am sorry you feel that way. What about the new mail admin at a company taking over a g*d awfull mess left by the last one and is trying to contact of mail admins to help clear things up? Or what about the mail admin that has to change to a new IP and finds that IP address listed on many spam databases until he can work through them and get it cleaned up? What about the company that sets up a new web server, but the programmer has an error in the code that ends up allowing some one to relay, or creates messages in a way that they fail SPAMHEADERS, BADHEADERS, BASE64, REVDNS and such? What about the mail admin that made a mistake and set the relay settings wrong allowing a spammer in? Or what about the user with a password so simple whereby a spammer finds it and starts sending out large amounts of spam via that user, causing the server to be blacklisted? I was face with the first scenario about 15 months ago. Fortunately, I was able to contact a "postmaster" at AOL who was very helpful and helped to clean up the mess rather quickly. If he had your opinion, how much longer would it have taken for me to figure out what was wrong and how to fix it? We are talking about allowing mail to two accounts as required by RFC, postmaster and abuse. That way, no matter what happens, at least there will be a way to communicate. You are taking an awfull hard stance on an issue that does not really need it. Reminds me of a infamaus quote, "Is this the hill you want to die on?" John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
John - Great quote! John has provided great examples why we give these two items super low weight values. Michael Jaworski Puget Sound Network, Inc. Seattle, WA http://www.psni.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Thursday, November 28, 2002 9:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail? >Ah. Well, there it is. >My opinion still stands. If clients are on the blacklists, there is no >point in receiving mail from them AT ALL. >Screw em till they remove themselves... Just my opinion. I am sorry you feel that way. What about the new mail admin at a company taking over a g*d awfull mess left by the last one and is trying to contact of mail admins to help clear things up? Or what about the mail admin that has to change to a new IP and finds that IP address listed on many spam databases until he can work through them and get it cleaned up? What about the company that sets up a new web server, but the programmer has an error in the code that ends up allowing some one to relay, or creates messages in a way that they fail SPAMHEADERS, BADHEADERS, BASE64, REVDNS and such? What about the mail admin that made a mistake and set the relay settings wrong allowing a spammer in? Or what about the user with a password so simple whereby a spammer finds it and starts sending out large amounts of spam via that user, causing the server to be blacklisted? I was face with the first scenario about 15 months ago. Fortunately, I was able to contact a "postmaster" at AOL who was very helpful and helped to clean up the mess rather quickly. If he had your opinion, how much longer would it have taken for me to figure out what was wrong and how to fix it? We are talking about allowing mail to two accounts as required by RFC, postmaster and abuse. That way, no matter what happens, at least there will be a way to communicate. You are taking an awfull hard stance on an issue that does not really need it. Reminds me of a infamaus quote, "Is this the hill you want to die on?" John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
>Ah. Well, there it is. >My opinion still stands. If clients are on the blacklists, there is no >point in receiving mail from them AT ALL. >Screw em till they remove themselves... Just my opinion. I am sorry you feel that way. What about the new mail admin at a company taking over a g*d awfull mess left by the last one and is trying to contact of mail admins to help clear things up? Or what about the mail admin that has to change to a new IP and finds that IP address listed on many spam databases until he can work through them and get it cleaned up? What about the company that sets up a new web server, but the programmer has an error in the code that ends up allowing some one to relay, or creates messages in a way that they fail SPAMHEADERS, BADHEADERS, BASE64, REVDNS and such? What about the mail admin that made a mistake and set the relay settings wrong allowing a spammer in? Or what about the user with a password so simple whereby a spammer finds it and starts sending out large amounts of spam via that user, causing the server to be blacklisted? I was face with the first scenario about 15 months ago. Fortunately, I was able to contact a "postmaster" at AOL who was very helpful and helped to clean up the mess rather quickly. If he had your opinion, how much longer would it have taken for me to figure out what was wrong and how to fix it? We are talking about allowing mail to two accounts as required by RFC, postmaster and abuse. That way, no matter what happens, at least there will be a way to communicate. You are taking an awfull hard stance on an issue that does not really need it. Reminds me of a infamaus quote, "Is this the hill you want to die on?" John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail?
Ah. Well, there it is. My opinion still stands. If clients are on the blacklists, there is no point in receiving mail from them AT ALL. Screw em till they remove themselves... Just my opinion. Regards, Phillip B. Holmes Media Resolutions Inc. Macromedia Alliance Partner http://www.mediares.com [EMAIL PROTECTED] 1-888-395-4678 ext. 101 972-889-0201 ext. 101 /* Please send support requests to [EMAIL PROTECTED] */ Failure is not falling down but refusing to get up.--- Chinese Proverb -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Wednesday, November 27, 2002 3:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Should postmaster or abuse accept all e-mail? >It has been my findings that most spam that really needs to be deleted comes from >servers that have neither a postmaster@ or abuse@. Personally, I feel its a waste of >resources to try and bounce it back to those addresses. If they have no A / MX >record and are on a blacklists, they need to be completely ignored :). Phillip, what they are talking about is receiving messages locally to the local abuse and postmaster accounts, not bouncing. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. BEGIN:VCARD VERSION:2.1 N:Holmes;Phillip;B. FN:Phillip B. Holmes ([EMAIL PROTECTED]) ORG:Media Resolutions Inc.;IT TITLE:Vice-President TEL;WORK;VOICE:(972) 889-0201 TEL;CELL;VOICE:(214) 537-2772 TEL;WORK;FAX:(972) 889-2355 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;1-888-395-4678;16415 Addison=0D=0ASuite 610;Addison;TX;75001;United States = of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:1-888-395-4678=0D=0A16415 Addison=0D=0ASuite 610=0D=0AAddison, TX 75001=0D= =0AUnited States of America URL;WORK:http://www.mediaresolutions.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20021114T064649Z END:VCARD
Re: [Declude.JunkMail] Unable to get filter to work
David, Thursday, November 28, 2002 you wrote: > I have added MYFILTER WARN to $default$.junkmail.txt and removed the > double quotes around the text file leaving > MYFILTERfilter c:\imail\declude\myfilter.txt x 0 0 The format appears to be correct. > I'm sent a few more test emails and the MYFILTER test isn't > appearing in the headers > I am quite puzzled. 1) filters are available for PRO version of DECLUDE only - so that might be the problem 2) check to see if the filter is being loaded - look in the declude log files - if it is not being loaded you'll see something like "Could not load filter file c:\imail\declude\notthere.txt" 3) It the filter is being loaded then there could be something wrong with the filter rules - you may have to turn on DEBUG logging to see that - common errors include misspelling and spaces 4) Or the filter rule may not be working on your test message as you expect - so you'd need to check that - Hth - Terry Fritts Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Unable to get filter to work
I have added MYFILTER WARN to $default$.junkmail.txt and removed the double quotes around the text file leaving MYFILTERfilter c:\imail\declude\myfilter.txt x 0 0 In global.cfg I'm sent a few more test emails and the MYFILTER test isn't appearing in the headers I am quite puzzled. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: 28 November 2002 13:52 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Unable to get filter to work >I have in my global.cfg file the line > >MYFILTER filter "c:\imail\declude\myfilter.txt" x 0 0 You'll need to remove the quotes. If you do that, the filter should work. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Unable to get filter to work
So much to learn...so little time... Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Thursday, November 28, 2002 07:52 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Unable to get filter to work >I have in my global.cfg file the line > >MYFILTER filter "c:\imail\declude\myfilter.txt" x 0 0 You'll need to remove the quotes. If you do that, the filter should work. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] allrecips function in ver 1.63
Ok, I'll claim ignorance here, what does the allrecips function do? -- Rich Griebel [EMAIL PROTECTED] http://www.kendra.com Scanned for Viruses using Declude and F-Prot --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Unable to get filter to work
David, It would have been nice if I mentioned that the line to be added is: MYFILTERWARN George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Lewis-Waller Sent: Thursday, November 28, 2002 8:42 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Unable to get filter to work Any help appreciated... I have in my global.cfg file the line MYFILTER filter "c:\imail\declude\myfilter.txt" x 0 0 myfilter.txt has the following lines MAILFROM -10 CONTAINS @talk21.com MAILFROM -10 CONTAINS @passport.com MAILFROM -10 CONTAINS @economist.com MAILFROM -10 CONTAINS .ft.com MAILFROM -10 CONTAINS .bbc.co.uk I hold email on a weight of 30. I have a test account with talk21.com which normally fails a number of tests resulting in a total weight of 33. I would have expected the weight to drop to 23 because of myfilter.txt but it doesn't. I tried silly numbers as well e.g. -60 but still end up with a total weight o 33. I'm obviously missing something fundamental. Sent email headers: Received: from wmpmta04-app.mail-store.com [194.73.242.6] by mail.nthost.co.uk with ESMTP (SMTPD32-7.13) id ACAC128E00CC; Thu, 28 Nov 2002 13:39:56 + Received: from wmpmtavirtual ([10.216.84.18]) by wmpmta04-app.mail-store.com with SMTP id <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> for <[EMAIL PROTECTED]>; Thu, 28 Nov 2002 13:39:55 + Received: from 62.189.235.109 by t21web08-lrs ([10.216.84.18]); Thu, 28 Nov 02 13:30:20 GMT+00:00 X-Mailer: talk21 v1.26 - http://talk21.btopenworld.com From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Talk21Ref: none Date: Thu, 28 Nov 2002 13:30:20 GMT+00:00 Subject: SPAM: (No Subject) Message-Id: <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [804f]. X-RBL-Warning: REVDNS: This E-mail was sent from a mail server 194.73.242.6 with no reverse DNS entry. X-RBL-Warning: SNIFFER: Message failed SNIFFER: 4. X-RBL-Warning: WEIGHT10: Weight of 33 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [194.73.242.6] X-Note: This E-mail was scanned by Declude JunkMail for evidence of spam. X-Note: This E-mail was sent from [No Reverse DNS] ([194.73.242.6]). Thanks in advance. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Patnode Sent: 28 November 2002 08:57 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BASE64 usage I have John. While Base64 is a great test, a number of newsletters and normal emails have come across using it. I have weakened my system to let these types of messages through and pull my hair out every time a spam gets through because of it. Dan On Wednesday, November 27, 2002 8:02, John Tolmachoff <[EMAIL PROTECTED]> wrote: >Even thought it has been determined that there is no legit REASON to >use BASE64 encoding in the body, I am finding and increasing use of it. > >Most of these are junk, but it has caught a number of legit messages. > >Therefore, I have downgraded BASE64 from 15 to 12. > >Any one experiencing similar? > >John Tolmachoff MCSE, CSSA >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Unable to get filter to work
David, You'll also have to put a line in your $default$.junkmail (and GLOBAL.CFG for outgoing) if you want to see the test result in the headers. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Lewis-Waller Sent: Thursday, November 28, 2002 8:42 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Unable to get filter to work Any help appreciated... I have in my global.cfg file the line MYFILTER filter "c:\imail\declude\myfilter.txt" x 0 0 myfilter.txt has the following lines MAILFROM -10 CONTAINS @talk21.com MAILFROM -10 CONTAINS @passport.com MAILFROM -10 CONTAINS @economist.com MAILFROM -10 CONTAINS .ft.com MAILFROM -10 CONTAINS .bbc.co.uk I hold email on a weight of 30. I have a test account with talk21.com which normally fails a number of tests resulting in a total weight of 33. I would have expected the weight to drop to 23 because of myfilter.txt but it doesn't. I tried silly numbers as well e.g. -60 but still end up with a total weight o 33. I'm obviously missing something fundamental. Sent email headers: Received: from wmpmta04-app.mail-store.com [194.73.242.6] by mail.nthost.co.uk with ESMTP (SMTPD32-7.13) id ACAC128E00CC; Thu, 28 Nov 2002 13:39:56 + Received: from wmpmtavirtual ([10.216.84.18]) by wmpmta04-app.mail-store.com with SMTP id <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> for <[EMAIL PROTECTED]>; Thu, 28 Nov 2002 13:39:55 + Received: from 62.189.235.109 by t21web08-lrs ([10.216.84.18]); Thu, 28 Nov 02 13:30:20 GMT+00:00 X-Mailer: talk21 v1.26 - http://talk21.btopenworld.com From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Talk21Ref: none Date: Thu, 28 Nov 2002 13:30:20 GMT+00:00 Subject: SPAM: (No Subject) Message-Id: <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [804f]. X-RBL-Warning: REVDNS: This E-mail was sent from a mail server 194.73.242.6 with no reverse DNS entry. X-RBL-Warning: SNIFFER: Message failed SNIFFER: 4. X-RBL-Warning: WEIGHT10: Weight of 33 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [194.73.242.6] X-Note: This E-mail was scanned by Declude JunkMail for evidence of spam. X-Note: This E-mail was sent from [No Reverse DNS] ([194.73.242.6]). Thanks in advance. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Patnode Sent: 28 November 2002 08:57 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BASE64 usage I have John. While Base64 is a great test, a number of newsletters and normal emails have come across using it. I have weakened my system to let these types of messages through and pull my hair out every time a spam gets through because of it. Dan On Wednesday, November 27, 2002 8:02, John Tolmachoff <[EMAIL PROTECTED]> wrote: >Even thought it has been determined that there is no legit REASON to >use BASE64 encoding in the body, I am finding and increasing use of it. > >Most of these are junk, but it has caught a number of legit messages. > >Therefore, I have downgraded BASE64 from 15 to 12. > >Any one experiencing similar? > >John Tolmachoff MCSE, CSSA >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Unable to get filter to work
I have in my global.cfg file the line MYFILTER filter "c:\imail\declude\myfilter.txt" x 0 0 You'll need to remove the quotes. If you do that, the filter should work. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Unable to get filter to work
You might try adding a value to the myfilter.txt MYFILTER filter "c:\imail\declude\myfilter.txt" x 5 0 It might think that the value of zero is telling it to bypass myfilter.txt Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Lewis-Waller Sent: Thursday, November 28, 2002 07:42 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Unable to get filter to work Any help appreciated... I have in my global.cfg file the line MYFILTER filter "c:\imail\declude\myfilter.txt" x 0 0 myfilter.txt has the following lines MAILFROM -10 CONTAINS @talk21.com MAILFROM -10 CONTAINS @passport.com MAILFROM -10 CONTAINS @economist.com MAILFROM -10 CONTAINS .ft.com MAILFROM -10 CONTAINS .bbc.co.uk I hold email on a weight of 30. I have a test account with talk21.com which normally fails a number of tests resulting in a total weight of 33. I would have expected the weight to drop to 23 because of myfilter.txt but it doesn't. I tried silly numbers as well e.g. -60 but still end up with a total weight o 33. I'm obviously missing something fundamental. Sent email headers: Received: from wmpmta04-app.mail-store.com [194.73.242.6] by mail.nthost.co.uk with ESMTP (SMTPD32-7.13) id ACAC128E00CC; Thu, 28 Nov 2002 13:39:56 + Received: from wmpmtavirtual ([10.216.84.18]) by wmpmta04-app.mail-store.com with SMTP id <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> for <[EMAIL PROTECTED]>; Thu, 28 Nov 2002 13:39:55 + Received: from 62.189.235.109 by t21web08-lrs ([10.216.84.18]); Thu, 28 Nov 02 13:30:20 GMT+00:00 X-Mailer: talk21 v1.26 - http://talk21.btopenworld.com From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Talk21Ref: none Date: Thu, 28 Nov 2002 13:30:20 GMT+00:00 Subject: SPAM: (No Subject) Message-Id: <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [804f]. X-RBL-Warning: REVDNS: This E-mail was sent from a mail server 194.73.242.6 with no reverse DNS entry. X-RBL-Warning: SNIFFER: Message failed SNIFFER: 4. X-RBL-Warning: WEIGHT10: Weight of 33 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [194.73.242.6] X-Note: This E-mail was scanned by Declude JunkMail for evidence of spam. X-Note: This E-mail was sent from [No Reverse DNS] ([194.73.242.6]). Thanks in advance. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Patnode Sent: 28 November 2002 08:57 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BASE64 usage I have John. While Base64 is a great test, a number of newsletters and normal emails have come across using it. I have weakened my system to let these types of messages through and pull my hair out every time a spam gets through because of it. Dan On Wednesday, November 27, 2002 8:02, John Tolmachoff <[EMAIL PROTECTED]> wrote: >Even thought it has been determined that there is no legit REASON to >use BASE64 encoding in the body, I am finding and increasing use of it. > >Most of these are junk, but it has caught a number of legit messages. > >Therefore, I have downgraded BASE64 from 15 to 12. > >Any one experiencing similar? > >John Tolmachoff MCSE, CSSA >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Unable to get filter to work
Any help appreciated... I have in my global.cfg file the line MYFILTER filter "c:\imail\declude\myfilter.txt" x 0 0 myfilter.txt has the following lines MAILFROM -10 CONTAINS @talk21.com MAILFROM -10 CONTAINS @passport.com MAILFROM -10 CONTAINS @economist.com MAILFROM -10 CONTAINS .ft.com MAILFROM -10 CONTAINS .bbc.co.uk I hold email on a weight of 30. I have a test account with talk21.com which normally fails a number of tests resulting in a total weight of 33. I would have expected the weight to drop to 23 because of myfilter.txt but it doesn't. I tried silly numbers as well e.g. -60 but still end up with a total weight o 33. I'm obviously missing something fundamental. Sent email headers: Received: from wmpmta04-app.mail-store.com [194.73.242.6] by mail.nthost.co.uk with ESMTP (SMTPD32-7.13) id ACAC128E00CC; Thu, 28 Nov 2002 13:39:56 + Received: from wmpmtavirtual ([10.216.84.18]) by wmpmta04-app.mail-store.com with SMTP id <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> for <[EMAIL PROTECTED]>; Thu, 28 Nov 2002 13:39:55 + Received: from 62.189.235.109 by t21web08-lrs ([10.216.84.18]); Thu, 28 Nov 02 13:30:20 GMT+00:00 X-Mailer: talk21 v1.26 - http://talk21.btopenworld.com From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Talk21Ref: none Date: Thu, 28 Nov 2002 13:30:20 GMT+00:00 Subject: SPAM: (No Subject) Message-Id: <20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual> X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [804f]. X-RBL-Warning: REVDNS: This E-mail was sent from a mail server 194.73.242.6 with no reverse DNS entry. X-RBL-Warning: SNIFFER: Message failed SNIFFER: 4. X-RBL-Warning: WEIGHT10: Weight of 33 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [194.73.242.6] X-Note: This E-mail was scanned by Declude JunkMail for evidence of spam. X-Note: This E-mail was sent from [No Reverse DNS] ([194.73.242.6]). Thanks in advance. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Patnode Sent: 28 November 2002 08:57 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BASE64 usage I have John. While Base64 is a great test, a number of newsletters and normal emails have come across using it. I have weakened my system to let these types of messages through and pull my hair out every time a spam gets through because of it. Dan On Wednesday, November 27, 2002 8:02, John Tolmachoff <[EMAIL PROTECTED]> wrote: >Even thought it has been determined that there is no legit REASON to >use BASE64 encoding in the body, I am finding and increasing use of it. > >Most of these are junk, but it has caught a number of legit messages. > >Therefore, I have downgraded BASE64 from 15 to 12. > >Any one experiencing similar? > >John Tolmachoff MCSE, CSSA >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >"unsubscribe Declude.JunkMail". The archives can be found at >http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BASE64 usage
I have John. While Base64 is a great test, a number of newsletters and normal emails have come across using it. I have weakened my system to let these types of messages through and pull my hair out every time a spam gets through because of it. Dan On Wednesday, November 27, 2002 8:02, John Tolmachoff <[EMAIL PROTECTED]> wrote: >Even thought it has been determined that there is no legit REASON to use >BASE64 encoding in the body, I am finding and increasing use of >it. > >Most of these are junk, but it has caught a number of legit >messages. > >Therefore, I have downgraded BASE64 from 15 to 12. > >Any one experiencing similar? > >John Tolmachoff MCSE, CSSA >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Charset filter.
Thank you, Very very much!!! I've been bashing my head trying to get this to work... Sincerely, Eddie :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Heinrich Richter Sent: Wednesday, November 27, 2002 10:18 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Charset filter. Hi Eddie, we receive a lot of SPAM from Korea. For this reason we have set up a filter by charset and assign this mails a high weight. This works very good for us. Following is the context of the korea.txt file. HEADERS 15 CONTAINS big5 HEADERS 15 CONTAINS euc-kr HEADERS 15 CONTAINS gb2312 HEADERS 15 CONTAINS iso-2022-jp HEADERS 15 CONTAINS iso-2022-kr HEADERS 15 CONTAINS ks_c Heinrich - Original Message - From: "eddie pang" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 8:39 AM Subject: [Declude.JunkMail] Charset filter. > Does anyone check the charset of a email? > > We are receiving a bunch of korean emails from hotmail and yahoo, I was > wondering if anyone has setup a filter isolating emails by charsets? > > Thanks, > Eddie :) > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > - > [This E-mail was scanned for viruses by Declude Virus/F-Prot] > > - [This E-mail was scanned for viruses by Declude Virus/F-Prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Charset filter.
Hi Eddie, we receive a lot of SPAM from Korea. For this reason we have set up a filter by charset and assign this mails a high weight. This works very good for us. Following is the context of the korea.txt file. HEADERS 15 CONTAINS big5 HEADERS 15 CONTAINS euc-kr HEADERS 15 CONTAINS gb2312 HEADERS 15 CONTAINS iso-2022-jp HEADERS 15 CONTAINS iso-2022-kr HEADERS 15 CONTAINS ks_c Heinrich - Original Message - From: "eddie pang" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 8:39 AM Subject: [Declude.JunkMail] Charset filter. > Does anyone check the charset of a email? > > We are receiving a bunch of korean emails from hotmail and yahoo, I was > wondering if anyone has setup a filter isolating emails by charsets? > > Thanks, > Eddie :) > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > - > [This E-mail was scanned for viruses by Declude Virus/F-Prot] > > - [This E-mail was scanned for viruses by Declude Virus/F-Prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.