RE: [Declude.JunkMail] Filtering E-Greetings
Scott should back me up or correct me on this. I think that you can configure multiple test lines using Message Sniffer where each line looks for a specific return value instead of nonzero. Something like the following... SNIFFERSPAM external 63 SNIFFERSCUM external 62 Note the 63 and 62 take the place of nonzero... I think there is also an optimization in there that ensures Message Sniffer is called only once if the same command line is used and that the result code from the single call will be evaluated against the external test lines... I think that's right... It's been a while since I visited with Scott on this. Hope this helps, _M ]-Original Message- ]From: [EMAIL PROTECTED] ][mailto:[EMAIL PROTECTED]]On Behalf Of Mike Nice ]Sent: Wednesday, December 04, 2002 7:49 PM ]To: [EMAIL PROTECTED] ]Subject: Re: [Declude.JunkMail] Filtering E-Greetings ] ] ]How can we catch symbol 62 differently? V2 is configured as 'nonzero', ]meaning that all return codes other than zero are logged and treated alike ]by Declude. ] ]- Original Message - ]From: "Madscientist" <[EMAIL PROTECTED]> ]Subject: RE: [Declude.JunkMail] Filtering E-Greetings ] ] ]> Sniffer version 2 is out now. Scumware rules have a special symbol 62. ]> You could look for that specific result code and treat it specially. ] ]--- ][This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering E-Greetings
How can we catch symbol 62 differently? V2 is configured as 'nonzero', meaning that all return codes other than zero are logged and treated alike by Declude. - Original Message - From: "Madscientist" <[EMAIL PROTECTED]> Subject: RE: [Declude.JunkMail] Filtering E-Greetings > Sniffer version 2 is out now. Scumware rules have a special symbol 62. > You could look for that specific result code and treat it specially. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filtering E-Greetings
Message Sniffer Version 2 has been officially released. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of | Sheldon Koehler | Sent: Wednesday, December 04, 2002 7:01 PM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Filtering E-Greetings | | | > Sniffer version 2 is out now. Scumware rules have a special | symbol 62. | > You could look for that specific result code and treat it | specially. | > Currently all other spam rules are coded to the "generic" | group with a | > symbol of 63. | | Is this still in beta? I will have to take a closer look at | it tomorrow then. This is what I have been patiently waiting for! | | Sheldon | | | Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com | Ten Forward Communications 360-457-9023 | Nationwide access, neighborhood support! | | "Whenever you find yourself on the side of the majority, it's | time to pause and reflect." Mark Twain | | | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering E-Greetings
> Sniffer version 2 is out now. Scumware rules have a special symbol 62. > You could look for that specific result code and treat it specially. > Currently all other spam rules are coded to the "generic" group with a > symbol of 63. Is this still in beta? I will have to take a closer look at it tomorrow then. This is what I have been patiently waiting for! Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filtering E-Greetings
Sniffer version 2 is out now. Scumware rules have a special symbol 62. You could look for that specific result code and treat it specially. Currently all other spam rules are coded to the "generic" group with a symbol of 63. That should make it simpler. Hope this helps, _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of | Sheldon Koehler | Sent: Wednesday, December 04, 2002 5:51 PM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Filtering E-Greetings | | | Since we have to use Sniffer as a weighted test and these are | only failing the Sniffer test, how can I safely block these greetings? | | We have too high of a volume to hold email as it would take a | full time staff person to just search the rejects, so we are | forced to delete. | | | Sheldon | | | Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com | Ten Forward Communications 360-457-9023 | Nationwide access, neighborhood support! | | "Whenever you find yourself on the side of the majority, it's | time to pause and reflect." Mark Twain | | | | - Original Message - | From: "Madscientist" <[EMAIL PROTECTED]> | To: <[EMAIL PROTECTED]> | Sent: Tuesday, December 03, 2002 2:25 PM | Subject: RE: [Declude.JunkMail] Filtering E-Greetings | | | > Junkmail with Message Sniffer will also handle it. | > | > All of these and more are included in the Message Sniffer "Scumware | > Greetings" rule group (Symbol 62). We are still looking for | a reliable | > source for additional domains as they arise. | > | > This was an experimental group but we have had no false positive | > reports on these rules so it looks like it will stay in place. | > | > _M | > | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: The Spam Battle 2002: A Tactical Update
> An excellent article for mail admins... > > http://rr.sans.org/email/spam_battle.php Thanks!!! I now have a new tagline signiture... Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! "He who sends a message by the hand of a fool Cuts off his own feet and drinks violence." -- Proverbs 26:6 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering E-Greetings
Since we have to use Sniffer as a weighted test and these are only failing the Sniffer test, how can I safely block these greetings? We have too high of a volume to hold email as it would take a full time staff person to just search the rejects, so we are forced to delete. Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! "Whenever you find yourself on the side of the majority, it's time to pause and reflect." Mark Twain - Original Message - From: "Madscientist" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, December 03, 2002 2:25 PM Subject: RE: [Declude.JunkMail] Filtering E-Greetings > Junkmail with Message Sniffer will also handle it. > > All of these and more are included in the Message Sniffer "Scumware > Greetings" rule group (Symbol 62). We are still looking for a reliable > source for additional domains as they arise. > > This was an experimental group but we have had no false positive reports > on these rules so it looks like it will stay in place. > > _M > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Black list domain
Good question, I was seeing the same thing, but I don't believe wildcards work here. Hope I'm wrong. Scott? No, it isn't possible to use wildcards. However, given how many people have been requesting more comprehensive filtering abilities, it's something that we may work on. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Black list domain
Title: Black list domain Good question, I was seeing the same thing, but I don't believe wildcards work here. Hope I'm wrong. Scott? Paul - Original Message - From: Harry Vanderzand To: [EMAIL PROTECTED] Sent: Wednesday, December 04, 2002 5:11 PM Subject: [Declude.JunkMail] Black list domain Hi I am getting a lot of Spam from domains like: @listsend4586.com The spammers tend to use a lot of variation of the same domain by varying the numbers. I know I can blacklist .domain.com Can I blacklist @listsend*.com where * can be anything? Hope I made sense to you thanks Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W. Kitchener, ON N2M 1L2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sanford Whiteman Sent: Wednesday, December 04, 2002 4:18 PM To: Ron Harris Subject: Re[2]: [Declude.JunkMail] false positives > Since I have been using the ROUTETO command, can I somehow forward > the message to the intended recipient... Yes, The Bat! does this readily. > ...without the user realizing I monitored it? Not in a commercial MUA that I'm aware of, since they add headers that traced the message route. There are definitely products designed with this purpose, though, like the Usenet moderator apps. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: The Spam Battle 2002: A Tactical Update
An excellent article for mail admins... http://rr.sans.org/email/spam_battle.php --- [This E-mail scanned for viruses by Declude/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Black list domain
Title: Black list domain Hi I am getting a lot of Spam from domains like: @listsend4586.com The spammers tend to use a lot of variation of the same domain by varying the numbers. I know I can blacklist .domain.com Can I blacklist @listsend*.com where * can be anything? Hope I made sense to you thanks Harry Vanderzand inTown Internet & Computer Services 11 Belmont Ave. W. Kitchener, ON N2M 1L2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sanford Whiteman Sent: Wednesday, December 04, 2002 4:18 PM To: Ron Harris Subject: Re[2]: [Declude.JunkMail] false positives > Since I have been using the ROUTETO command, can I somehow forward > the message to the intended recipient... Yes, The Bat! does this readily. > ...without the user realizing I monitored it? Not in a commercial MUA that I'm aware of, since they add headers that traced the message route. There are definitely products designed with this purpose, though, like the Usenet moderator apps. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] false positives
> Since I have been using the ROUTETO command, can I somehow forward > the message to the intended recipient... Yes, The Bat! does this readily. > ...without the user realizing I monitored it? Not in a commercial MUA that I'm aware of, since they add headers that traced the message route. There are definitely products designed with this purpose, though, like the Usenet moderator apps. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] change HOLD location
> Is there a way to change the location of HOLD messages from the > default? You can use an NTFS mount point to put it on another physical partition, though it's still just one folder. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] false positives
Can you recommend an e-mail client to read mail and redirect it to the proper recipient? I'll look into the Imail Client. Ron -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, December 04, 2002 12:59 PM To: [EMAIL PROTECTED] Subject:RE: [Declude.JunkMail] false positives >I use the ROUTETO command and I view them through web messaging. Should I >view them another way? That's up to you -- using the ROUTETO action, they are treated as regular E-mail, and the methods of handling them are based solely on the type of mail client you are using. >Since I have been using the ROUTETO command, can I somehow forward the >message to the intended recipient without the user realizing I monitored it? That depends on the mail client that you are using. Some have a "redirect" or similar option that may work. Another option would be to use the IMail Client, but there was some serious flaw with that in a recent version if I recall correctly. >If I were to start using the HOLD command, how would I view them to >determine if they are false positives? You can use Notepad or any other program that can view standard text files. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] false positives
I use the ROUTETO command and I view them through web messaging. Should I view them another way? That's up to you -- using the ROUTETO action, they are treated as regular E-mail, and the methods of handling them are based solely on the type of mail client you are using. Since I have been using the ROUTETO command, can I somehow forward the message to the intended recipient without the user realizing I monitored it? That depends on the mail client that you are using. Some have a "redirect" or similar option that may work. Another option would be to use the IMail Client, but there was some serious flaw with that in a recent version if I recall correctly. If I were to start using the HOLD command, how would I view them to determine if they are false positives? You can use Notepad or any other program that can view standard text files. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] false positives
I use the ROUTETO command and I view them through web messaging. Should I view them another way? Since I have been using the ROUTETO command, can I somehow forward the message to the intended recipient without the user realizing I monitored it? If I were to start using the HOLD command, how would I view them to determine if they are false positives? Thanks. Ron PS: is there a knowledge base I could find with these answers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, November 22, 2002 8:40 AM To: [EMAIL PROTECTED] Subject:Re: [Declude.JunkMail] false positives >I route e-mail which fail my several tests to another mailbox using the >ROUTETO command in the $default$.junkmail file. I have been sifting through >these messages looking for false positives and I would like to know the >easiest way (or preferred method) of sending the false positives to the >intended recipient. Any recommendations? Using the ROUTETO action, that all depends on what you use to view the mail. The recipient may or may not be able to detect that the E-mail was monitored. If you instead use the HOLD action, you can move the D*.SMD and corresponding Q*.SMD files back to the spool directory, where IMail will deliver them. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude catching emails with a WEIGHT10
Perhaps someone can shed some light on this. I've got junkMail running using a weight system. If an email gets a weight of less that 18 it is passed on to the receipient. Today however, I'm getting legit emails from a particular client that is being caught and forwarded to my catchall account as spam eventhough it's weight is only 10. The tests it's failing is ORDB and OSRELAY. Any reason JunkMail would be doing this? Are you sure that it is only failing those two tests? What weight do you have assigned to those tests (with the default weights, the total would only be 10, as you suggest). Are there any other tests that have an action that forwards the E-mail to your catchall account? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude catching emails with a WEIGHT10
Hello All, Perhaps someone can shed some light on this. I've got junkMail running using a weight system. If an email gets a weight of less that 18 it is passed on to the receipient. Today however, I'm getting legit emails from a particular client that is being caught and forwarded to my catchall account as spam eventhough it's weight is only 10. The tests it's failing is ORDB and OSRELAY. Any reason JunkMail would be doing this? Troy Hilton SofWerks LLC. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY: What a pain
So here is the deal: we have an IP address that is list/or reported (who knows) with OSRELAY (http://relays.osirusoft.com/) as an open relay. Me and another engineer have been on site trying to figure out how to de-list this IP address. You can de-list it by making sure that it is no longer an open relay. :) There is no confirmation of a test being successful or failed. There is no telling whatsoever how they determined an open relay. I thought that Osirusoft listed information about open relays. If not, have you checked your IMail log files to see if one of their tests got through? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] change HOLD location
That is a bummer, I'm using xcopy to backup files from one computer to another, and the hold directly can have as many as 3000 messages over the weekend (which is big plug for the effectiveness of declude) thanks, andy - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 04, 2002 11:51 AM Subject: Re: [Declude.JunkMail] change HOLD location > > >Is there a way to change the location of HOLD messages from the default? > > No, there isn't, but that is something we are planning to change. > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] change HOLD location
Is there a way to change the location of HOLD messages from the default? No, there isn't, but that is something we are planning to change. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] change HOLD location
Is there a way to change the location of HOLD messages from the default? Thanks, andrew --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OSRELAY: What a pain
Good morning all, In advance I would like to apologize for posting this email but my purpose of this email are accomplishing two things: 1. Us internet technologist to be motivated to communicate in human language 2. Ask the experts or troopers who dealt with this issue and share their inputs So here is the deal: we have an IP address that is list/or reported (who knows) with OSRELAY (http://relays.osirusoft.com/) as an open relay. Me and another engineer have been on site trying to figure out how to de-list this IP address. We even tested the mail server through http://abuse.net/relay.html and everything looks fine. After making sure that we have no open relay we initiated a rested as instructed at http://relays.osirusoft.com/ several times but we are still listed. There is no confirmation of a test being successful or failed. There is no telling whatsoever how they determined an open relay. All we see at http://relays.osirusoft.com/cgi-bin/rbcheck.cgi is a funky crying baby which is not funny and looks really irrelevant to this serious issue and bunch of report with not enough instruction/explanation. Anyway after all this complaining. Does anyone know: 1. Any hints on what else to do? 2. Has anyone else been as frustrated and drained as we are dealing with this issue? 3. Is there a place that we can take this complaint to and possibly work on either improving OSRELAY system or ban the system internationally? All this does is to cause more work and more headache within a business sector (technology) that has been hurt and works with small staff and low margin. Thanks in Advance Mishi --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Weight10 test not tripped
Scott, In the headers. No whitelists, no weight changes. I've included the headers below. Also, attached is the global.cfg file Thanks for your help, Steve Received: from bellsouth.net [200.168.14.67] by mail.tmlp.com (SMTPD32-7.06) id ACE418F100DA; Wed, 04 Dec 2002 05:45:56 -0500 Received: from rly-yk04.aolmd.com ([180.44.230.174]) by hd.ressort.net with esmtp; 04 Dec 2002 21:46:09 -1100 Reply-To: <[EMAIL PROTECTED]> Message-ID: <038a44d50a8b$1364d4c7$1ec27bb0@omqkvu> From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Lose Fat and Gain Energy with this Date: Wed, 04 Dec 2002 06:37:43 +0400 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_00D5_51D07B4D.B1006B77" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Importance: Normal X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: BASE64: An binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-Declude-Sender: [EMAIL PROTECTED] [200.168.14.67] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOPOSTMASTER, BASE64, ROUTING X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 328121640 Received: from mmids01.email-ware.com [65.216.216.197] by mail.tmlp.com with ESMTP (SMTPD32-7.06) id AA1585A30126; Tue, 03 Dec 2002 11:21:41 -0500 Received: from mmirp01 ([192.168.1.217]) by mmids01.email-ware.com with Microsoft SMTPSVC(5.0.2195.5329); Tue, 3 Dec 2002 11:14:52 -0500 Message-ID: <5064276.1038932302937.JavaMail.SYSTEM@mmirp01> FROM: DoveBid Auctions <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Bid 12/12 in Agilent Technologies Product Auction Mime-Version: 1.0 Content-Type: multipart/alternative; charset=iso-8859-1; boundary="=_Part_28043_485343.1038932302921" X-CQ_RECIP_ID: 351 X-Cq_Job: 8373 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 03 Dec 2002 16:14:52.0718 (UTC) FILETIME=[1C90F4E0:01C29AE7] Date: 3 Dec 2002 11:14:52 -0500 X-RBL-Warning: HELOBOGUS: Domain mmids01.email-ware.com has no MX/A records. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 65.216.216.197 with no reverse DNS entry. X-Declude-Sender: [EMAIL PROTECTED] [65.216.216.197] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: HELOBOGUS, REVDNS X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 328121635 Received: from ns2.dscga.com [207.120.28.7] by mail.tmlp.com (SMTPD32-7.06) id A7327E430074; Tue, 03 Dec 2002 16:50:42 -0500 Content-type: text/html Received: from () by with SMTP; To: (list) From: [EMAIL PROTECTED] Subject: Nude Teens Cybersexing With Their Webcams! Message-Id: <[EMAIL PROTECTED]> X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020420c]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020420c]. X-Declude-Sender: [EMAIL PROTECTED] [207.120.28.7] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, SPAMHEADERS Date: Tue, 3 Dec 2002 16:50:43 -0500 X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 300214377 - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 04, 2002 9:52 AM Subject: Re: [Declude.JunkMail] Weight10 test not tripped > > >I'm a relatively new user of JunkMail. I've recently seem several emails > >fail the following combinations of tests yet not trip the Weight10 test: > > > >NOPOSTMASTER, BASE64 and ROUTING > >HELOBOGUS, REVDNS > >BADHEADERS, SPAMHEADERS > > > >Anyone else have similar experiences...what could I do (if anything) to > >help this situation. > > Where are you seeing that the E-mails fail those tests (in the headers, or > in the log file)? > > Could those E-mails be whitelisted? Did you change any of the weights for > those tests? > > If you E-mail me your \IMail\Declude\global.cfg file, I may be able to > figure out what the problem is. > -Scott > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > GLOBAL.CFG Description: Binary data
Re: [Declude.JunkMail] Weight10 test not tripped
In the headers. No whitelists, no weight changes. I've included the headers below. Also, attached is the global.cfg file The problem here is that the weight of the E-mail isn't greater than 10. The line: IPNOTINMX ipnotinmx x x 0 -4 will give an E-mail -4 points if it is sent from an IP address listed in the MX Records for the domain of the sender (since very few spammers send mail from the proper mailserver). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Weight10 test not tripped
I'm a relatively new user of JunkMail. I've recently seem several emails fail the following combinations of tests yet not trip the Weight10 test: NOPOSTMASTER, BASE64 and ROUTING HELOBOGUS, REVDNS BADHEADERS, SPAMHEADERS Anyone else have similar experiences...what could I do (if anything) to help this situation. Where are you seeing that the E-mails fail those tests (in the headers, or in the log file)? Could those E-mails be whitelisted? Did you change any of the weights for those tests? If you E-mail me your \IMail\Declude\global.cfg file, I may be able to figure out what the problem is. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Weight10 test not tripped
Folks, I'm a relatively new user of JunkMail. I've recently seem several emails fail the following combinations of tests yet not trip the Weight10 test: NOPOSTMASTER, BASE64 and ROUTING HELOBOGUS, REVDNS BADHEADERS, SPAMHEADERS Anyone else have similar experiences...what could I do (if anything) to help this situation. TIA Steve --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] more on spamcop
My latest incident with spamcop - A client has an Order Confirmation auto-responder. To get the message you have to send an e-mail to the auto-responder. The auto-responder is not on our server - only the web site. The auto-responder message was reported to spamcop. We think it was sent by a program. We weren't blocked on this incident but we were reported because the client's web site url appears in the auto-responder message. The previous incident is equally interesting. A client has a web form that allows mail to be sent to staff. Someone completed the web form and sent a message to the admin who is also a staff person. The admin received the message, decided it was spam, and sent it to spamcop. Spamcop then listed us for 2 hours. We discovered we were listed because mail to the client began failing - because the client's mail server blocks on spamcop. This sounds easy to figure out now but it wasn't so easy to figure out when I was working on it. I agree it is kind of funny - a client blocking his own mail - except it blocked everyone else, too. The other bad thing is that spamcop did not notify me about the incident until 24 hours after it had occurred. Which was one reason I couldn't figure out what was going on. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] E - G r e e t i n g s Posts
Hi; You are right... This actually is the first time this has happened. Our weighing system is such that a score of 100+ is assigned to our Spam trap accounts. In almost 1 year this is the first time I am faced with this... Never thought a legitimate eMail could trigger so many traps. Of course the other problem came about when we switched from Whitelisting eMails to assigning Negative Weight. Declude domain should have been Whitelisted rather than Negative listed. The eMail in question ranked over 350 since with a final rating of 250 and a negative weight of 100 it was way over every limit. Lots of lessons learned... & of course sorry folks for not changing my return receipt of the last eMail. Another lesson learned .. Never send a fast response before leaving for a meeting! (you should see my inbox..!)-- Grand Mistake! Also-- Spamcop does not automatically receive eMail. One has to go there and individually view them again and submit them. So in essence it is not all that automatic. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Tuesday, December 03, 2002 6:34 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] E - G r e e t i n g s Posts >Weight of 100+ is automatically forwarded to Spamcop. Is that a smart move? I think not. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
