RE: [Declude.JunkMail] Logging optimization question
I've seen that on our server a lot of DNS-based tests bring up very few positive results. So I've commentet them out at the moment. If I'm able to implement something to switch automaticaly between a normal- and a high-load-version of the cfg-file I will disable this tests at first in the high-load-version: OSRELAY 0.20% OSDUL 0.19% KOREASPAM 0.18% ORDB0.16% BHOLE-ARGENTINA 0.10% KUNDENSERVER0.06% WIREHUB-DNSBL 0.05% BHOLE-HONGKONG 0.05% BHOLE-RUSSIA0.04% Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Sunday, June 08, 2003 5:30 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Logging optimization question Scott, since we have been discussing optimization techniques on this list lately, I am wondering if in that effort you can do some logging optimization, as well. See the attached JM log snippet and you will notice that a single e-mail with 4 recipients gets written to the log 4 time, with each seceding From/To entry adding one additional recipient e-mail address: = 06/07/2003 19:53:57 Qa53d222d0090d085 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 213.184.130.86 ID: 94672138 --- 06/07/2003 19:53:57 Qa53d222d0090d085 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 213.184.130.86 ID: 94672138 --- 06/07/2003 19:53:57 Qa53d222d0090d085 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 213.184.130.86 ID: 94672138 --- 06/07/2003 19:53:57 Qa53d222d0090d085 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 213.184.130.86 ID: 94672138 = This one e-mail effectively added approximately 125 lines to my log file, when the only 35 would have given me all of the info I needed. What if the e-mail would have had 25 or 50 recipients listed--ouch! Any reason this cannot (or should not) be reduced to just a single e-mail entry with the From/To line showing all recipients? Maybe the same optimizations could be applied to the Virus logs, as well? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamIPs Test Idea
Another idea for a new test, a close cousin to the SpamDomains test: Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com (SMTPD32-7.15) id A288E80090; Fri, 06 Jun 2003 10:42:32 -0700 This message came from a road runner IP. How about a test where we build a list of CIDRs for a given ISP, then match it with all the domains those IPs use. In this case, the file entry would be (I know rr doesn't use .net) 24.208.0.0/14rr.com rr.net In this case, it would match the IP, look for both RR entries, find styggen.com and fail the message. That's a pretty neat idea. That would work well for ISPs that don't allow their customers to run a mailserver, as it would provide an easy way to catch (most) mail from spammers on their networks, while allowing the legitimate E-mail through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] FROM Sent from - detecting?
Would it be of any benefit if we could have a test that could indicate if the FROM address is different from that of the SEND FROM that Declude detects? A lot of SPAM comes from emails that the MAILFROM address is different from the SEND FROM that Declude identifies. This does sound like a good test. Although it would have some false positives (like the mailing lists, as you mentioned, as well as people whose mail clients may use a From: of [EMAIL PROTECTED] but have a return address of [EMAIL PROTECTED]), but it would probably catch quite a bit of spam. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SMTP authorized versus random email
Title: Message Hi; If we require SMTP authorization before an email is sent from our server then if I get an email that has my email in the FROM address is not sent by me has to have my email placed there randomly or as a means to bypass our filters. Right? Wrong? I guess if there was a way to mandate emails with From addresses that exist in the server have to pass certain criterion before being considered legitimately from the sender. One such test is simply knowing all the users on the server and treating those with certain criterion. Is there anyway this can be flagged or a header added for emails that are coming from the local user base and if so if they are authenticated or not? Regards, Kami
Re: [Declude.JunkMail] SpamIPs Test Idea
I'm not sure that I agree with this test. I use Earthlink DSL at home, and I never send out emails using my @earthlink.net address. I always use my personal or business address, neither of which are provided by Earthlink. I'd bet that a large percentage of DSL, Cable and Dial-up customers do not use the email account that their ISP provides, but they use their ISP's outgoing mail server because they are forced to due to port 25 filtering. Bill -Original Message- From: R. Scott Perry Sent: Sun, 08 Jun 2003 09:36:56 -0400 Subject: Re: [Declude.JunkMail] SpamIPs Test Idea Another idea for a new test, a close cousin to the SpamDomains test: Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com (SMTPD32-7.15) id A288E80090; Fri, 06 Jun 2003 10:42:32 -0700 This message came from a road runner IP. How about a test where we build a list of CIDRs for a given ISP, then match it with all the domains those IPs use. In this case, the file entry would be (I know rr doesn't use .net) 24.208.0.0/14rr.com rr.net In this case, it would match the IP, look for both RR entries, find styggen.com and fail the message. That's a pretty neat idea. That would work well for ISPs that don't allow their customers to run a mailserver, as it would provide an easy way to catch (most) mail from spammers on their networks, while allowing the legitimate E-mail through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamIPs Test Idea
Bill, Thats a good thing to keep in mind, however it wouldn't compare IP to MAILFROM, it would compare only IP to RDNS. It would only check for forged RNDS, not carring if you use @webmail.us. Here's an example from Road Runner: 24.88.0.13ae88-0-013.sc.rr.com Someone on this IP sending with their own domain (or even from their own email server), will still pass: 24.88.0.0/16 rr.com Dan On Sunday, June 8, 2003 11:49, Bill B. [EMAIL PROTECTED] wrote: I'm not sure that I agree with this test. I use Earthlink DSL at home, and I never send out emails using my @earthlink.net address. I always use my personal or business address, neither of which are provided by Earthlink. I'd bet that a large percentage of DSL, Cable and Dial-up customers do not use the email account that their ISP provides, but they use their ISP's outgoing mail server because they are forced to due to port 25 filtering. Bill -Original Message- From: R. Scott Perry Sent: Sun, 08 Jun 2003 09:36:56 -0400 Subject: Re: [Declude.JunkMail] SpamIPs Test Idea Another idea for a new test, a close cousin to the SpamDomains test: Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com (SMTPD32-7.15) id A288E80090; Fri, 06 Jun 2003 10:42:32 -0700 This message came from a road runner IP. How about a test where we build a list of CIDRs for a given ISP, then match it with all the domains those IPs use. In this case, the file entry would be (I know rr doesn't use .net) 24.208.0.0/14rr.com rr.net In this case, it would match the IP, look for both RR entries, find styggen.com and fail the message. That's a pretty neat idea. That would work well for ISPs that don't allow their customers to run a mailserver, as it would provide an easy way to catch (most) mail from spammers on their networks, while allowing the legitimate E-mail through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] KillListGen Utility
Does anyone have the KillListGen utility they can mail to me ... the link at nerosoft is broken, and email sent to them is returned as invalid user. Thanks, David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamIPs Test Idea
Thanks for the question Bill, Looking back at my original posting, I showed RNDS, then said all the domains those IPs use. The intent is to ignore MAILFROM (which Spam Domains already checks) and compare only IP with RDNS. Scott, Would that still be effective? Dan On Sunday, June 8, 2003 11:49, Bill B. [EMAIL PROTECTED] wrote: I'm not sure that I agree with this test. I use Earthlink DSL at home, and I never send out emails using my @earthlink.net address. I always use my personal or business address, neither of which are provided by Earthlink. I'd bet that a large percentage of DSL, Cable and Dial-up customers do not use the email account that their ISP provides, but they use their ISP's outgoing mail server because they are forced to due to port 25 filtering. Bill -Original Message- From: R. Scott Perry Sent: Sun, 08 Jun 2003 09:36:56 -0400 Subject: Re: [Declude.JunkMail] SpamIPs Test Idea Another idea for a new test, a close cousin to the SpamDomains test: Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com (SMTPD32-7.15) id A288E80090; Fri, 06 Jun 2003 10:42:32 -0700 This message came from a road runner IP. How about a test where we build a list of CIDRs for a given ISP, then match it with all the domains those IPs use. In this case, the file entry would be (I know rr doesn't use .net) 24.208.0.0/14rr.com rr.net In this case, it would match the IP, look for both RR entries, find styggen.com and fail the message. That's a pretty neat idea. That would work well for ISPs that don't allow their customers to run a mailserver, as it would provide an easy way to catch (most) mail from spammers on their networks, while allowing the legitimate E-mail through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamIPs Test Idea
Ahh, I get it. But it would have to compare the REMOTEIP to the HELO string, not to the REVDNS. Because styggen.com in the header below indicates the HELO string sent by the remote mail server, rather than the REVDNS value. Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com It would be difficult to maintain an accurate list of ISP CIDRs though. So what about a variation of this idea where the test would force REVDNS and HELO strings to contain a partial match. For example, an entry like this... .rr.com .rr.net ...would required a REVDNS that contains .rr.com, to use a HELO string containing either .rr.com or .rr.net. Or perhaps the other way around. Bill -Original Message- From: Dan Patnode Sent: 08 Jun 2003 12:47:11 -0700 Subject: Re: [Declude.JunkMail] SpamIPs Test Idea Thanks for the question Bill, Looking back at my original posting, I showed RNDS, then said all the domains those IPs use. The intent is to ignore MAILFROM (which Spam Domains already checks) and compare only IP with RDNS. Scott, Would that still be effective? Dan On Sunday, June 8, 2003 11:49, Bill B. [EMAIL PROTECTED] wrote: I'm not sure that I agree with this test. I use Earthlink DSL at home, and I never send out emails using my @earthlink.net address. I always use my personal or business address, neither of which are provided by Earthlink. I'd bet that a large percentage of DSL, Cable and Dial-up customers do not use the email account that their ISP provides, but they use their ISP's outgoing mail server because they are forced to due to port 25 filtering. Bill -Original Message- From: R. Scott Perry Sent: Sun, 08 Jun 2003 09:36:56 -0400 Subject: Re: [Declude.JunkMail] SpamIPs Test Idea Another idea for a new test, a close cousin to the SpamDomains test: Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com (SMTPD32-7.15) id A288E80090; Fri, 06 Jun 2003 10:42:32 -0700 This message came from a road runner IP. How about a test where we build a list of CIDRs for a given ISP, then match it with all the domains those IPs use. In this case, the file entry would be (I know rr doesn't use .net) 24.208.0.0/14rr.com rr.net In this case, it would match the IP, look for both RR entries, find styggen.com and fail the message. That's a pretty neat idea. That would work well for ISPs that don't allow their customers to run a mailserver, as it would provide an easy way to catch (most) mail from spammers on their networks, while allowing the legitimate E-mail through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamIPs Test Idea
Looking back at my original posting, I showed RNDS, then said all the domains those IPs use. The intent is to ignore MAILFROM (which Spam Domains already checks) and compare only IP with RDNS. Scott, Would that still be effective? Yes, I think the test would work with comparing to HELO/EHLO (but not for the return address). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] KillListGen Utility
KillListGen incoming via email Todd Smith Teksolvers, LLC 1077 Glenharbor Circle Winter Garden, FL 34787 407-877-8450 (phone) 407-877-8451 (fax) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Sunday, June 08, 2003 3:35 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] KillListGen Utility Does anyone have the KillListGen utility they can mail to me ... the link at nerosoft is broken, and email sent to them is returned as invalid user. Thanks, David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamIPs Test Idea
Yes Bill, HELO not RDNS (that keyboard virus sure gets around). I've been running a BadIP list for some time that maps the CIDRs of many ISPs (broadband ranges in particular). With 2500 entries, its on the heavy side but when a new range appears, the spammers find it and tell me about it. SpamIPs would essentially be a smart version of this. Interesting, comparing RDNS to HELO! Essentially, every comparison test is battling the same problem, forged headers. Spammers have software with fields for typing in all these things and they plug away. If we total them, the number of possible comparisons is awesome: MAILFROM vs HELO(Spam Domains) IP vs HELO(SpamIPs) RDNS vs HELO RNDS vs MAILFROM IP vs RDNS IP vs MAILFROM I like the first 3, Scott can pick the one(s) he likes best. :) Dan On Sunday, June 8, 2003 12:44, Bill B. [EMAIL PROTECTED] wrote: Ahh, I get it. But it would have to compare the REMOTEIP to the HELO string, not to the REVDNS. Because styggen.com in the header below indicates the HELO string sent by the remote mail server, rather than the REVDNS value. Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com It would be difficult to maintain an accurate list of ISP CIDRs though. So what about a variation of this idea where the test would force REVDNS and HELO strings to contain a partial match. For example, an entry like this... ..rr.com .rr.net would required a REVDNS that contains .rr.com, to use a HELO string containing either .rr.com or .rr.net. Or perhaps the other way around. Bill -Original Message- From: Dan Patnode Sent: 08 Jun 2003 12:47:11 -0700 Subject: Re: [Declude.JunkMail] SpamIPs Test Idea Thanks for the question Bill, Looking back at my original posting, I showed RNDS, then said all the domains those IPs use. The intent is to ignore MAILFROM (which Spam Domains already checks) and compare only IP with RDNS. Scott, Would that still be effective? Dan On Sunday, June 8, 2003 11:49, Bill B. [EMAIL PROTECTED] wrote: I'm not sure that I agree with this test. I use Earthlink DSL at home, and I never send out emails using my @earthlink.net address. I always use my personal or business address, neither of which are provided by Earthlink. I'd bet that a large percentage of DSL, Cable and Dial-up customers do not use the email account that their ISP provides, but they use their ISP's outgoing mail server because they are forced to due to port 25 filtering. Bill -Original Message- From: R. Scott Perry Sent: Sun, 08 Jun 2003 09:36:56 -0400 Subject: Re: [Declude.JunkMail] SpamIPs Test Idea Another idea for a new test, a close cousin to the SpamDomains test: Received: from styggen.com [24.208.153.243] by mx2.spamsoap.com (SMTPD32-7.15) id A288E80090; Fri, 06 Jun 2003 10:42:32 -0700 This message came from a road runner IP. How about a test where we build a list of CIDRs for a given ISP, then match it with all the domains those IPs use. In this case, the file entry would be (I know rr doesn't use .net) 24.208.0.0/14rr.com rr.net In this case, it would match the IP, look for both RR entries, find styggen.com and fail the message. That's a pretty neat idea. That would work well for ISPs that don't allow their customers to run a mailserver, as it would provide an easy way to catch (most) mail from spammers on their networks, while allowing the legitimate E-mail through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was
[Declude.JunkMail] cs.com - SPAMDOMAINS
Title: Message Hi; Does anyone know what entry we should have for cs.com? Considering it is a 2 letter domain I think this can cause problem with the way spamdomain test works. We get a lot of spam with @cs.com and it would be good if we can put an entry for it. Example header: === X-Mailfrom: 53lkikq5.cs.comX-Note: Sent from: [EMAIL PROTECTED]X-Note: Sent from Reverse DNS: u231n155.eastlink.ca ([24.222.231.155]).X-Hello: u231n155.eastlink.caX-Note: Recipient(s): --DELETED-- X-Country-Chain: UNITED STATES-CANADA-UNITED STATES-destinationX-Spam-Prob: 0.988397 === Ideas? Regards, Kami
Re: [Declude.JunkMail] cs.com - SPAMDOMAINS
That is compuserve (aol). Our logs show the legit email from that domain coming from IPs having revdns similar to this: imo-m07.mx.aol.com ...so I'd add this entry to spamdomains: @cs.com .aol.com ...the @ symbol will keep it from matching senders such as [EMAIL PROTECTED] Bill -Original Message- From: Kami Razvan Sent: Sun, 8 Jun 2003 16:26:43 -0400 Subject: [Declude.JunkMail] cs.com - SPAMDOMAINS Hi; Does anyone know what entry we should have for cs.com? Considering it is a 2 letter domain I think this can cause problem with the way spamdomain test works. We get a lot of spam with @cs.com and it would be good if we can put an entry for it. Example header: === X-Mailfrom: 53lkikq5.cs.com X-Note: Sent from: [EMAIL PROTECTED] X-Note: Sent from Reverse DNS: u231n155.eastlink.ca ([24.222.231.155]). X-Hello: u231n155.eastlink.ca X-Note: Recipient(s): --DELETED-- X-Country-Chain: UNITED STATES-CANADA-UNITED STATES-destination X-Spam-Prob: 0.988397 === Ideas? Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] cs.com - SPAMDOMAINS
Title: Message Why not: @cs.com .aol.com Bill - Original Message - From: Kami Razvan To: [EMAIL PROTECTED] Sent: Sunday, June 08, 2003 1:26 PM Subject: [Declude.JunkMail] cs.com - SPAMDOMAINS Hi; Does anyone know what entry we should have for cs.com? Considering it is a 2 letter domain I think this can cause problem with the way spamdomain test works. We get a lot of spam with @cs.com and it would be good if we can put an entry for it. Example header: === X-Mailfrom: 53lkikq5.cs.comX-Note: Sent from: [EMAIL PROTECTED]X-Note: Sent from Reverse DNS: u231n155.eastlink.ca ([24.222.231.155]).X-Hello: u231n155.eastlink.caX-Note: Recipient(s): --DELETED-- X-Country-Chain: UNITED STATES-CANADA-UNITED STATES-destinationX-Spam-Prob: 0.988397 === Ideas? Regards, Kami
Re: [Declude.JunkMail] new message header
... Let's keep the spammers guessing for a while.That'll improve its effectiveness! - Original Message - So when might you be willing to share this new spam test with us...? :-))) I see new X-Spam-Prob: headers being added after upgrading to Declude --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] KillListGen Utility
Huh? Link is broken? You should be able to get it here: http://www.nerosoft.com/Download/KillListGenInst.exe Thanks Scott. I was following a link from the Declude website What address were you sending email to? On your main webpage it shows [EMAIL PROTECTED] but it is really linked to [EMAIL PROTECTED] ... and that bounces user unknown. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.