Re: [Declude.JunkMail] Lost One Account - Help Please
that is a great suggestion ..looks like you configuration is working so far...and setting the log to mid helps sort out the log files.when at low it showed the test ignored, while looking at it at MID set, it shows ignore and then further down the log it deletes after finishing all tasks Thanks for all your help... gb At 05:05 AM 7/11/2003 +0300, you wrote: Glen , In fact 212.64.200.32 is my server ip address. Many spammers try to fool your mail server using as hello your mail server ip address. Every mail server start talking as follow HELO(EHLO) myhostname.com But many spammers use HELO(EHLO) 212.64.200.32 212.64.200.32 is my server ip address. The remote mail server name can not be my ip address :) This is a spammer trick which can work with very old mail servers. Thats why i am deleting every mail which contains HELO(EHLO) 212.64.200.32 I am cacthing more than 20% of spam like this. And be sure this %100 spam. I have never seen a mail server using the remote mail server name. Rifat Levis - Original Message - From: "Glenn Brooks" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 11, 2003 4:50 AM Subject: Re: [Declude.JunkMail] Lost One Account - Help Please > >Write in the atlasfilter.txt >helo 20 contains ommo.net >helo 20 contains 212.64.200.32 I will adjust mine to match this and give it a try Can I use the following for IPs helo 20 contains 212.64.200.0/24 to cover more IP addresses? Thanks for the suggestions... gb --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Lost One Account - Help Please
Glen , In fact 212.64.200.32 is my server ip address. Many spammers try to fool your mail server using as hello your mail server ip address. Every mail server start talking as follow HELO(EHLO) myhostname.com But many spammers use HELO(EHLO) 212.64.200.32 212.64.200.32 is my server ip address. The remote mail server name can not be my ip address :) This is a spammer trick which can work with very old mail servers. Thats why i am deleting every mail which contains HELO(EHLO) 212.64.200.32 I am cacthing more than 20% of spam like this. And be sure this %100 spam. I have never seen a mail server using the remote mail server name. Rifat Levis - Original Message - From: "Glenn Brooks" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 11, 2003 4:50 AM Subject: Re: [Declude.JunkMail] Lost One Account - Help Please > >Write in the atlasfilter.txt >helo 20 contains ommo.net >helo 20 contains 212.64.200.32 I will adjust mine to match this and give it a try Can I use the following for IPs helo 20 contains 212.64.200.0/24 to cover more IP addresses? Thanks for the suggestions... gb --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Lost One Account - Help Please
If you use "LOGLEVEL MID", the log file will show which configuration file is used. I turned on the mid level and here is one of the entries that failed, looks like it is coming tthrough my domain, my domain is the only one that is using the blacklist filter: 07/10/2003 21:01:45 Q1a7d8d1800b0a841 BLACKLISTDOMAIN:20 BADHEADERS:9 . Total weight = 29 07/10/2003 21:01:45 Q1a7d8d1800b0a841 Msg failed BLACKLISTDOMAIN (Message failed BLACKLISTDOMAIN test (67)). Action=IGNORE. 07/10/2003 21:01:45 Q1a7d8d1800b0a841 Subject: Policies Issued and Approved Online Within 10 Minutes. 07/10/2003 21:01:45 Q1a7d8d1800b0a841 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Lost One Account - Help Please
Write in the atlasfilter.txt helo 20 contains ommo.net helo 20 contains 212.64.200.32 I will adjust mine to match this and give it a try Can I use the following for IPs helo 20 contains 212.64.200.0/24 to cover more IP addresses? Thanks for the suggestions... gb --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Lost One Account - Help Please
I will have to watch for thisthe thing I noticed last night and today was the following in the declude log files, but am not sure they were for these exact emails, but I have this continually in the declude log files. 07/10/2003 20:11:42 Q0eb9c314012eb215 Msg failed BLACKLISTIP ( This is a spam IP address). Action=IGNORE. 07/10/2003 20:11:42 Q0eb9c314012eb215 Msg failed BLACKLISTDOMAIN (Message failed BLACKLISTDOMAIN test (120)). Action=IGNORE. Then a couple of lines down I will have: 07/10/2003 20:12:59 Q0f07c404012ee48a Msg failed BLACKLISTIP ( This is a spam IP address). Action=DELETE. 07/10/2003 20:12:59 Q0f07c404012ee48a Msg failed BLACKLISTDOMAIN (Message failed BLACKLISTDOMAIN test (132)). Action=DELETE. This is what has me confused, it seems to catch the tests, sometimes That is the normal behavior. Declude JunkMail doesn't use the same actions for all E-mails that fail a given test. This means that the first E-mail used a configuration file that uses the IGNORE action (or those two tests weren't listed in the config files), but the second one uses the DELETE action. So some E-mails use one configuration file, sometimes there are E-mails that use another configuration file. If you use "LOGLEVEL MID", the log file will show which configuration file is used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Lost One Account - Help Please
Then in my junkmail file I have the following line of code: BLACKLISTDOMAIN DELETE The questions here include: [1] Is that junkmail file the one being used for E-mail to the domain in question (IE do you have any per-user or per-domain configurations)? Yes this file is used for the domain in question and webwize.com, the main domain [2] Could the E-mail to the domain in question be considered outgoing E-mail (if the E-mail is a gateway domain, that is not stored locally)? All email is stored locally...I do not think the email was outgoing, since it was being received by the client, and I received some as well, under the webwize.com domain. [3] If per-user or per-domain settings are being used, are there any user aliases or host aliases involved? No [4] The obvious (to me) question: Do the E-mails that aren't getting deleted have "hollywoodspecials.net" in the return address (the "X-Declude-Sender:" header or the "MAIL FROM" line in the SMTP log file; these are often different than the "From:", "Reply-To:", "Sender:" or other similar headers)? The email that was sent to me at this email address, [EMAIL PROTECTED] from the hollywoodspecials.net had the email in the from address, it was also in the X-Declude-Sender, they were identical for these particular emails. [5] What do the log files show for this E-mail (which narrows it down to being a problem with the test, or the actions that are being used on it)? I will have to watch for thisthe thing I noticed last night and today was the following in the declude log files, but am not sure they were for these exact emails, but I have this continually in the declude log files. 07/10/2003 20:11:42 Q0eb9c314012eb215 Msg failed BLACKLISTIP ( This is a spam IP address). Action=IGNORE. 07/10/2003 20:11:42 Q0eb9c314012eb215 Msg failed BLACKLISTDOMAIN (Message failed BLACKLISTDOMAIN test (120)). Action=IGNORE. Then a couple of lines down I will have: 07/10/2003 20:12:59 Q0f07c404012ee48a Msg failed BLACKLISTIP ( This is a spam IP address). Action=DELETE. 07/10/2003 20:12:59 Q0f07c404012ee48a Msg failed BLACKLISTDOMAIN (Message failed BLACKLISTDOMAIN test (132)). Action=DELETE. This is what has me confused, it seems to catch the tests, sometimes thanks for the help... gb --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Lost One Account - Help Please
In the Global.cfg file I have a line of code like thes: BLACKLISTDOMAIN filter E:\IMail\Declude\domainblacklist.txt x 20 0: I do not have any other line of code associated with this test in the globla.cfg file. That will add a weight of 20 to any E-mail that meets the criteria of the filter, but will not do anything else. In the file named domainblacklist.txt I have the following lines of code (there are about 100 lines, on sep. lines): MAILFROM 20 CONTAINS hollywoodspecials.net MAILFROM 20 CONTAINS .hollywoodspecials.net OK. Then in my junkmail file I have the following line of code: BLACKLISTDOMAIN DELETE The questions here include: [1] Is that junkmail file the one being used for E-mail to the domain in question (IE do you have any per-user or per-domain configurations)? [2] Could the E-mail to the domain in question be considered outgoing E-mail (if the E-mail is a gateway domain, that is not stored locally)? [3] If per-user or per-domain settings are being used, are there any user aliases or host aliases involved? [4] The obvious (to me) question: Do the E-mails that aren't getting deleted have "hollywoodspecials.net" in the return address (the "X-Declude-Sender:" header or the "MAIL FROM" line in the SMTP log file; these are often different than the "From:", "Reply-To:", "Sender:" or other similar headers)? [5] What do the log files show for this E-mail (which narrows it down to being a problem with the test, or the actions that are being used on it)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Lost One Account - Help Please
Hello Glenn , Here is what i am doing to get rid of this kind of spammers. In my global.cfg i create AtlasfilterfilterE:\IMail\Declude\atlasfilter.txt x 0 0 i create a file atlasfilter.txt in declude folder In the config file i have WEIGHT10 weight x x 10 0 WEIGHT15 weight x x 15 0 WEIGHT20 weight x x 20 0 Junkmail file WEIGHT10 WARN WEIGHT15 WARN WEIGHT20 DELETE Now that you can see weight 20 deleting the mail Write in the atlasfilter.txt helo 20 contains ommo.net helo 20 contains 212.64.200.32 etc. IT will delete the mail I put ==> E:\IMail\Declude\atlasfilter.txt x 0 0 zero as weight to filter because later in txt file i will add some differents weights example mailfrom 10 [EMAIL PROTECTED] Here it will just add weight 10 without deleting. I have made very few changes to real global.cfg and junkmail files i am adding everything else to my filter file which make very easy everything. example : The biggest spammer in my country sell a software and a cd with 10 millions mail address , the guys software open a connection with HELO OMMO.NET As soon as i found this unchanged field ,i added to my filter text. Good Luck Rifat Levis - Original Message - From: "Glenn Brooks" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, July 11, 2003 3:53 AM Subject: [Declude.JunkMail] Lost One Account - Help Please I hate to continue to ask for assistance for the same problem, but I just can not figure it out. I lost a 300.00/month hosting account today due to continued spam getting through. Here is what I have: I have multiple domains. Only a couple run with their own directory within the Declude directory within the Imail Directory. The client that left for another hosting company was running off the same global.cfg file as my main domain. In the Global.cfg file I have a line of code like thes: BLACKLISTDOMAIN filter E:\IMail\Declude\domainblacklist.txt x 20 0: I do not have any other line of code associated with this test in the globla.cfg file. In the file named domainblacklist.txt I have the following lines of code (there are about 100 lines, on sep. lines): MAILFROM 20 CONTAINS hollywoodspecials.net MAILFROM 20 CONTAINS .hollywoodspecials.net Then in my junkmail file I have the following line of code: BLACKLISTDOMAIN DELETE I do not know if I am missing some code somewhere else or if I need to add something somewhere...I am just lost... and hate to lose another account, which a couple are threatening if I can not stop the spam from the same addresses. Any help or suggestions is greatly appreciated...I will even pay to have the problem solved...it's probably something I am not doing correctly. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] re: Badheaders
I have been going through email caught by the BADHEADERS test and most all of the m are due to the year. I am guessing because it sais 03 instead of 2003. I would assume this problem is due to the mail client or SPAM software not being Y2K compliant. That is correct. Those E-mails are coming from mail clients that think that it is the year 1903, before the Internet even existed. Most old E-mail software is Y2K compliant. According to the RFCs, any SMTP software written since October, 1989 *must* use the 4-digit year, unless there is a valid reason not to *and* the implications are understood. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Lost One Account - Help Please
I hate to continue to ask for assistance for the same problem, but I just can not figure it out. I lost a 300.00/month hosting account today due to continued spam getting through. Here is what I have: I have multiple domains. Only a couple run with their own directory within the Declude directory within the Imail Directory. The client that left for another hosting company was running off the same global.cfg file as my main domain. In the Global.cfg file I have a line of code like thes: BLACKLISTDOMAIN filter E:\IMail\Declude\domainblacklist.txt x 20 0: I do not have any other line of code associated with this test in the globla.cfg file. In the file named domainblacklist.txt I have the following lines of code (there are about 100 lines, on sep. lines): MAILFROM 20 CONTAINS hollywoodspecials.net MAILFROM 20 CONTAINS .hollywoodspecials.net Then in my junkmail file I have the following line of code: BLACKLISTDOMAIN DELETE I do not know if I am missing some code somewhere else or if I need to add something somewhere...I am just lost... and hate to lose another account, which a couple are threatening if I can not stop the spam from the same addresses. Any help or suggestions is greatly appreciated...I will even pay to have the problem solved...it's probably something I am not doing correctly. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] re: Badheaders
I have been going through email caught by the BADHEADERS test and most all of the m are due to the year. I am guessing because it sais 03 instead of 2003. I would assume this problem is due to the mail client or SPAM software not being Y2K compliant. Kevin Bilbee Network Administrator Standard Abrasives, Inc. Changing the way industry works. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] re: Spam Statistics
What is everyone using to get statistics? -- Susan Duncan ([EMAIL PROTECTED]) TEL:(613) 231-SIRC x225 IT Director, SIRC FAX:(613) 231-3739 http://www.sportquest.com/ http://www.canadiansport.com/ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] re: Spam Statistics
I thought the group might want to see som spam stats. These are our stats from yesterday. Does any one else have stats they could post so we can get an idea of what test get triggered - LogFile(s) Scanned: D:\IMAIL\spool\dec0709.log - Total unique messages scanned: 1893 Total failed messages : 1172 Percent failed: 61.912 % Total deleted messages: 425 Percent deleted: 22.451 % Total held messages : 120 Percent held: 6.339 % Total log file length : 24384 - Test Name : Count % of Failed % of All - BADHEADERS :272 23.208 % 14.369 % BASE64 : 33 2.816 % 1.743 % BLITZEDALL : 65 5.546 % 3.434 % BLOCKEDSENDERS : 22 1.877 % 1.162 % BODYFILTER : 19 1.621 % 1.004 % BONDEDSENDER : 23 1.962 % 1.215 % COMMENTS : 32 2.730 % 1.690 % DSBL :178 15.188 % 9.403 % DSN: 45 3.840 % 2.377 % EASYNET-DNSBL :458 39.079 % 24.194 % EASYNET-DYNA : 16 1.365 % 0.845 % EASYNET-PROXIES:159 13.567 % 8.399 % HELOBOGUS :229 19.539 % 12.097 % HELOFILTER :151 12.884 % 7.977 % IPBLACKLIST: 60 5.119 % 3.170 % MAILFROM : 13 1.109 % 0.687 % MONKEYPROXIES :116 9.898 % 6.128 % NOABUSE:241 20.563 % 12.731 % NOPOSTMASTER :188 16.041 % 9.931 % ORDB : 3 0.256 % 0.158 % OSPROXY: 1 0.085 % 0.053 % OSSOFT : 6 0.512 % 0.317 % REVDNS :211 18.003 % 11.146 % ROUTING: 97 8.276 % 5.124 % SBL:217 18.515 % 11.463 % SPAMCOP:266 22.696 % 14.052 % SPAMDOMAINS:124 10.580 % 6.550 % SPAMHEADERS:187 15.956 % 9.879 % SPAM-HIGH :399 34.044 % 21.078 % SPAM-LOW : 17 1.451 % 0.898 % SPAM-MED :152 12.969 % 8.030 % WEIGHT5:717 61.177 % 37.876 % Whitelisted:340 29.010 % 17.961 % - Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Compatability
However, depending on your needs, you could set up a Imail Store and Forward Gateway or use the Gateway services of some one running Imail and Declude. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Bill Landry > Sent: Thursday, July 10, 2003 9:45 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Compatability > > It does not, it is an IMail exclusive. :-( > > Bill > - Original Message - > From: "Terry Parks" <[EMAIL PROTECTED]> > To: "'Declude. JunkMail" <[EMAIL PROTECTED]> > Sent: Thursday, July 10, 2003 9:28 AM > Subject: [Declude.JunkMail] Compatability > > > > Does anyone know if Declude works with other email server software besides > > Imail? > > > > Terry > > > > > > --- > > [This E-mail scanned for viruses by Surfside Internet] > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] X-Declude-Sender Missing from Header
So far we are getting reports from only a single user. A quick review of the current spool shows no email without the X-Declude-Sender line. There are no gp1 or gp2 files on the server. Do you think it is some setting in the user's mail client (Outlook 2002) which is stripping out some of the info? That is very likely the problem -- Outlook is notorious for making it difficult to get all the headers of the E-mail, often displaying some of them while filtering others out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] X-Declude-Sender Missing from Header
So far we are getting reports from only a single user. A quick review of the current spool shows no email without the X-Declude-Sender line. There are no gp1 or gp2 files on the server. Do you think it is some setting in the user's mail client (Outlook 2002) which is stripping out some of the info? Thank You, JR Tatum, President Performance Dimensions, Inc. (336) 774-1849 mailto:[EMAIL PROTECTED] http://www.triadnetwork.com * This message and any included attachments are from PERFORMANCE DIMENSIONS, INC. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail. * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, July 10, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] X-Declude-Sender Missing from Header >These are our configuration settings: > >XSENDER ON That should cause the X-Declude-Sender: header to appear in the headers of all E-mails. Have you checked to see if there are any C:\Declude.gp1 or C:\Declude.gp2 files? Is there any pattern to the E-mails without that header (all happening to the same recipient, for example)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Compatability
It does not, it is an IMail exclusive. :-( Bill - Original Message - From: "Terry Parks" <[EMAIL PROTECTED]> To: "'Declude. JunkMail" <[EMAIL PROTECTED]> Sent: Thursday, July 10, 2003 9:28 AM Subject: [Declude.JunkMail] Compatability > Does anyone know if Declude works with other email server software besides > Imail? > > Terry > > > --- > [This E-mail scanned for viruses by Surfside Internet] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Compatability
Does anyone know if Declude works with other email server software besides Imail? Terry --- [This E-mail scanned for viruses by Surfside Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] empty body
I have seen many... I think the spammers are in a database cleaning season. They are perhaps confirming the emails. We have seen subjects like: - Hey - What do you think? - The next revision.. But with empty bodies and from emails that are definitely spam. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, July 10, 2003 11:52 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] empty body I have been seeing a couple a week. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Markus Gufler > Sent: Thursday, July 10, 2003 8:00 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] empty body > > Anyone else has seen in the past days spam messages with absolutely no > body? > > Below is the header from one of this messages. > > Note: > A.) the subject line with spacers and id-code > B.) the from name ;-) > > What a sense can have such mailings? > > Markus > > > = > > Received: from hotjobs.com [66.198.141.5] by mail.zcom.it > (SMTPD32-7.15) id AAF9B4400E2; Thu, 10 Jul 2003 15:32:41 +0200 > Message-ID: <[EMAIL PROTECTED]> > From: "Ophelia R. Perry" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [s239] Getwellhung > o7djfb43bui3 > Date: Fri, 11 Jul 2003 06:05:37 + > MIME-Version: 1.0 > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > Content-Type: text/html > Content-Transfer-Encoding: 8bit > X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=66.198.141.5 > X-RBL-Warning: SPAMCOP: Blocked - see > http://spamcop.net/bl.shtml?66.198.141.5 > X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - > http://blackholes.easynet.nl/errors.html > X-RBL-Warning: EASYNET-PROXIES: Open Proxy - > http://proxies.blackholes.easynet.nl/errors.html > X-RBL-Warning: SORBS: HTTP Proxy See: > http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.198.141.5 > X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] > X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 90. > X-Declude-Sender: [EMAIL PROTECTED] [66.198.141.5] > X-Spam-Tests-Failed: DSBL, SPAMCOP, EASYNET-DNSBL, EASYNET- PROXIES, > SORBS, NOPOSTMASTER, REVDNS, NOLEGITCONTENT, SPAMCHK, > WEIGHT75, > WEIGHT100 [239] > X-Note: Sent from [EMAIL PROTECTED] - [No Reverse DNS] > ([66.198.141.5]). > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] empty body
I have been seeing a couple a week. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Markus Gufler > Sent: Thursday, July 10, 2003 8:00 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] empty body > > Anyone else has seen in the past days spam messages with absolutely no > body? > > Below is the header from one of this messages. > > Note: > A.) the subject line with spacers and id-code > B.) the from name ;-) > > What a sense can have such mailings? > > Markus > > > = > > Received: from hotjobs.com [66.198.141.5] by mail.zcom.it > (SMTPD32-7.15) id AAF9B4400E2; Thu, 10 Jul 2003 15:32:41 +0200 > Message-ID: <[EMAIL PROTECTED]> > From: "Ophelia R. Perry" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [s239] Getwellhung > o7djfb43bui3 > Date: Fri, 11 Jul 2003 06:05:37 + > MIME-Version: 1.0 > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > Content-Type: text/html > Content-Transfer-Encoding: 8bit > X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=66.198.141.5 > X-RBL-Warning: SPAMCOP: Blocked - see > http://spamcop.net/bl.shtml?66.198.141.5 > X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - > http://blackholes.easynet.nl/errors.html > X-RBL-Warning: EASYNET-PROXIES: Open Proxy - > http://proxies.blackholes.easynet.nl/errors.html > X-RBL-Warning: SORBS: HTTP Proxy See: > http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.198.141.5 > X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] > X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 90. > X-Declude-Sender: [EMAIL PROTECTED] [66.198.141.5] > X-Spam-Tests-Failed: DSBL, SPAMCOP, EASYNET-DNSBL, EASYNET- > PROXIES, > SORBS, NOPOSTMASTER, REVDNS, NOLEGITCONTENT, SPAMCHK, > WEIGHT75, > WEIGHT100 [239] > X-Note: Sent from [EMAIL PROTECTED] - [No Reverse DNS] > ([66.198.141.5]). > > > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] X-Declude-Sender Missing from Header
These are our configuration settings: XSENDER ON That should cause the X-Declude-Sender: header to appear in the headers of all E-mails. Have you checked to see if there are any C:\Declude.gp1 or C:\Declude.gp2 files? Is there any pattern to the E-mails without that header (all happening to the same recipient, for example)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] X-Declude-Sender Missing from Header
Scott, These are our configuration settings: #XINHEADER X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT%. #XINHEADER X-Spam-Tests-Failed: %TESTSFAILED% [%WEIGHT%] #XINHEADER X-Country-Chain: %COUNTRYCHAIN% #XOUTHEADER X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XSENDER ON XSPOOLNAME ON XINHEADER X-Note: This E-mail was sent from %REVDNS% ([%REMOTEIP%]). #XOUTHEADER Organization: Performance Dimensions, Inc. #IPBYPASS 127.0.0.1 Thank You, JR Tatum, President Performance Dimensions, Inc. (336) 774-1849 mailto:[EMAIL PROTECTED] http://www.triadnetwork.com * This message and any included attachments are from PERFORMANCE DIMENSIONS, INC. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail. * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, July 09, 2003 2:13 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] X-Declude-Sender Missing from Header >We are seeing several spam emails delivered to our clients which are >apparently able to bypass JMPro filters as there is no X-Declude-Sender >line in the header. Can anyone explain why it is missing (see sample >header below)? > >X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - >http://blackholes.easynet.nl/errors.html >X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam >[420e]. Declude JunkMail definitely scanned this E-mail. Are you using the XSENDER ON option, or are you using your own XINHEADER/XOUTHEADER option to produce the X-Declude-Sender: header? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IPBYPASS IP range
> In this case, you could use: > > WHITELIST IP 123.123.123.0/24 > > This would whitelist the entire range from 123.123.123.0 through > 123.123.123.255. Ok done. But this will whitelist generally all messages comming from this Ips. That is correct. Using IPBYPASS will "disable" only the DNS-based tests (?) IPBYPASS in this case would prevent those IPs from being scanned, but the next IP would be scanned (the one that connected to the ISP), which may cause unpredictable results. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IPBYPASS IP range
> In this case, you could use: > > WHITELIST IP 123.123.123.0/24 > > This would whitelist the entire range from 123.123.123.0 through > 123.123.123.255. Ok done. But this will whitelist generally all messages comming from this Ips. Using IPBYPASS will "disable" only the DNS-based tests (?) Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] empty body
Anyone else has seen in the past days spam messages with absolutely no body? Below is the header from one of this messages. Note: A.) the subject line with spacers and id-code B.) the from name ;-) What a sense can have such mailings? I'm guessing that it is broken spamware, that just isn't functioning properly. This E-mail was sent directly to you from the spammer (the only Received: header is the one IMail added), so it probably was sent with spamware. It could also be a probe of some sort, checking to make sure that E-mails get delivered and do not bounce (since there is no spam content, it is likely that the return address could be valid and would not get deleted quickly), or checking to see what domains bounce E-mail based on certain spam tests. Those are just some guesses, but I promise that Ophelia isn't related to me. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Attack
While I haven't seen this particular type of attack, I do have one client that is seeing something very similar. He is getting mail-bombed from numerous spam sites/IP's.. he is rejecting over 300 an hour, and this is for a site with only a 512k connection and 50 users... It's been happening for over 3 months now. Karl Drugge, Systems Network Engineer -Original Message- From: Adrian Hauri [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2003 11:51 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Spam Attack These IP addresses are blacklisted as an open relay in ORDB etc. Check http://www.dnsstuff.com/tools/ip4r.ch?ip=217.16.118.12 Cheers Adrian - - Original Message - From: "Jeff Kratka " <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 10, 2003 12:43 PM Subject: RE: [Declude.JunkMail] Spam Attack > I first thought that but there are different messages, just bad jokes each message. > > There were also some viruses atteched which were caught. > > Jeff > > -- Original Message -- > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > Date: Wed, 9 Jul 2003 17:39:39 -0700 > > > > > > >> -Original Message- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka > >> Sent: Wednesday, July 09, 2003 5:29 PM > >> To: [EMAIL PROTECTED] > >> Subject: [Declude.JunkMail] Spam Attack > >> > >> > >> Just to let everyone know so others don't get hit with it, I just > >> had a Spam > >> attack/Bomb from one particular location. As soon as I found out I blocked > >> everything possible and things are working. It was so bad that it > >> killed the > >> server. It came from: > >> > >> [217.16.118.12] MAIL From:<[EMAIL PROTECTED]> > >> > >> Every single e-mail was to the same address and from the same address and > >> IP, there were a couple of thousand that attempted this. > > > >My guess is there spam software is stuck in a loop and sending the the same > >address over and over? > > > > > >> > >> Just thought some others would like to know. > >> > >> Jeff Kratka > >> > >> * > >> TymeWyse Internet > >> P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 > >> tel/fax: (541) 839-6027 - [EMAIL PROTECTED] > >> * > >> > >> --- > >> [This E-mail was scanned for viruses by Declude Virus > >> (http://www.declude.com)] > >> > >> --- > >> This E-mail came from the Declude.JunkMail mailing list. To > >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >> type "unsubscribe Declude.JunkMail". The archives can be found > >> at http://www.mail-archive.com. > >> > > > >--- > >[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > > >--- > >This E-mail came from the Declude.JunkMail mailing list. To > >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > >type "unsubscribe Declude.JunkMail". The archives can be found > >at http://www.mail-archive.com. > > > > -- > ** > TymeWyse Internet > P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 > tel/fax: (541) 839-6027 - [EMAIL PROTECTED] > ** > -- > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] empty body
Anyone else has seen in the past days spam messages with absolutely no body? Below is the header from one of this messages. Note: A.) the subject line with spacers and id-code B.) the from name ;-) What a sense can have such mailings? Markus = Received: from hotjobs.com [66.198.141.5] by mail.zcom.it (SMTPD32-7.15) id AAF9B4400E2; Thu, 10 Jul 2003 15:32:41 +0200 Message-ID: <[EMAIL PROTECTED]> From: "Ophelia R. Perry" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [s239] Getwellhung o7djfb43bui3 Date: Fri, 11 Jul 2003 06:05:37 + MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Content-Type: text/html Content-Transfer-Encoding: 8bit X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=66.198.141.5 X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?66.198.141.5 X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: EASYNET-PROXIES: Open Proxy - http://proxies.blackholes.easynet.nl/errors.html X-RBL-Warning: SORBS: HTTP Proxy See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.198.141.5 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 90. X-Declude-Sender: [EMAIL PROTECTED] [66.198.141.5] X-Spam-Tests-Failed: DSBL, SPAMCOP, EASYNET-DNSBL, EASYNET-PROXIES, SORBS, NOPOSTMASTER, REVDNS, NOLEGITCONTENT, SPAMCHK, WEIGHT75, WEIGHT100 [239] X-Note: Sent from [EMAIL PROTECTED] - [No Reverse DNS] ([66.198.141.5]). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPBYPASS IP range
it's possible to set something like the following? IPBYPASS123.123.123. No -- the IPBYPASS option only works with a single IP. Two big local ISPs are listed now for over a week in a lot of RBLs and we have FPs because they trigger some ip4r tests. At the moment I'm whitelisting singel IP's but it seems they have more then 20 SMTP-Server divided over 2 C-class networks. I think the best solution for us is to IPBYPASS this Ips because most traffic from this servers is legit and important for our customers. IPBYPASS wasn't designed for a case like this. IPBYPASS is used for cases where there are IPs that you want to skip over, instead scanning the next hop. So if you used IPBYPASS here, you would end up scanning the IP that connected to the local ISP (which is likely an end user, and could well be listed in some spam databases). In this case, you could use: WHITELIST IP 123.123.123.0/24 This would whitelist the entire range from 123.123.123.0 through 123.123.123.255. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IPBYPASS IP range
Hi Scott it's possible to set something like the following? IPBYPASS123.123.123. Two big local ISPs are listed now for over a week in a lot of RBLs and we have FPs because they trigger some ip4r tests. At the moment I'm whitelisting singel IP's but it seems they have more then 20 SMTP-Server divided over 2 C-class networks. I think the best solution for us is to IPBYPASS this Ips because most traffic from this servers is legit and important for our customers. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Some Help needed on a couple of things
IN the log files I am seeing this: 07/09/2003 20:21:41 Qbf9a3efa012ca2d1 Msg failed BLACKLISTIP ( This is a spam IP address). Action=IGNORE. 07/09/2003 20:21:41 Qbf9a3efa012ca2d1 Msg failed BLACKLISTDOMAIN (Message failed BLACKLISTDOMAIN test (79)). Action=IGNORE. This means that the test is working, but Declude JunkMail is looking at different actions than the ones you think it should be looking at. Assuming that you do not have any per-user or per-domain settings, this probably means that the E-mail that was scanned was an outgoing E-mail (which includes E-mail to any gateway domains), in which case the actions from the \Imail\Declude\global.cfg file would be used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spoolviewer.exe - bug?
Does spoolviewer.exe look at the registry to determine the actual spool location? The original release had a bug in it where it would look up the location in the registry, but not actually use it. If you download it again (from http://www.declude.com/tools ), it should start working properly. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.