RE: [Declude.JunkMail] Massive CPU usage

2004-05-26 Thread Hermann Strassner 
  If you change F-Prot.exe to fpcmd.exe and remove the 
 /NOFLOPPY, 
  you'll be all set.

 I've got it going now, that's probably something I missed last time. 

It is important to remove the /NOFLOPPY switch, otherwise it will not
catch anything.

Hermann

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Per-Domain Whitelist

2004-05-26 Thread Jeff Maze 
Hello,
I'm running a per-domain whitelist of e-mail addresses, etc.  I
can't seem to get a couple domains configured correctly for one particular
client.
They receive e-mails from lehman.com, but it's a weird sender
address - [EMAIL PROTECTED]  I added lehman.com
to the whitelist file thinking this would allow anything from the lehman.com
domain.  Well, it didn't.  Should I have put .lehman.com instead?
Thank you for your time and attention..


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Hijack OT Windows IP question

2004-05-26 Thread Nick Hayer 
Scott,

I have a colo that I gateway to. The colo box is  Windows 2000 
running Exchange ; Hijack monitors his traffic which runs on my 
server.

All had been fine now however they are running on their server a 
moderated list(s). List software is SVList.

The largest list has ~ 300 members. So when the list sends out Hijack 
will hold the email.
Hijack settings are :
RELAYTHRESHOLD1 10   20
RELAYTHRESHOLD2  30  80

So now I have whitelisted their ip  [ALLOWIP setting] to allow 
everything to function.

Is there *any* way to allow a different HIJACK setting based on IP 
and or MAILFROM? [ A colos email traffic - since we are looking at 
all the traffic from a mailserver from a particular ip - is different 
than monitoring ip's from individual users. The MAILFROM piece would 
work well here since I could WHITELIST the list]

Any thoughts on how I can make this work without whitelisting? I also 
have DJMPro.

OT Question: SVList does not have a setting to work off a particular 
IP. Is there a way to make an IP on a windows box 'primary' or 
'default' in the sense programs such as SVList will *always* use it? 
If so this would solve my problem

Thanks as always

-Nick Hayer

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Hijack OT Windows IP question

2004-05-26 Thread R. Scott Perry 

Is there *any* way to allow a different HIJACK setting based on IP
and or MAILFROM?
No.  It's either unlimited E-mail, or the standard settings.
Any thoughts on how I can make this work without whitelisting? I also
have DJMPro.
The only other option I can think of would be to increase the standard 
settings to a high enough value that their E-mail can get through.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Per-Domain Whitelist

2004-05-26 Thread R. Scott Perry 

I'm running a per-domain whitelist of e-mail addresses, etc.  I
can't seem to get a couple domains configured correctly for one particular
client.
They receive e-mails from lehman.com, but it's a weird sender
address - [EMAIL PROTECTED]  I added lehman.com
to the whitelist file thinking this would allow anything from the lehman.com
domain.  Well, it didn't.  Should I have put .lehman.com instead?
The lines in the per-domain whitelist files should contain either one 
E-mail address ([EMAIL PROTECTED]) or domain (@example.com) or subdomain 
(.example.com) per line.  Just lehman.com won't match anything.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Per-Domain Whitelist

2004-05-26 Thread Jeff Maze 
Great.. Thanks.. 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, May 26, 2004 11:15 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Per-Domain Whitelist


 I'm running a per-domain whitelist of e-mail addresses, etc.  
I can't seem to get a couple domains configured correctly for one 
particular client.
 They receive e-mails from lehman.com, but it's a weird sender 
address - [EMAIL PROTECTED]  I added
lehman.com
to the whitelist file thinking this would allow anything from the 
lehman.com domain.  Well, it didn't.  Should I have put .lehman.com
instead?

The lines in the per-domain whitelist files should contain either one E-mail
address ([EMAIL PROTECTED]) or domain (@example.com) or subdomain
(.example.com) per line.  Just lehman.com won't match anything.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Help - Gateway Question

2004-05-26 Thread Bridges, Samantha 
Hello All - 

I have started providing gateway services to a new host.  I see the
messages reach the spool and start to be processed.  However the SMTP
log says that the message keeps requeing and giving me a status of 3

Please help.  Any ideas of what to look at would be appreciated.

Samantha

Samantha Bridges
Communications Technician
Macomb Intermediate School District
44001 Garfield Road
Clinton Township  MI  48038-1100
(586) 228-3300

[EMAIL PROTECTED]
http://www.misd.net


CONFIDENTIALITY NOTICE: This email message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies of the original message.

 
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Help - Gateway Question

2004-05-26 Thread Rick Davidson 
Make sure the system you are gatewaying for allows relay from the gateway
host.

Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message - 
From: Bridges, Samantha [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, May 26, 2004 1:27 PM
Subject: [Declude.JunkMail] Help - Gateway Question


Hello All -

I have started providing gateway services to a new host.  I see the
messages reach the spool and start to be processed.  However the SMTP
log says that the message keeps requeing and giving me a status of 3

Please help.  Any ideas of what to look at would be appreciated.

Samantha

Samantha Bridges
Communications Technician
Macomb Intermediate School District
44001 Garfield Road
Clinton Township  MI  48038-1100
(586) 228-3300

[EMAIL PROTECTED]
http://www.misd.net


CONFIDENTIALITY NOTICE: This email message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies of the original message.


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Spammers Dumping Porn for Financial Services

2004-05-26 Thread Kami Razvan 



http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229

Time to add new 
filters.. 


Kami

Re: [Declude.JunkMail] Spammers Dumping Porn for Financial Services

2004-05-26 Thread Scott Fisher 
I've definitely seen more Stock Promotion SPAM in the last two weeks.

Scott Fisher
Director of IT
Farm Progress Companies

 [EMAIL PROTECTED] 05/26/04 02:49PM 
http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229 
 
Time to add new filters.. 
 
 
Kami

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Spammers Dumping Porn for Financial Services

2004-05-26 Thread Sean Fahey 



Yeah, but what about:

http://news.com.com/Porn+spammers+ignore+new+rule/2100-1028_3-5220850.html?tag=nefd.top

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Kami 
  RazvanSent: Wednesday, May 26, 2004 2:50 PMTo: 
  [EMAIL PROTECTED]Subject: [Declude.JunkMail] Spammers 
  Dumping Porn for Financial Services 
  
  http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229
  
  Time to add new 
  filters.. 
  
  
  Kami

Re: [Declude.JunkMail] Massive CPU usage

2004-05-26 Thread James Nelson 
Matt wrote:
James,
If you are using the latest beta (1.79), you can use the filters in the 
hidden beta section of my site:

   http://www.mailpure.com/software/decludefilters/beta/
These make use of several new enhancements that can cut the processor 
utilization of these filters by probably 90% (primarily from the 
SKIPIFWEIGHT setting).  They also simplify the convoluted ANTI filters 
by doing everything within one single file.

You can also gain a benefit from WHITELIST AUTH in your Global.cfg which 
whitelists all authenticated users (latest Declude beta and IMail 8.x 
required).

I'll try implementing these here in the next day or so after read up on 
the documentation for them.  Care to explain what the size.vbs file is?

It seems from the stats that you posted that there is excessive incoming 
traffic, possibly related to a dictionary attack.  If you have domains 
configured for the nobody alias, try as hard as you can to get rid of 
them.  This can result in every dictionary attack message being scanned, 
and just in case you are wondering, no, spammers don't care if your 
server accepts every last message or not, they just keep the dictionary 
attack running, and recently there has been a rise in full-on dictionary 
attacks using tens of thousands of addresses or more.  These can come 
from a single IP, or they can be distributed.  You should be able to 
tell if something is happening by just looking at the size of your logs.

Matt
We do not have any nobody aliases (I can guess the problems that could 
cause) on any of our domains.  However, our major domains are provided 
to dial-up users and have been around for close to 8 years, so I'm sure 
many of them are probably on spam lists.  I'd guess that the most of the 
5-8K outgoing messages from postmaster are spam and/or virus related.

::James Nelson
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Spammers Dumping Porn for Financial Servic es

2004-05-26 Thread Colbeck, Andrew 
Title: Message



I've definitely 
noticed in the last 2 weeks that pump and dump stock scams have been the lead 
type of spam that leaks through. And also that pharmaceutical spam has far 
eclipsed pornography. In my Hotmail account, it's about 
even.

And I suppose 
that this is news to someone, but certainly not anymail 
admin:

http://news.com.com/Attack+of+Comcast's+Internet+zombies/2010-1034_3-5218178.html?tag=st.pop

Andrew 
8)

  
  -Original Message-From: Kami Razvan 
  [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 
  12:50 PMTo: [EMAIL PROTECTED]Subject: 
  [Declude.JunkMail] Spammers Dumping Porn for Financial Services 
  
  http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229
  
  Time to add new 
  filters.. 
  
  
  Kami

Re: [Declude.JunkMail] Spliting log files

2004-05-26 Thread Darrell \([EMAIL PROTECTED]) 
Serge,

This is what I use and adapt for each given purpose

//START

REM It will appends the log files with the date and time it was rotated on


FOR /f tokens=1-3 delims=:  %%a in ('TIME/T') do SET ftime=%%a.%%b.%%c
FOR /f tokens=2-4 delims=/  %%a in ('DATE/T') do SET curdate=%%a.%%b.%%c
copy index.log index.%curdate%.%ftime%



Quoting serge [EMAIL PROTECTED]:

 someone posted a batch file to split large logs by automaticaly renaiming
 every hour,
 anyone has a link ?
 i do not need the .exe file, but the .bat so it can be custimized for logs
 other than declude ?
 
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 


-
Check out http://www.invariantsystems.com for utilities for Declude and Imail.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.