RE: [Declude.JunkMail] Massive CPU usage
If you change F-Prot.exe to fpcmd.exe and remove the /NOFLOPPY, you'll be all set. I've got it going now, that's probably something I missed last time. It is important to remove the /NOFLOPPY switch, otherwise it will not catch anything. Hermann --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Per-Domain Whitelist
Hello, I'm running a per-domain whitelist of e-mail addresses, etc. I can't seem to get a couple domains configured correctly for one particular client. They receive e-mails from lehman.com, but it's a weird sender address - [EMAIL PROTECTED] I added lehman.com to the whitelist file thinking this would allow anything from the lehman.com domain. Well, it didn't. Should I have put .lehman.com instead? Thank you for your time and attention.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack OT Windows IP question
Scott, I have a colo that I gateway to. The colo box is Windows 2000 running Exchange ; Hijack monitors his traffic which runs on my server. All had been fine now however they are running on their server a moderated list(s). List software is SVList. The largest list has ~ 300 members. So when the list sends out Hijack will hold the email. Hijack settings are : RELAYTHRESHOLD1 10 20 RELAYTHRESHOLD2 30 80 So now I have whitelisted their ip [ALLOWIP setting] to allow everything to function. Is there *any* way to allow a different HIJACK setting based on IP and or MAILFROM? [ A colos email traffic - since we are looking at all the traffic from a mailserver from a particular ip - is different than monitoring ip's from individual users. The MAILFROM piece would work well here since I could WHITELIST the list] Any thoughts on how I can make this work without whitelisting? I also have DJMPro. OT Question: SVList does not have a setting to work off a particular IP. Is there a way to make an IP on a windows box 'primary' or 'default' in the sense programs such as SVList will *always* use it? If so this would solve my problem Thanks as always -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack OT Windows IP question
Is there *any* way to allow a different HIJACK setting based on IP and or MAILFROM? No. It's either unlimited E-mail, or the standard settings. Any thoughts on how I can make this work without whitelisting? I also have DJMPro. The only other option I can think of would be to increase the standard settings to a high enough value that their E-mail can get through. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Per-Domain Whitelist
I'm running a per-domain whitelist of e-mail addresses, etc. I can't seem to get a couple domains configured correctly for one particular client. They receive e-mails from lehman.com, but it's a weird sender address - [EMAIL PROTECTED] I added lehman.com to the whitelist file thinking this would allow anything from the lehman.com domain. Well, it didn't. Should I have put .lehman.com instead? The lines in the per-domain whitelist files should contain either one E-mail address ([EMAIL PROTECTED]) or domain (@example.com) or subdomain (.example.com) per line. Just lehman.com won't match anything. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Per-Domain Whitelist
Great.. Thanks.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, May 26, 2004 11:15 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Per-Domain Whitelist I'm running a per-domain whitelist of e-mail addresses, etc. I can't seem to get a couple domains configured correctly for one particular client. They receive e-mails from lehman.com, but it's a weird sender address - [EMAIL PROTECTED] I added lehman.com to the whitelist file thinking this would allow anything from the lehman.com domain. Well, it didn't. Should I have put .lehman.com instead? The lines in the per-domain whitelist files should contain either one E-mail address ([EMAIL PROTECTED]) or domain (@example.com) or subdomain (.example.com) per line. Just lehman.com won't match anything. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Help - Gateway Question
Hello All - I have started providing gateway services to a new host. I see the messages reach the spool and start to be processed. However the SMTP log says that the message keeps requeing and giving me a status of 3 Please help. Any ideas of what to look at would be appreciated. Samantha Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help - Gateway Question
Make sure the system you are gatewaying for allows relay from the gateway host. Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Bridges, Samantha [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 1:27 PM Subject: [Declude.JunkMail] Help - Gateway Question Hello All - I have started providing gateway services to a new host. I see the messages reach the spool and start to be processed. However the SMTP log says that the message keeps requeing and giving me a status of 3 Please help. Any ideas of what to look at would be appreciated. Samantha Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spammers Dumping Porn for Financial Services
http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229 Time to add new filters.. Kami
Re: [Declude.JunkMail] Spammers Dumping Porn for Financial Services
I've definitely seen more Stock Promotion SPAM in the last two weeks. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 05/26/04 02:49PM http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229 Time to add new filters.. Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spammers Dumping Porn for Financial Services
Yeah, but what about: http://news.com.com/Porn+spammers+ignore+new+rule/2100-1028_3-5220850.html?tag=nefd.top From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami RazvanSent: Wednesday, May 26, 2004 2:50 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Spammers Dumping Porn for Financial Services http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229 Time to add new filters.. Kami
Re: [Declude.JunkMail] Massive CPU usage
Matt wrote: James, If you are using the latest beta (1.79), you can use the filters in the hidden beta section of my site: http://www.mailpure.com/software/decludefilters/beta/ These make use of several new enhancements that can cut the processor utilization of these filters by probably 90% (primarily from the SKIPIFWEIGHT setting). They also simplify the convoluted ANTI filters by doing everything within one single file. You can also gain a benefit from WHITELIST AUTH in your Global.cfg which whitelists all authenticated users (latest Declude beta and IMail 8.x required). I'll try implementing these here in the next day or so after read up on the documentation for them. Care to explain what the size.vbs file is? It seems from the stats that you posted that there is excessive incoming traffic, possibly related to a dictionary attack. If you have domains configured for the nobody alias, try as hard as you can to get rid of them. This can result in every dictionary attack message being scanned, and just in case you are wondering, no, spammers don't care if your server accepts every last message or not, they just keep the dictionary attack running, and recently there has been a rise in full-on dictionary attacks using tens of thousands of addresses or more. These can come from a single IP, or they can be distributed. You should be able to tell if something is happening by just looking at the size of your logs. Matt We do not have any nobody aliases (I can guess the problems that could cause) on any of our domains. However, our major domains are provided to dial-up users and have been around for close to 8 years, so I'm sure many of them are probably on spam lists. I'd guess that the most of the 5-8K outgoing messages from postmaster are spam and/or virus related. ::James Nelson --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spammers Dumping Porn for Financial Servic es
Title: Message I've definitely noticed in the last 2 weeks that pump and dump stock scams have been the lead type of spam that leaks through. And also that pharmaceutical spam has far eclipsed pornography. In my Hotmail account, it's about even. And I suppose that this is news to someone, but certainly not anymail admin: http://news.com.com/Attack+of+Comcast's+Internet+zombies/2010-1034_3-5218178.html?tag=st.pop Andrew 8) -Original Message-From: Kami Razvan [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 12:50 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Spammers Dumping Porn for Financial Services http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229 Time to add new filters.. Kami
Re: [Declude.JunkMail] Spliting log files
Serge, This is what I use and adapt for each given purpose //START REM It will appends the log files with the date and time it was rotated on FOR /f tokens=1-3 delims=: %%a in ('TIME/T') do SET ftime=%%a.%%b.%%c FOR /f tokens=2-4 delims=/ %%a in ('DATE/T') do SET curdate=%%a.%%b.%%c copy index.log index.%curdate%.%ftime% Quoting serge [EMAIL PROTECTED]: someone posted a batch file to split large logs by automaticaly renaiming every hour, anyone has a link ? i do not need the .exe file, but the .bat so it can be custimized for logs other than declude ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. - Check out http://www.invariantsystems.com for utilities for Declude and Imail. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.