RE: [Declude.JunkMail] External Tests
Here is alos another test for Ip addresses in the HELO but it should use less resources it has declude pass the helo string as it see it so it will honor you hop settings http://www.ssc-isp.net/HoldAnalyzer/containsip.aspx Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Scott Fisher > Sent: Wednesday, September 01, 2004 3:12 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] External Tests > > > HeloISIP look at this link: > http://www.mail-archive.com/[EMAIL PROTECTED]/msg17874.html > > I use: > HELOCONTAINSIPexternalnonzero > "D:\imail\declude\heloisip\heloisip.exe" 30 0 > > > Scott Fisher > Director of IT > Farm Progress Companies > > >>> [EMAIL PROTECTED] 09/01/04 04:53PM >>> > I see on the spamchk public site that there is an external test listed > as sniffer-snake. I am assuming that the sniffer portion is the message > sniffer from Sort Monster (if I am wrong let me know), but I don't know > what the snake part is. I also saw a test called HELOISIP. Does anyone > have any info on these tests? > > --- > Danny Spence > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] External Tests
On Wednesday, September 1, 2004, 5:53:07 PM, Danny wrote: DS> I see on the spamchk public site that there is an DS> externaltest listed as sniffer-snake. I am assuming that the DS> sniffer portion is themessage sniffer from Sort Monster (if I am DS> wrong let me know), but I dontknow what the snake part is. I I think that SNIFFER-SNAKE captures the specific result code from SNIFFER for "Snake-Oil". All of the SNIFFER- tests are set up to capture specific result codes. These graphs should be considered a subset of the general SNIFFER graph which indicates the overall (nonzero) performance of SNIFFER. A reference to the SNIFFER result codes can be found here: http://www.sortmonster.com/MessageSniffer/Help/ResultCodesHelp.html DS> alsosaw a test called HELOISIP. Doesanyone have any info on these DS> tests? I don't know a good answer for this at top of mind. It's not the same as HELOBOGUS though. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] External Tests
HeloISIP look at this link: http://www.mail-archive.com/[EMAIL PROTECTED]/msg17874.html I use: HELOCONTAINSIP externalnonzero "D:\imail\declude\heloisip\heloisip.exe" 30 0 Scott Fisher Director of IT Farm Progress Companies >>> [EMAIL PROTECTED] 09/01/04 04:53PM >>> I see on the spamchk public site that there is an external test listed as sniffer-snake. I am assuming that the sniffer portion is the message sniffer from Sort Monster (if I am wrong let me know), but I don't know what the snake part is. I also saw a test called HELOISIP. Does anyone have any info on these tests? --- Danny Spence --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] External Tests
I see on the spamchk public site that there is an external test listed as sniffer-snake. I am assuming that the sniffer portion is the message sniffer from Sort Monster (if I am wrong let me know), but I don’t know what the snake part is. I also saw a test called HELOISIP. Does anyone have any info on these tests? --- Danny Spence
RE: [Declude.JunkMail] DNS
My DNS server is set up as a cashing server but non-local DNS requests have to be forwarded somewhere, don't they? No. Forwarding is a feature that should normally be off by default. The way that a caching DNS server works, it connects to the root servers and "drills down" until it reaches the DNS servers for a record that is being looked up. Forwarding bypasses that, and instead goes to someone else's DNS server. The advantage to this is that the lookup can be slightly quicker if the information is already cached. But at about 500 bytes and 2 round trips per DNS lookup, it doesn't save that much time -- and can increase the amount of time (if the forwarding DNS server is slow) or lost packets or incorrect results (if the forwarding DNS server is flaky, or has oddball policies like Sprint/AT&T do). One of the tabs in the DNS server properties is "Forwards" to resolve non-local requests. What do I use instead of my T-1 provider for this? You just leave it blank. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [OT] .local domains
As I was lurking on this list I noticed a thread "Question about Exchange2Aliases" where .local was suggested as an example TLD. .local should not be used. RFC2606 specifies that aside from TLDs that have already been allocated (.com, .net, .museum, .info, .uk, etc.), it is also OK to use .test, .example, .invalid, and .localhost. Also, example.com/example.net/example.org are OK to use. If you have Mac OS X boxes on your network and you want to have them as members of a Microsoft Active Directory Domain then you cannot use .local as this extension is used by some OS X service (Rendezvous discovery service I believe). The TLD ".lan" seems to work and also connotes a "local" area network. We use .lan for our local DNS services required for Active Directory. This allows us to manage our local DNS zone "commarts.lan" without affecting our internet DNS records (on our ISP's DNS servers). FYI, both ".local" and ".lan" are invalid (and could cause problems now or in the future). If they leak (appearing in E-mail headers, for example), there could be problems. Or, if a TLD you choose becomes allocated in the future, you're going to encounter big problems. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS
Scott, My DNS server is set up as a cashing server but non-local DNS requests have to be forwarded somewhere, don't they? One of the tabs in the DNS server properties is "Forwards" to resolve non-local requests. What do I use instead of my T-1 provider for this? P.S. I tried turning off forwards and then only local DNS requests were resolved. Thank, Bill > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of R. > Scott Perry > Sent: Tuesday, August 31, 2004 6:36 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] DNS > > > > >I am having a problem with my upstream DNS provider. I have my own > >in-house DNS server but for non-local host DNS requests, they are > >forwarded to my T1 provider's DNS server > > > >What I was wondering is if there is a free or fee based outbound DNS > >provider? Or is there a master DNS server that I should already be > >pointing to? > > Why not just stop the forwarding to your T1 provider's DNS > server? If your > DNS server has the option of acting as a caching DNS server, > you might as > well just use your own -- that way you don't have to rely on > someone else's. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader > in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] [OT] .local domains
As I was lurking on this list I noticed a thread "Question about Exchange2Aliases" where .local was suggested as an example TLD. If you have Mac OS X boxes on your network and you want to have them as members of a Microsoft Active Directory Domain then you cannot use .local as this extension is used by some OS X service (Rendezvous discovery service I believe). The TLD ".lan" seems to work and also connotes a "local" area network. We use .lan for our local DNS services required for Active Directory. This allows us to manage our local DNS zone "commarts.lan" without affecting our internet DNS records (on our ISP's DNS servers). Also if anyone out there is attempting to join Mac OS X computers to a Microsoft Active Directory Domain then check out ADMitMac from www.thursby.com - it works well in our small office environment and is worth the $ if you do not have the time to figure out the ins and outs of Active Directory (which didn't work in the early releases of OS X but may work fine now). Michael Hoyt Communication Arts 110 Constitution Drive Menlo Park, CA 94025 (650) 326-6040 fax:(650) 326-1648 e-mail: [EMAIL PROTECTED] Web Site: http://www.commarts.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SENDERDB oddity
duh... You diagnosed it perfectly. Sorry! -d - Original Message - From: "Bill Landry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 1:57 PM Subject: Re: [Declude.JunkMail] SENDERDB oddity Just looked at this again. When I check this manually, it only comes back with a single response: 127.0.0.2, which is the blacklist response code. Dave, are you sure that you do not have 127.0.0.2 as the response code for both the blacklist and the whitelist? The whitelist should be looking for 127.0.0.3, and the suspicious list as 127.0.0.4. Bill - Original Message - From: "Dave Doherty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 10:05 AM Subject: [Declude.JunkMail] SENDERDB oddity Found on the same message: X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; -d --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SENDERDB oddity
Thanks, Rick -d - Original Message - From: "Rick Davidson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 1:37 PM Subject: Re: [Declude.JunkMail] SENDERDB oddity not so odd ServPath is large hosting company that would send alot of legit mail but also allows bulk mailing outfits, mostly "legit lists" but with bad databases. I block their IP assignments outright, nothing but advertisement and junk email comes from these addresses. Have not seen any false positives from blacklisting these ranges but I admin a private company. You would be surprised how much junk comes from these two ranges. REMOTEIP 0 CIDR 64.151.64.0/19 REMOTEIP 0 CIDR 69.59.128.0/18 Rick Davidson National Systems Manager North American Title Group - - Original Message - From: "Dave Doherty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 1:05 PM Subject: [Declude.JunkMail] SENDERDB oddity Found on the same message: X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; -d --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SENDERDB oddity
It is not listed on both, see my previous response to Dave about this. Bill - Original Message - From: "Andy Schmidt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 10:54 AM Subject: RE: [Declude.JunkMail] SENDERDB oddity > I do find it odd that the SAME IP would be whitelisted AND blacklisted - > which is it!? > > They need to tie the various databases against each other and eliminate > duplicate/triplicate listings. > > Best Regards > Andy Schmidt > > H&M Systems Software, Inc. > 600 East Crescent Avenue, Suite 203 > Upper Saddle River, NJ 07458-1846 > > Phone: +1 201 934-3414 x20 (Business) > Fax:+1 201 934-9206 > > http://www.HM-Software.com/ > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson > Sent: Wednesday, September 01, 2004 01:38 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] SENDERDB oddity > > > not so odd > > ServPath is large hosting company that would send alot of legit mail but > also allows bulk mailing outfits, mostly "legit lists" but with bad > databases. > > I block their IP assignments outright, nothing but advertisement and junk > email comes from these addresses. Have not seen any false positives from > blacklisting these ranges but I admin a private company. You would be > surprised how much junk comes from these two ranges. > > REMOTEIP 0 CIDR 64.151.64.0/19 > REMOTEIP 0 CIDR 69.59.128.0/18 > > Rick Davidson > National Systems Manager > North American Title Group > - > - Original Message - > From: "Dave Doherty" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, September 01, 2004 1:05 PM > Subject: [Declude.JunkMail] SENDERDB oddity > > > > Found on the same message: > > > > X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see > > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > > X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see > > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > > > > -d > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > > "unsubscribe Declude.JunkMail". The archives can be found at > > http://www.mail-archive.com. > > > > > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SENDERDB oddity
Just looked at this again. When I check this manually, it only comes back with a single response: 127.0.0.2, which is the blacklist response code. Dave, are you sure that you do not have 127.0.0.2 as the response code for both the blacklist and the whitelist? The whitelist should be looking for 127.0.0.3, and the suspicious list as 127.0.0.4. Bill - Original Message - From: "Dave Doherty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 10:05 AM Subject: [Declude.JunkMail] SENDERDB oddity > Found on the same message: > > X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > > -d > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SENDERDB oddity
I do find it odd that the SAME IP would be whitelisted AND blacklisted - which is it!? They need to tie the various databases against each other and eliminate duplicate/triplicate listings. Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson Sent: Wednesday, September 01, 2004 01:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SENDERDB oddity not so odd ServPath is large hosting company that would send alot of legit mail but also allows bulk mailing outfits, mostly "legit lists" but with bad databases. I block their IP assignments outright, nothing but advertisement and junk email comes from these addresses. Have not seen any false positives from blacklisting these ranges but I admin a private company. You would be surprised how much junk comes from these two ranges. REMOTEIP 0 CIDR 64.151.64.0/19 REMOTEIP 0 CIDR 69.59.128.0/18 Rick Davidson National Systems Manager North American Title Group - - Original Message - From: "Dave Doherty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 1:05 PM Subject: [Declude.JunkMail] SENDERDB oddity > Found on the same message: > > X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > > -d > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SENDERDB oddity
I forwarded this onto Solid Oak for review. Bill - Original Message - From: "Dave Doherty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 10:05 AM Subject: [Declude.JunkMail] SENDERDB oddity > Found on the same message: > > X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see > http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; > > -d > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SENDERDB oddity
not so odd ServPath is large hosting company that would send alot of legit mail but also allows bulk mailing outfits, mostly "legit lists" but with bad databases. I block their IP assignments outright, nothing but advertisement and junk email comes from these addresses. Have not seen any false positives from blacklisting these ranges but I admin a private company. You would be surprised how much junk comes from these two ranges. REMOTEIP 0 CIDR 64.151.64.0/19 REMOTEIP 0 CIDR 69.59.128.0/18 Rick Davidson National Systems Manager North American Title Group - - Original Message - From: "Dave Doherty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 01, 2004 1:05 PM Subject: [Declude.JunkMail] SENDERDB oddity Found on the same message: X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; -d --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hitting the CPU Wall
Yes the server also hosts mail and provides POP and Web mail access. Is IMail efficient with these services or not? I am using my own DNS server (ie the one in Windows on the same box). Goran Jovanovic The LAN Shoppe > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of support > Sent: Wednesday, September 01, 2004 12:44 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Hitting the CPU Wall > > Do any of these servers provide pop/imap/webmail services. We have a > couple > identical servers, but the ones that provide ancillary services tend to > consume more CPU. > > For your type of volume it should be rare to see 25+ declude processes > running at one time. From my experience when I have seen this it always > pointed to a flaky or malfunctioning DNS server. The other caveat is > depending on how many and the type of body filters you have could cause > this. > > Something does seem wrong if your driving the cpu at 100% with a message > volume of 2000 messages per hour with that type of box. Again, depending > on your configuration of Declude this type of performance could be > normal.. > > > Check out http://www.invariantsystems.com for utilities for Declude And > Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log > Parsers. > > > Darrell > > > > > > > Goran Jovanovic writes: > > > Hi, > > > > I know that the answer to this question is a big "it depends" but I am > > trying to get a feel if I have the server mostly configured correctly or > > am I missing things. > > > > I have a 1.4 GHz Celeron CPU with 512MB RAM and a RAID 1 hard drive > > system. We are pushing the CPU to 100% and close to 100% a lot of the > > time during core business hours. Declude log files report that we are > > processing 12 to 15 thousand messages a day. Based on a quick script I > > created I am seeing some hours where we are dealing with 2000 messages > > in that hour. I have also looked at Task Manager and at times I see 20 > > to 25 Declude processes running concurrently. > > > > I have a number of BODY search filters that I am skipping if a bypass > > filter was triggered (for things like PDF attachments etc). I also have > > two AV scanners F-Prot and McAfee. > > > > So the question is: With this setup should I be able to a lot more > > messages per hour/day or am I lucky that I am doing as many as I am. > > > > I would appreciate any thoughts/speculation etc > > > > Thanx > > > > > > Goran Jovanovic > > The LAN Shoppe > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hitting the CPU Wall
> That said, I've got an NT4, P2/450/256MRam box running F-Prot and > Message Sniffer with software RAID1 that is holding it's own against > 1000+ Messages Per hour... This makes it look like your 1.4Ghz/512MB > system should be able to handle more. Does your box provide Web and POP services as well or just store and forward? Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SENDERDB oddity
Found on the same message: X-RBL-Warning: SENDERDB-BLOCK: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; X-RBL-Warning: SENDERDB-ALLOW: "Blocked - Please see http://www.senderdb.com/lookup/lookupResults.asp?ipAddress=69.59.150.150"; -d --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hitting the CPU Wall
Do any of these servers provide pop/imap/webmail services. We have a couple identical servers, but the ones that provide ancillary services tend to consume more CPU. For your type of volume it should be rare to see 25+ declude processes running at one time. From my experience when I have seen this it always pointed to a flaky or malfunctioning DNS server. The other caveat is depending on how many and the type of body filters you have could cause this. Something does seem wrong if your driving the cpu at 100% with a message volume of 2000 messages per hour with that type of box. Again, depending on your configuration of Declude this type of performance could be normal.. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. Darrell Goran Jovanovic writes: Hi, I know that the answer to this question is a big "it depends" but I am trying to get a feel if I have the server mostly configured correctly or am I missing things. I have a 1.4 GHz Celeron CPU with 512MB RAM and a RAID 1 hard drive system. We are pushing the CPU to 100% and close to 100% a lot of the time during core business hours. Declude log files report that we are processing 12 to 15 thousand messages a day. Based on a quick script I created I am seeing some hours where we are dealing with 2000 messages in that hour. I have also looked at Task Manager and at times I see 20 to 25 Declude processes running concurrently. I have a number of BODY search filters that I am skipping if a bypass filter was triggered (for things like PDF attachments etc). I also have two AV scanners F-Prot and McAfee. So the question is: With this setup should I be able to a lot more messages per hour/day or am I lucky that I am doing as many as I am. I would appreciate any thoughts/speculation etc Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hitting the CPU Wall
On Wednesday, September 1, 2004, 11:30:56 AM, Goran wrote: GJ> I have a 1.4 GHz Celeron CPU with 512MB RAM and a RAID 1 hard drive GJ> system. We are pushing the CPU to 100% and close to 100% a lot of the GJ> time during core business hours. Declude log files report that we are GJ> So the question is: With this setup should I be able to a lot more GJ> messages per hour/day or am I lucky that I am doing as many as I am. Based on bouncing off of 100% cpu usage frequently, and with the qualified "it depends" I think you might not want to push this much further. That said, I've got an NT4, P2/450/256MRam box running F-Prot and Message Sniffer with software RAID1 that is holding it's own against 1000+ Messages Per hour... This makes it look like your 1.4Ghz/512MB system should be able to handle more. -- hrm... be careful what you wish for, you might get it: thoughts and speculation ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Hitting the CPU Wall
Hi, I know that the answer to this question is a big "it depends" but I am trying to get a feel if I have the server mostly configured correctly or am I missing things. I have a 1.4 GHz Celeron CPU with 512MB RAM and a RAID 1 hard drive system. We are pushing the CPU to 100% and close to 100% a lot of the time during core business hours. Declude log files report that we are processing 12 to 15 thousand messages a day. Based on a quick script I created I am seeing some hours where we are dealing with 2000 messages in that hour. I have also looked at Task Manager and at times I see 20 to 25 Declude processes running concurrently. I have a number of BODY search filters that I am skipping if a bypass filter was triggered (for things like PDF attachments etc). I also have two AV scanners F-Prot and McAfee. So the question is: With this setup should I be able to a lot more messages per hour/day or am I lucky that I am doing as many as I am. I would appreciate any thoughts/speculation etc Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS
I have heard that getting a Windows DNS to look to the root servers is not the smartest thing to do since it does not work well. I do not know if this is true so I have always used forwarders. Are there any special tricks or setup rules you use to get the server to go to the root servers or do you just use the MS defaults? Thanx Goran Jovanovic The LAN Shoppe > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Fritz Squib > Sent: Tuesday, August 31, 2004 7:57 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] DNS > > Set up your own caching DNS server, don't rely on your upstream provider. > > I made the mistake of using forwarders back before I new better, Sprint > shut > me down one time because I was hammering on them with spam database > lookups. > > Fritz > > Frederick P. Squib, Jr. > Network Operations/Mail Administrator > Citizens Telephone Company of Kecksburg > http://www.wpa.net > > () ascii ribbon campaign - against html mail > /\- against microsoft attachments > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bill Morgan (by > way > of "R. Scott Perry" <[EMAIL PROTECTED]>) > Sent: Tuesday, August 31, 2004 6:51 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] DNS > > > Hi, > > I am having a problem with my upstream DNS provider. I have my own in- > house > DNS server but for non-local host DNS requests, they are forwarded to my > T1 > provider's DNS server. The problem is that their server has become > unreliable. Their server usually does not go down completely but just > slows > down. Most of the time I don't know there is a problem until someone > calls > me to complain about delayed or returned e-mail (and then I may find > several > thousand messaged in my overflow folder). > > What I was wondering is if there is a free or fee based outbound DNS > provider? Or is there a master DNS server that I should already be > pointing > to? > > Thanks for any advise that you can provide. > > Bill > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > --- > [This E-mail scanned by Citizens Internet Services with Declude Virus.] > > > --- > [This E-mail scanned by Citizens Internet Services with Declude Virus.] > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
