RE: [Declude.JunkMail] 4.3.x and 3.1.x planned release
No, NONSTANDARDHDR is only needed in the virus.cfg if you want to turn this vulnerability test off. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Wiegers Sent: Monday, September 18, 2006 10:32 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] 4.3.x and 3.1.x planned release I didn't notice a reply to this. Do you need to add the NONSTANDARDHDR test to the config file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, September 15, 2006 12:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] 4.3.x and 3.1.x planned release David, Is the NONSTANDARDHDR test on by default, or do you need to add it to your virus.cfg file? I've been running every version since 4.2.20, and I have never seen a message with a broken header moved to my \virus folder. Gary Original Message From: David Barker [EMAIL PROTECTED] Sent: Friday, September 15, 2006 11:42 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] 4.3.x and 3.1.x planned release Dave, We had implemented a fix for the broken image spam, in 4.2.20 New NONSTANDARDHDR vulnerability test. Messages found to have broken headers are moved to the \virus folder I do know of reports of broken headers still happening and we are re-evaluating this test to see if we can make it better. If you are running 4.2.20 or later and are still having problems with the broken images could you please send examples to support so we could look at them. Thanks David B. www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Friday, September 15, 2006 11:14 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] 4.3.x and 3.1.x planned release Still no fix for the broken image spam? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, September 15, 2006 7:59 AM To: declude.junkmail@declude.com; declude.virus@declude.com Subject: [Declude.JunkMail] 4.3.x and 3.1.x planned release The following items are being tested for Target Date release: 27 September 2006 4.3.x -- DEC FIX On occasion ZEROHOUR initialized two overlaping threads causing decludeproc crash JM FIX IPBYPASS now takes place before WHITELIST JM FIX X-COUNTRYCHAIN log entry no longer truncated JM FIX DELETE_RECIPIENT removes the specified email address as per-user action only JM FIX With HOLD if extra space after %DATE% incorrect behaviour was observed this is not been normalized HI FIX CONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly JM ADD BANCHARSET defined in the declude.cfg quarentines listed character sets EVA ADD With AVAFTERJM ON the JM Log displays message moved to virus folder 3.1.x -- JM FIX IPBYPASS now takes place before WHITELIST JM FIX X-COUNTRYCHAIN log entry no longer truncated JM FIX DELETE_RECIPIENT removes the specified email address as per-user action only JM FIX With HOLD if extra space after %DATE% incorrect behaviour was observed this is not been normalized JM FIX Declude crash fix. Buffer Overflow reading the From: line in the Headers HI FIX CONCATENATELOGS with KEEPINDIVIDUALLOGS works correctly SM ADD Decludeproc will not start without a valid domainlist.xml In addition to bug fixes we are also working on wishlist items that we have received regarding new tests. If you have any ideas of new tests you would like to see implemented please email your thoughts to me directly [EMAIL PROTECTED] Thanks David B www.declude.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
RE: [Declude.JunkMail] Way to filter bogus FRMOM domains ?
I was using a FROMFILE, subtracting a fairly large amount, and was getting stuff past it with from the forging domains. Obviously, not the best way to do it, but it worked well for the past few years. I've got a two new files using the suggestions from yesterday, one for GOOD-REVDNS adding a negative value, and one for BAD-REVDNS adding a good amount of points. Makes for better readability in the headers. Is there another test that compares the REVDNS and Sender's domain to check for a match ? Like the SPAMDOMAINS test without having to make a text file ? Not a killer test, but definitely worth a few points. Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, September 18, 2006 5:18 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Way to filter bogus FRMOM domains ? You didnt mention exactly on how you are letting in .gov, .us, .edu? Are you just checking via a fromfile or whitelist? If so I would shift that to negative weighting on reverse dns. REVDNS -x endswith .edu If you have to let it in - seem like the revdns might be a better fit. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. IS - Systems Eng. (Karl Drugge) writes: I've been trying to filter some SPAM that is using a false FROM domain. Stuff is coming from overseas ( spammachine.spamsite.spammer.pl [99.99.99.99] ), but is using a false from domain, such as ( [EMAIL PROTECTED] ). This stuff would fail, except DECLUDE shows it as coming from a .edu, and clears it ( assigns the appropriate negative value, I should say ). Now, for reasons I won't go into here, I HAVE to allow all mail from .edu domains, as well as .gov, and .us... I can't bounce it, and I have no other way to pre-allow email from some junior college in upper southern north Dakota... Any help on this ? Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Monday, September 18, 2006 12:33 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] OT: Disk pattern 0xDF in files - Microsoft confirms KB920958 bug! And it made its appearance over at the SANS Internet Storm Center handler's log: http://isc.sans.org/diary.php?storyid=1711 In short, Microsoft has admitted that there is a problem and updated their advisory and also provided a hotfix. Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Tuesday, September 12, 2006 7:16 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] OT: Disk pattern 0xDF in files - Microsoft confirms KB920958 bug! Andy, Not sure if you saw it but this issue was brought up on Slashdot yesterday, so it got some exposure. Heimir Andy Schmidt wrote: Hi, I finally was able to get a confirmation from Microsoft Support yesterday afternoon (case: SRZ060911001854) We are aware the issue you are experiencing. A corresponding bugcheck request is currently open, and the develop team is working on this issue. However, the hotfix for this issue is not ready. 0xDF is the data pattern that NTFS returns when it has problem to decompress the file (eg. the compression fragments are corrupted and can't be decompressed). Based on my research, the actual raw data on the disk is not changed, it shows as 0xDF because the system cannot decompress the file and display the data correctly. So the corrupt is not permanent. Further more, the issue only occurs on files which containing Hexadecimal codes. Apparently, Microsoft decided not to warn people about this problem - no comment has been added to KF920958 warning people which system configurations will cause data loss (who cares if it's not permanent if you can't use your data for a few months). Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: Thursday, August 24, 2006 03:21 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] OT: Disk pattern 0xDF in files - KB920958 may be bad! Answers below. Andy Schmidt wrote: Hi Heimir: I've been running a number of tests, am in contact with a third Microsoft customer and some pattern seems to emerge. I also have a lead to a questionable Hotfix, but I'm trying to qualify that first. Can we first compare your systems to see what's the same (and may be relevant) and what's different: A)
[Declude.JunkMail] automated response
This is an automated reply. I will be out of the office on Tuesday, September 20 and will return on Wednesday, September 21. I will begin returning messages as soon as possible on Wednesday. Thank you. John Richardson Microcomputer Support Services Washington State Community College --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] California Regional Intranet
Title: Message We don't block there IPs but we do have them on a high weight. I have seen nothing but spam come out of there. Chuck SchickWarp 8, Inc.(303)-421-5140www.warp8.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin BilbeeSent: Monday, September 18, 2006 2:28 PMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] California Regional Intranet This IPS seems to be very friendly with the Spammers. What are your thoughts about blocking their entire assigned IP range?? Kevin BilbeeNetwork AdministratorStandard Abrasives, Inc.[EMAIL PROTECTED]Changing the way industry works. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] Spam Spike
Hi All, We have recently gone from processing 30,000 emails daily to 85,000 daily. 75,000 are getting caught by Declude Message Sniffer (I love this combo). There are a total of 300,000 attempted RCPT TOs daily. 1) Has anyone experienced recent spikes like this? How can I reasonably handle this? I have run several analytics and found that these emails are not targeting a specific user or specific domain. Additionally, there are no blocks of IPs that are responsible. 2) What are the realistic limits of Imail / Declude / Message Sniffer (I KNOW this is platform specific, just looking for ballpark). 3) What can I do to squeze out more juice from this server? Software: IMail 8.22 (because we are still scared of 2006), Declude Virus and Junkmail 2.0.6, and Sniffer most recent version Hardware: Windows Server 2003 box with a 3 ghz XEON, and 1 Gig ram. Thanks for the help! -Chris -- Best Regards, Chris Anton Web Solutions, Inc. Tel: 203-235- x25 [EMAIL PROTECTED] www.websolutions.net -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] California Regional Intranet
-- Original Message -- From: Kevin Bilbee [EMAIL PROTECTED] This IPS seems to be very friendly with the Spammers. What are your thoughts about blocking their entire assigned IP range?? California Regional Intranet, Inc. is a San Diego, CA based ISP (www.cari.net). We have received nothing but spam from their network within the following two CIDRs: CIDR: 71.6.128.0/19 CIDR: 209.126.128.0/17 Consequently, we block these CIDRs in Imail (not Declude). I hope this helps! Kim W. Premuda FastWave Internet Services San Diego, CA -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam Spike
Comment's inline, Darrell Chris Anton writes: 1) Has anyone experienced recent spikes like this? How can I reasonably handle this? Yes, we have very often see signifigant swings in spam. How to handle it is a good question. That typically depends on what the spam campaign is. We have found recipient address validation helps the most. We than do analysis (using DLAnalyzer IP reports) and find the IP addresses who send the most spam and block those. I have run several analytics and found that these emails are not targeting a specific user or specific domain. Additionally, there are no blocks of IPs that are responsible. Is it spam going to valid users? Or just your generic dictionary attacks? 2) What are the realistic limits of Imail / Declude / Message Sniffer (I KNOW this is platform specific, just looking for ballpark). 3) What can I do to squeze out more juice from this server? Software: IMail 8.22 (because we are still scared of 2006), Declude Virus and Junkmail 2.0.6, and Sniffer most recent version Hardware: Windows Server 2003 box with a 3 ghz XEON, and 1 Gig ram. On some of the server I maintain we are doing 150K messages a day on a dual xeon 2.6ghz. With no issues (invURIBL, Sniffer). What is your current CPU usage like? Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Spike
Hi Chris, You should also consider using declude hijack even though that only catches spammers using the smtp server. It only takes 1 idiot client to make the password easy to guess and bang, spammer sits and uses your server without you really knowing until you get blacklisted. Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com E : [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, September 19, 2006 7:36 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Spam Spike Comment's inline, Darrell Chris Anton writes: 1) Has anyone experienced recent spikes like this? How can I reasonably handle this? Yes, we have very often see signifigant swings in spam. How to handle it is a good question. That typically depends on what the spam campaign is. We have found recipient address validation helps the most. We than do analysis (using DLAnalyzer IP reports) and find the IP addresses who send the most spam and block those. I have run several analytics and found that these emails are not targeting a specific user or specific domain. Additionally, there are no blocks of IPs that are responsible. Is it spam going to valid users? Or just your generic dictionary attacks? 2) What are the realistic limits of Imail / Declude / Message Sniffer (I KNOW this is platform specific, just looking for ballpark). 3) What can I do to squeze out more juice from this server? Software: IMail 8.22 (because we are still scared of 2006), Declude Virus and Junkmail 2.0.6, and Sniffer most recent version Hardware: Windows Server 2003 box with a 3 ghz XEON, and 1 Gig ram. On some of the server I maintain we are doing 150K messages a day on a dual xeon 2.6ghz. With no issues (invURIBL, Sniffer). What is your current CPU usage like? Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam Spike
Darrell, We are averaging 40 to 50% on the processor. I was just surprised because in 3 years we haven't seen a spike this large. Most of them are dictionary style. But since they aren't from the same IP, I don't think the imail 2006 dictionary feature would help us. Thoughts? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam Spike
I say about 25% more spam yesterday than last Monday (9-11) - Original Message - From: Chris Anton [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, September 19, 2006 11:31 AM Subject: [Declude.JunkMail] Spam Spike Hi All, We have recently gone from processing 30,000 emails daily to 85,000 daily. 75,000 are getting caught by Declude Message Sniffer (I love this combo). There are a total of 300,000 attempted RCPT TOs daily. 1) Has anyone experienced recent spikes like this? How can I reasonably handle this? I have run several analytics and found that these emails are not targeting a specific user or specific domain. Additionally, there are no blocks of IPs that are responsible. 2) What are the realistic limits of Imail / Declude / Message Sniffer (I KNOW this is platform specific, just looking for ballpark). 3) What can I do to squeze out more juice from this server? Software: IMail 8.22 (because we are still scared of 2006), Declude Virus and Junkmail 2.0.6, and Sniffer most recent version Hardware: Windows Server 2003 box with a 3 ghz XEON, and 1 Gig ram. Thanks for the help! -Chris -- Best Regards, Chris Anton Web Solutions, Inc. Tel: 203-235- x25 [EMAIL PROTECTED] www.websolutions.net -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] California Regional Intranet
Declude's gateway software ships with an automated block list. Default is 3 mail from the same IP with a weight of 40 blocks the IP for 14 days. On 9/19/06, Kim Premuda [EMAIL PROTECTED] wrote: -- Original Message --From: Kevin Bilbee [EMAIL PROTECTED]This IPS seems to be very friendly with the Spammers. What are your thoughts about blocking their entire assigned IP range??California Regional Intranet, Inc. is a San Diego, CA based ISP (www.cari.net). We have received nothing but spam from their network within the following two CIDRs: CIDR: 71.6.128.0/19 CIDR: 209.126.128.0/17Consequently, we block these CIDRs in Imail (not Declude).I hope this helps! Kim W. PremudaFastWave Internet ServicesSan Diego, CA--Kim W. PremudaFastWave Internet ServicesSan Diego, CA-This E-mail came from the Declude.JunkMail mailing list.To unsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype unsubscribe Declude.JunkMail.The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Spike
Getting pelted here... Mostly from cinci.rr.com... Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Tuesday, September 19, 2006 2:29 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Spam Spike I say about 25% more spam yesterday than last Monday (9-11) - Original Message - From: Chris Anton [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, September 19, 2006 11:31 AM Subject: [Declude.JunkMail] Spam Spike Hi All, We have recently gone from processing 30,000 emails daily to 85,000 daily. 75,000 are getting caught by Declude Message Sniffer (I love this combo). There are a total of 300,000 attempted RCPT TOs daily. 1) Has anyone experienced recent spikes like this? How can I reasonably handle this? I have run several analytics and found that these emails are not targeting a specific user or specific domain. Additionally, there are no blocks of IPs that are responsible. 2) What are the realistic limits of Imail / Declude / Message Sniffer (I KNOW this is platform specific, just looking for ballpark). 3) What can I do to squeze out more juice from this server? Software: IMail 8.22 (because we are still scared of 2006), Declude Virus and Junkmail 2.0.6, and Sniffer most recent version Hardware: Windows Server 2003 box with a 3 ghz XEON, and 1 Gig ram. Thanks for the help! -Chris -- Best Regards, Chris Anton Web Solutions, Inc. Tel: 203-235- x25 [EMAIL PROTECTED] www.websolutions.net -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam Spike
Chris, Are the bulk of your users local to the server or gatewayed? Darrell --- invURIBL - Stop spam at its source.. SURBL/URIBL integration with Declude. http://www.invariantsystems.com Chris Anton writes: Darrell, We are averaging 40 to 50% on the processor. I was just surprised because in 3 years we haven't seen a spike this large. Most of them are dictionary style. But since they aren't from the same IP, I don't think the imail 2006 dictionary feature would help us. Thoughts? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ASSP
There were a couple of recent posts from folks who had recently implemented ASSP. We have to do the same due to the vulnerability in Imail 8.22. I'd appreciate any comments, suggestions, etc. OFF LIST, from those who have already fell in the holes, etc. Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam Spike
Hi Darrell, 80% of our users are local, 10% are Gatewayed, 10% are remote. The 85,000 daily are inbound. -Chris --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ASSP
I am interested in this also. Maybe it can be on list? Harry Vanderzand inTown Internet Computer Services 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Tuesday, September 19, 2006 3:03 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] ASSP There were a couple of recent posts from folks who had recently implemented ASSP. We have to do the same due to the vulnerability in Imail 8.22. I'd appreciate any comments, suggestions, etc. OFF LIST, from those who have already fell in the holes, etc. Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ASSP
Maybe you should run your assp gateway against the Declude interceptorOn 9/19/06, Harry Vanderzand [EMAIL PROTECTED] wrote:I am interested in this also.Maybe it can be on list?Harry Vanderzand inTown Internet Computer Services519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Don Brown Sent: Tuesday, September 19, 2006 3:03 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail ] ASSP There were a couple of recent posts from folks who had recently implemented ASSP. We have to do the same due to the vulnerability in Imail 8.22. I'd appreciate any comments, suggestions, etc.OFF LIST, from those who have already fell in the holes, etc. Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list.To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail .The archives can be found at http://www.mail-archive.com.---This E-mail came from the Declude.JunkMail mailing list.To unsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype unsubscribe Declude.JunkMail.The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
Re: [Declude.JunkMail] ASSP
To the best of my knowledge Declude Interceptor is really no different than the regular version of Declude packaged into a gateway. The real benefit of Interceptor is that you are no longer coupled to Imail/Smartermail in the gateway environment. From my testing you had all of the same files under the Declude folder (global.cfg, virus.cfg, declude.cfg, etc). They have a very nice web interface for managing the product. Having the option to have Declude not bundled with Imail or Smartermail is nice. However, I did not see any real difference with the products. David - What is new in Interceptor that I may have missed compared to the version of Declude we run under Imail\Smartermail. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. xx-xx- --x--x writes: Maybe you should run your assp gateway against the Declude interceptor On 9/19/06, Harry Vanderzand [EMAIL PROTECTED] wrote: I am interested in this also. Maybe it can be on list? Harry Vanderzand inTown Internet Computer Services 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Tuesday, September 19, 2006 3:03 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] ASSP There were a couple of recent posts from folks who had recently implemented ASSP. We have to do the same due to the vulnerability in Imail 8.22. I'd appreciate any comments, suggestions, etc. OFF LIST, from those who have already fell in the holes, etc. Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamcop blocked message but not blocked
Today I found this in a message (declude logs) Msg failed SPAMCOP (Blocked - see http://www.spamcop.net/bl.shtml?216.9.248.51; I verified why was this address blocked and found out that Spamcop site says 216.9.248.51 not listed in bl.spamcop.net Verification was done 5 hours after the blocked message was received. IP belongs to one of the Blackberry's smtp servers. Any ideas? Could an address be removed within few hours?. Any ideas? Is Spamcop failing or this is common? Luis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ASSP
The only real difference is COST!!! $12,500 for more than 5,000 users - PER YEAR. Wowza ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, September 19, 2006 5:27 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] ASSP To the best of my knowledge Declude Interceptor is really no different than the regular version of Declude packaged into a gateway. The real benefit of Interceptor is that you are no longer coupled to Imail/Smartermail in the gateway environment. From my testing you had all of the same files under the Declude folder (global.cfg, virus.cfg, declude.cfg, etc). They have a very nice web interface for managing the product. Having the option to have Declude not bundled with Imail or Smartermail is nice. However, I did not see any real difference with the products. David - What is new in Interceptor that I may have missed compared to the version of Declude we run under Imail\Smartermail. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. xx-xx- --x--x writes: Maybe you should run your assp gateway against the Declude interceptor On 9/19/06, Harry Vanderzand [EMAIL PROTECTED] wrote: I am interested in this also. Maybe it can be on list? Harry Vanderzand inTown Internet Computer Services 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Tuesday, September 19, 2006 3:03 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] ASSP There were a couple of recent posts from folks who had recently implemented ASSP. We have to do the same due to the vulnerability in Imail 8.22. I'd appreciate any comments, suggestions, etc. OFF LIST, from those who have already fell in the holes, etc. Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.