[Declude.JunkMail] Anybody else seeing these? (Yahoo Mail)
Delivery failed 20 attempts: [EMAIL PROTECTED] Unexpected connection response from server: 451 Message temporarily deferred - 4.16.50 - Getting emails saying they can't email anybody at yahoo.. Very random. Diff domains. I looked over everything, noticed some little errors.. But I can't see to find anything on 4.16.50 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Anybody else seeing these? (Yahoo Mail)
Yes. It's been going on for about 2 days or so now. Was discussed in the Imail list. Yahoo claims that the problem is due to overwhelming spam traffic. Running the dnsstuff email test against a Yahoo account yields a response of 'successful connection but got an unknown greeting' from all 15 of their mail servers. Hopefully, they'll get it worked out soon. Service has been hit or miss...mostly miss. Troy D. Hilton Serveon, Inc. 302-529-8640 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Thursday, October 19, 2006 11:20 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Anybody else seeing these? (Yahoo Mail) Delivery failed 20 attempts: [EMAIL PROTECTED] Unexpected connection response from server: 451 Message temporarily deferred - 4.16.50 - Getting emails saying they can't email anybody at yahoo.. Very random. Diff domains. I looked over everything, noticed some little errors.. But I can't see to find anything on 4.16.50 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
Yeah, what Matt said. Message splitting before junkmail filtering would bepunishing for CPU time and somewhat more for disk time; message splitting for the sake of whitelisting (or alternate actions)after junkmail filtering would be an incremental cost. And message splitting before junkmail filtering on a system that has a wildcard email address would be lethal for that system. Andrew. p.s. In my corporate network, we email each other a lot, and we see that Exchange "single instance storage" of a message only saves us 20% of the disk space. And that includes single storage of a message in my Sent Items as well as in my neighbour's Inbox and the next guy's Deleted Items. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, October 18, 2006 8:20 PMTo: declude.junkmail@declude.comSubject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? I have some stats here that suggest otherwise. We only have 5% more recipients than messages that make it through our gateway, and we only return permanent errors presently for mail bombing related activities. This however is a dedicated gateway and not a hosted mail server, so stats from a hosted mail server would see a slightly higher rate since most multiple-recipient E-mails are internal to a server. If you are splitting on a gateway and not splitting internal E-mail, you should see no increase beyond my numbers.It's a doable solution if one has the need.MattJay Sudowski - Handy Networks LLC wrote: Also, realize that on servers processing a large volume of messages per day, the additional IO necessary to create duplicate messages and header files for each specific recipient would be a death sentence... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Barker Sent: Wednesday, October 18, 2006 9:30 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? To create a duplicate message for each recipient is not a trivial issue. This is a function of the mail server not Declude. David Barker Director of Product Development Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee Sent: Tuesday, October 17, 2006 5:08 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Delcude has always functioned like this. What declude could do in this case is to duplicate the message for each recipient and write a new header file to each recipient. Not a big issue. Deliver to the one that whitelists and run the spam checks for the others. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Tuesday, October 17, 2006 12:37 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? It's actually more of an issue of how the mail server handles the message. In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no. Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic. Darin. - Original Message - From: "Dave Beckstrom" [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 17, 2006 3:11 PM Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the "TO" address for mail sent to the list server email address. However, spammers will send an email to a dozen of our mail addresses (12 recipients) one of which is the whitelised "TO" address for the listserver. Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted. That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, October 17, 2006 11:25 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail]
[Declude.JunkMail] Declude4.3.14 appends header BEHIND email
Hi, Declude apparently has problems correctly identifying the location of headers if a mail is malformed. I wonder whether it is confused by single CRs or single LFs or LF/CR in the header. Clearly, Imail and Outlook knew where the body of the message was - but Declude appended its own headers at the bottom (scroll down to the bottom of the enclosed message to see them). So, if Imail can do it right, there clearly is a way to correct this. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- Received: from SMTP32-FWD by Mail.Webhost.HM-Software.com (SMTP32) id AD58301B83F7D; Wed, 18 Oct 2006 03:19:47 -0400 Received: from localhost [58.8.109.158] by hm-software.com (SMTPD-9.10) id A584158A8; Wed, 18 Oct 2006 03:19:32 -0400 Message-ID: [EMAIL PROTECTED] From: Photoshop Software [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: New software uploaded by Thomas on Oct 18 03:00:00 -4 2006 Date: Wed, 18 Oct 2006 14:19:29 +0700 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.150 X-RCPT-TO: [EMAIL PROTECTED] Status: X-UIDL: 461175954 X-IMail-ThreadID: d59301949140 From: Photoshop Software [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 18, 2006 03:19 AM To: [EMAIL PROTECTED] Subject: New software uploaded by Thomas on Oct 18 03:00:00 -4 2006 Thomas has uploaded some new software for you! Click here to view available updated software: http://update.eroemina.com/?Thomas % cd /usr/ports-current/emulators/linux_lib idea establish a presence in the technical lists before asking to join number. setup Because no files were listed for the lpr command, lpr read the data to each machine. For this we use the ext_srvtab command. This will function is used, it is not possible to generate future one-time find them in /usr/ports/distfiles, which is why we sym-linked the and underlining for printers that might not deal with such character DMA Address and Count Registers This document provides suggestions for setting up SLIP Server services attempt to make a deadline? Something unpleasant lurking in the this among the processes displayed: installed linux applications find FreeBSD's /etc/host.conf and o Plauger, P. J. The Standard C Library. Prentice Hall, 1992. 3:uriah # kgdb kernel /var/crash/vmcore.1 (for a NCR hostadapter based system see man ncrcontrol) plain text jobs (when there is no text (input) filter). Now you run FreeBSD diskless, even though you do not control the the most fundamental goals of Free Software and one that we Autoloaders/Changers bandwidth). Enter new key [default kh94742]: allocate an additional 10 blocks. Attempting to allocate an regular backups so there is no need to worry about the software. settings, locking initializing devices, and setting terminal # configured the appropriate system files to allow logins through your generic Ethernet protocol code. Registers''. kk k e ll yy Enter Kerberos master key: leave enough room in some temporary directory (which you will be Use this device if you have a Logitech or ATI InPort bus mouse the contents of the FIFO are discarded. logged in as yourself: This section tells about the various ways you can connect a printer To accept the default seed (which the `keyinit' program confusingly all categories have interrupts enabled) to The above script makes use of lprps again to handle the communication 10.4.5.7.2. 100 100 moveto 300 300 lineto stroke # your login and password in this script , also you will need to change communications bandwidth is not a consideration, use sup or ftp. Fourth, test the floppies (either boot.flp and fixit.flp or the two o Thousands of additional and easy-to-port applications available on * Mini-Cartridge 15.1. What is FreeBSD-current? jumper. Hard sectoring means that the drive will produce a sector between versions. since it's generated by a program of that name. touch your tree. To verify a delta you can also use the ``-c'' flag contains a keyword and one or more arguments. For simplicity, most to put the spooling directories under a single directory that you the tape at target ID 6 is wired down to unit number 1. Note that To continue the operation of an interrupted kernel, simply type restore contain: patchkit's last 3 coordinators: Nate Williams, Rod Grimes and myself. The boot message identifier for this drive is A conversion filter is like the text filter for the simple printer mkdir /mnt/var to tell FreeBSD where things are. is ``floppies/root.flp'', which is somewhat special in that it is not filter program. # cd /usr/ports if [ X${pid} != X ] ; then Connected to himalia.lcs.mit.edu. check on jobs for various printers. If you do not
[Declude.JunkMail] Declude 4.3.14 - Issues
Hi, I'm running my first few tests. ISSUE 1 - Mail Headers My mail headers now include X-Declude-RefID: I never requested that header in my config file! ISSUE 2 - Log Files LOGLEVEL MID and HIGH is no longer recording messages in the DEC*.log. (The message was a whitelisted message.) The virus log still works: 10/17/2006 16:35:25.155 q3e8a013600f7.smd Log Level set to MID10/17/2006 16:35:25.170 q3e8a013600f7.smd Vulnerability flags = 010/17/2006 16:35:26.264 q3e8a013600f7.smd Virus scanner 1 reports exit code of 010/17/2006 16:39:20.270 q3f77013600fd.smd Vulnerability flags = 010/17/2006 16:39:21.255 q3f77013600fd.smd Virus scanner 1 reports exit code of 010/17/2006 17:00:35.428 q446e01360114.smd Vulnerability flags = 010/17/2006 17:00:36.444 q446e01360114.smd Virus scanner 1 reports exit code of 010/17/2006 17:03:15.557 q451001360119.smd Vulnerability flags = 010/17/2006 17:03:16.557 q451001360119.smd Virus scanner 1 reports exit code of 010/17/2006 17:05:00.685 q45780136011c.smd Vulnerability flags = 010/17/2006 17:05:01.685 q45780136011c.smd Virus scanner 1 reports exit code of 0 But, for those messages, the Declude Junkmail no longerhave any entries- unless I set LOGLEVEL DEBUG. The only message that has log entires for Declude Junkmail is messageID q446e01360114, because I had set log level to DEBUG for that: 10/17/2006 16:35:25.155 q3e8a013600f7.smd Declude v4.3.14 for IMail10/17/2006 17:00:35.428 q446e01360114.smd CFG: Bypassing IP 63.107.174.32.10/17/2006 17:00:35.428 q446e01360114.smd CFG: Bypassing IP 65.119.204.32.10/17/2006 17:00:35.428 q446e01360114.smd CFG: Bypassing IP 67.132.45.18.10/17/2006 17:00:35.428 q446e01360114.smd CFG: Bypassing IP 127.0.0.1.10/17/2006 17:00:35.428 q446e01360114.smd CFG: Set hop to 0.10/17/2006 17:00:35.428 q446e01360114.smd STOPPROCESSINGONFIRSTDELETE: Set to ON10/17/2006 17:00:35.428 q446e01360114.smd Setting AUTOWHITELIST to ON10/17/2006 17:00:35.428 q446e01360114.smd CFG: Whitelisting AUTH . more debug lines... 10/17/2006 17:00:40.897 q446e01360114.smd Test #26 [SORBS] is same as Test #33 [SORBS-ZOMBIE=127.0.0.9]. Answer=dns.isux.com.?10/17/2006 17:00:40.897 q446e01360114.smd Last line of headers checking for Recived: X-Auth: Yes 10/17/2006 17:00:40.897 q446e01360114.smd Skipping4 E-mail from IP 63.107.174.136; whitelisted (63.107.174.0/24). nm=ff0010/17/2006 17:00:40.897 q446e01360114.smd AlterMessage10/17/2006 17:00:40.897 q446e01360114.smd Subject = []10/17/2006 17:00:40.897 q446e01360114.smd Warning = [X-Declude-RefID: X-Declude: Version 4.3.14; D446e01360114.smd from corner-office.usa.hm-software.com [63.107.174.136] X-Declude: Code 0 X-Declude: Triggered [0] Whitelisted X-Countries: Return-Path: [EMAIL PROTECTED] ]10/17/2006 17:00:40.897 q446e01360114.smd Header = []10/17/2006 17:00:40.897 q446e01360114.smd Footer = []10/17/2006 17:00:40.897 q446e01360114.smd MoveFile in AlterMessage - datafile = [D:\IMail\spool\proc\work\D446e01360114.smd] TempFile = [D:\IMail\spool\proc\work\D446e01360114.sm$]10/17/2006 17:00:40.897 q446e01360114.smd Adding warning [X-Declude-RefID: X-Declude: Version 4.3.14; D446e01360114.smd from corner-office.usa.hm-software.com [63.107.174.136] X-Declude: Code 0 X-Declude: Triggered [0] Whitelisted X-Countries: Return-Path: [EMAIL PROTECTED] ]10/17/2006 17:00:40.897 q446e01360114.smd TempFile = [D:\IMail\spool\proc\work\D446e01360114.sm$]10/17/2006 17:00:40.897 q446e01360114.smd TempFile = [D:\IMail\spool\proc\work\D446e01360114.sm$] was deleted10/17/2006 17:00:40.897 q446e01360114.smd passiton set - args [D:\IMail\spool\proc\work\q446e01360114.smd]10/17/2006 17:00:40.897 q446e01360114.smd Attempting to move files to spool10/17/2006 17:00:40.897 q446e01360114.smd Files successfully moved back to spool10/17/2006 17:00:40.897 q446e01360114.smd Passing to SMTP32: D:\IMAIL\smtp32.exe D:\IMail\spool\q446e01360114.smd. Here is my Global.CFG LOGFILESpool\dec.logLOGLEVELHIGH#LOGFILE Spool\decX.log#LOGLEVELDEBUG #PID / PID DEBUG #EVENTLOGON#LOG_OKNONE Issue 3 Incorrect Phone Number Your auto-response system sends out a three paragraph notice - the last paragraph has an incorrect phone number: Call customer care 866-332-5822 #3 to purchase or renew a service agreement. Issue4Declude appends its headers BELOW the content of an email While Imail is able toinsert the header at the correct location, Declude appends it headers at the bottom.That explains why some email seem to "bypass" Declude. Depending on the message format you might not even see any emailheaders (e.g., for HTML messages)Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe,
[Declude.JunkMail] Suge of spam in recient week.
I have been getting a lot of spam reciently. The subjects are typical and the From always displays as a common first name. For each of these messages, I see no declude content. The ip and the address are not excluded or whitelisted and if it were an xheader should say it was. For some reason there is no declude processing here. Any ideas? The following is the header for one of these messages: Received: from cyrix [82.201.160.214] by mail.ncats.net with ESMTP (SMTPD-9.10) id A0881C80; Wed, 18 Oct 2006 21:10:32 -0400 Message-ID: [EMAIL PROTECTED] From: Robert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Cheapest way to solve health problems. Date: Thu, 19 Oct 2006 03:10:34 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=ms030809000704050003000706 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 I would normally see a header like this: Received: from 203.111.235.51 [203.111.235.51] by mail.ncats.net (SMTPD-9.10) id AD4E1464; Wed, 18 Oct 2006 20:56:46 -0400 Received: from mx3.mail.yahoo.com by 203.111.235.51 (8.12.11/8.12.11) with ESMTP id Yz77Trqj3H8fGj for [EMAIL PROTECTED]; Wed, 18 Oct 2006 21:53:53 -0400 Received: from [251.130.5.67] by mx3.mail.yahoo.com with ESMTP (Exim 4.05) id NyG7OgPl6HWI for [EMAIL PROTECTED]; Wed, 18 Oct 2006 21:53:53 -0400 Date: Wed, 18 Oct 2006 21:53:53 -0400 From: Bridgett Kim [EMAIL PROTECTED] Reply-To: Bridgett Kim [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SEXUALLY EXPLICIT : Hidden upskirt camera shots MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=203.111.235.51 X-RBL-Warning: SORBS-WEB: Exploitable Server See: http://www.sorbs.net/lookup.shtml?203.111.235.51 X-RBL-Warning: BADWHOIS: Inaccurate or missing WHOIS data X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: DYNHELO: Dynamic HELO found. X-RBL-Warning: HELOBOGUS: Domain 203.111.235.51 has no MX or A records [0301]. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 203.111.235.51 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-RBL-Warning: WEIGHT10: Weight of 52 reaches or exceeds the limit of 10. X-RBL-Warning: WEIGHT14: Weight of 52 reaches or exceeds the limit of 14. X-RBL-Warning: WEIGHT20: Weight of 52 reaches or exceeds the limit of 20. X-Declude-Sender: [EMAIL PROTECTED] [203.111.235.51] X-Declude-Spoolname: Dcd4d0321c10b.smd X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.3.14 for spam. http://www.declude.com/x-note.htm X-Declude-Scan: Incoming Score [52] at 20:56:55 on 18 Oct 2006 X-Declude-Fail: CBL [6], SORBS-WEB [5], BADWHOIS [3], NOABUSE [2], NOPOSTMASTER [1], CMDSPACE [8], DYNHELO [5], HELOBOGUS [5], REVDNS [10], ROUTING [2], COUNTRY-NONUS-CANADA [5], WEIGHT10 [10], WEIGHT14 [14], WEIGHT20 [20], WEIGHT30 [30] X-Country-Chain: [IANA Reserved]-PHILIPPINES-destination X-RCPT-TO: [EMAIL PROTECTED] Status: X-UIDL: 451635306 X-IMail-ThreadID: cd4d0321c10b ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Suge of spam in recient week.
Will, Use Notepad to check the tail end of the file. The Declude headers may be at the end of the file. If the Declude headers are at the end of the file, note whether or not: 1. The Received: lines appear normal 2. There may or may not be some X-Header lines immediately after the Received: lines that appear normal 3. The From, To, Subject and body of the message all appear to be onone or two lines in Notepad. 4. Followed by Declude headers If the above is true, then: 1.The message is in violation of RFC in that it is missing either carriage returns or line feeds. The RFC calls for lines to be terminated by a carriage return/line feed pair. 2. This is a known issue with Declude handling these types of messages. Based on observation, it appears that Declude processes messages in line-mode rather than byte-mode. Rather interesting that Declude trusts spammers and virus writers toconstruct messages according to RFC. - Let me know what you find. While writing this message, I happened to think about attachments. It would appear to me, that there is an implied possibility for attachments and therefore viruses to pass through undetected. All that should berequired is that the lines that make up the entire email, including the attachment section, be terminated with line feeds instead of carriage return/line feed pairs. Under such condition, Declude would see only one line and not find the relevant sections. I will test this possibility. Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll Free) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WillSent: Thursday, October 19, 2006 4:52 PMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] Suge of spam in recient week. I have been getting a lot of spam reciently. The subjects are typical and the From always displays as a common first name. For each of these messages, I see no declude content. The ip and the address are not excluded or whitelisted and if it were an xheader should say it was. For some reason there is no declude processing here. Any ideas? The following is the header for one of these messages: Received: from cyrix [82.201.160.214] by mail.ncats.net with ESMTP (SMTPD-9.10) id A0881C80; Wed, 18 Oct 2006 21:10:32 -0400 Message-ID: [EMAIL PROTECTED] From: "Robert" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Cheapest way to solve health problems. Date: Thu, 19 Oct 2006 03:10:34 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="ms030809000704050003000706" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 I would normally see a header like this: Received: from 203.111.235.51 [203.111.235.51] by mail.ncats.net (SMTPD-9.10) id AD4E1464; Wed, 18 Oct 2006 20:56:46 -0400 Received: from mx3.mail.yahoo.com by 203.111.235.51 (8.12.11/8.12.11) with ESMTP id Yz77Trqj3H8fGj for [EMAIL PROTECTED]; Wed, 18 Oct 2006 21:53:53 -0400 Received: from [251.130.5.67] by mx3.mail.yahoo.com with ESMTP (Exim 4.05) id NyG7OgPl6HWI for [EMAIL PROTECTED]; Wed, 18 Oct 2006 21:53:53 -0400 Date: Wed, 18 Oct 2006 21:53:53 -0400 From: Bridgett Kim [EMAIL PROTECTED] Reply-To: Bridgett Kim [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SEXUALLY EXPLICIT : Hidden upskirt camera shots MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-RBL-Warning: CBL: "Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=203.111.235.51" X-RBL-Warning: SORBS-WEB: "Exploitable Server See: http://www.sorbs.net/lookup.shtml?203.111.235.51" X-RBL-Warning: BADWHOIS: "Inaccurate or missing WHOIS data" X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]" X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]" X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: DYNHELO: Dynamic HELO found. X-RBL-Warning: HELOBOGUS: Domain 203.111.235.51 has no MX or A records [0301]. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 203.111.235.51 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-RBL-Warning: WEIGHT10: Weight of 52 reaches or exceeds the limit of 10. X-RBL-Warning: WEIGHT14: Weight of 52 reaches or exceeds the limit of 14. X-RBL-Warning: WEIGHT20: Weight of 52 reaches or exceeds the limit of 20. X-Declude-Sender: [EMAIL PROTECTED] [203.111.235.51] X-Declude-Spoolname: Dcd4d0321c10b.smd X-Declude-RefID: X-Declude-Note: Scanned by
RE: [Declude.JunkMail] Whitelisting flaw in Declude?
A new tag (whitelistunique) which only would whitelist if the email had a single recipient would solve the problem and be much safer. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Thursday, October 19, 2006 11:45 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting flaw in Declude? Yeah, what Matt said. Message splitting before junkmail filtering would bepunishing for CPU time and somewhat more for disk time; message splitting for the sake of whitelisting (or alternate actions)after junkmail filtering would be an incremental cost. And message splitting before junkmail filtering on a system that has a wildcard email address would be lethal for that system. Andrew. p.s. In my corporate network, we email each other a lot, and we see that Exchange single instance storage of a message only saves us 20% of the disk space. And that includes single storage of a message in my Sent Items as well as in my neighbour's Inbox and the next guy's Deleted Items. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Wednesday, October 18, 2006 8:20 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Whitelisting flaw in Declude? I have some stats here that suggest otherwise. We only have 5% more recipients than messages that make it through our gateway, and we only return permanent errors presently for mail bombing related activities. This however is a dedicated gateway and not a hosted mail server, so stats from a hosted mail server would see a slightly higher rate since most multiple-recipient E-mails are internal to a server. If you are splitting on a gateway and not splitting internal E-mail, you should see no increase beyond my numbers. It's a doable solution if one has the need. Matt Jay Sudowski - Handy Networks LLC wrote: Also, realize that on servers processing a large volume of messages perday, the additional IO necessary to create duplicate messages and headerfiles for each specific recipient would be a death sentence...-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf OfDavid BarkerSent: Wednesday, October 18, 2006 9:30 AMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Whitelisting flaw in Declude?To create a duplicate message for each recipient is not a trivial issue.This is a function of the mail server not Declude.David BarkerDirector of Product DevelopmentYour Email security is our business978.499.2933 office978.988.1311 fax[EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf OfKevinBilbeeSent: Tuesday, October 17, 2006 5:08 PMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Whitelisting flaw in Declude?Delcude has always functioned like this.What declude could do in this case is to duplicate the message for eachrecipient and write a new header file to each recipient. Not a bigissue.Deliver to the one that whitelists and run the spam checks for theothers.Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin CoxSent: Tuesday, October 17, 2006 12:37 PMTo: declude.junkmail@declude.comSubject: Re: [Declude.JunkMail] Whitelisting flaw in Declude?It's actually more of an issue of how the mail server handles the message.In the case of multiple recipients, since there is only one message file addressed to multiple recipients in the headers, it's either deliver or not deliver unless you rewrite the headers to modify the recipient list. I think I'd rather not have the spam filtering system alter that. Add to the header, yes. Alter the recipients, no.Also, I have not come across a situation where I wanted to let a message go through to one recipient and not to others, except in the situation of lists which is a whole other topic.Darin.- Original Message -From: Dave Beckstrom [EMAIL PROTECTED]To: declude.junkmail@declude.comSent: Tuesday, October 17, 2006 3:11 PMSubject: RE: [Declude.JunkMail] Whitelisting flaw in Declude?I would call that a flaw, then, in how Declude processes the whitelist. I have a listserver email address for which I do not want email spam checked. This is because I don't want messages going out to the list that say SPAM in the subject line. Because nobody who is not a member on the list can post to the list, there is no problem whitelisting the TOaddressfor mail sent to the list server email address.However, spammers will send an email to a dozen of our mail addresses(12recipients) one of which is the whitelised TO address for the listserver.Because of the way Declude processes the whitelist, that means that the other 11 recipient receive the spam even though mail to them is not whitelisted.That is a bad design on Declude's part, wouldn't you agree? Anyone else feel that this needs to be rectified? -Original Message-From: