Re: [Declude.JunkMail] Header Information Util...
Ahh, so you only want stats after your manual filtering process. What do you do in your manual filtering process? Due to the manual process, I understand now why you were saying parsing the individual messages was your only option. To make parsing easier, you might consider adding some Declude custom header lines. That way your parsing process can look for your unique tokens to find the data you want. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 10:22 PM Subject: RE: [Declude.JunkMail] Header Information Util... Message tracking won't tell me what specific email in an exchange email box is the one I am interested in. Maybe I'm not explaining myself. After my Declude box filters over 23,000 emails, I have 1245 emails from Friday night until Monday AM on my exchange server. I manually sort these emails, winding up with roughly 118 left over verified SPAM emails. I'd like a tool I can run against these emails, in an Outlook mailbox, that will pull the info from the individual message headers. I don't believe the server logs, on either server, are going to do a thing, since I'd need to know which message I was looking for, one of the 118 out of 1200 or 23000. Out of the emails that came in during the time period I am sampling, I'd need the SMTP ID, and I'd have to basically do what I am doing now, manually open each email header. I want to bypass this, and pull the data directly. Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, May 14, 2007 8:15 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Header Information Util... Looks to me that if you turn on Message Tracking, you get a log file with the info you need all on one line. I'm not certain about REVDNS, but you certainly have from address, to address, and IPs. You could run a script over this to get the REVDNS if it isn't there. The stats you want could then be compiled in Excel, a database, etc. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 6:13 PM Subject: RE: [Declude.JunkMail] Header Information Util... Because the emails I have left are from a range of times/dates, and they're on an Exchange server. I'd have to know what SMTP ID's I was looking for in the logs, which I'd need from the email header information, etc etc... Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, May 14, 2007 6:04 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Header Information Util... Why don't you use the mail server log files instead. Much easier to parse, and tools like Grep and Sawmill can be used to do it. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 5:45 PM Subject: [Declude.JunkMail] Header Information Util... I am hoping the people here can help me. It's not Declude specific, but I consider the experts here as the most knowledgeable on SMTP and Email. I am looking for a script/utility to pull the header information out of every email in an Outlook/Exchange inbox. I want to be able to pull the sending IP's, reverse DNS, and sender names out of the headers directly. I'd like to point the script/util at an inbox, and have it yank this info out, so I can, for instance, sort it and see that 12 out of the 130 messages came from free2way.com, and the address ranges were all the same class C. Every few days, I pull every email that has made it's way to my inside server and manually sort out all legit emails ( we archive all emails on our Exchange box ). What's left is pure SPAM, but it takes a few good hours to sort the header information. More often then not, I end up deleting most of it because I lack the time to properly utilize it. Does anyone know of anything before I break down and write it myself ? I'd rather not make a go-cart from scratch if someone has a used chevy pickup. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. PLEASE NOTE : Florida has a
RE: [Declude.JunkMail] Header Information Util...
Message tracking won't tell me what specific email in an exchange email box is the one I am interested in. Maybe I'm not explaining myself. After my Declude box filters over 23,000 emails, I have 1245 emails from Friday night until Monday AM on my exchange server. I manually sort these emails, winding up with roughly 118 left over verified SPAM emails. I'd like a tool I can run against these emails, in an Outlook mailbox, that will pull the info from the individual message headers. I don't believe the server logs, on either server, are going to do a thing, since I'd need to know which message I was looking for, one of the 118 out of 1200 or 23000. Out of the emails that came in during the time period I am sampling, I'd need the SMTP ID, and I'd have to basically do what I am doing now, manually open each email header. I want to bypass this, and pull the data directly. Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, May 14, 2007 8:15 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Header Information Util... Looks to me that if you turn on Message Tracking, you get a log file with the info you need all on one line. I'm not certain about REVDNS, but you certainly have from address, to address, and IPs. You could run a script over this to get the REVDNS if it isn't there. The stats you want could then be compiled in Excel, a database, etc. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 6:13 PM Subject: RE: [Declude.JunkMail] Header Information Util... Because the emails I have left are from a range of times/dates, and they're on an Exchange server. I'd have to know what SMTP ID's I was looking for in the logs, which I'd need from the email header information, etc etc... Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, May 14, 2007 6:04 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Header Information Util... Why don't you use the mail server log files instead. Much easier to parse, and tools like Grep and Sawmill can be used to do it. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 5:45 PM Subject: [Declude.JunkMail] Header Information Util... I am hoping the people here can help me. It's not Declude specific, but I consider the experts here as the most knowledgeable on SMTP and Email. I am looking for a script/utility to pull the header information out of every email in an Outlook/Exchange inbox. I want to be able to pull the sending IP's, reverse DNS, and sender names out of the headers directly. I'd like to point the script/util at an inbox, and have it yank this info out, so I can, for instance, sort it and see that 12 out of the 130 messages came from free2way.com, and the address ranges were all the same class C. Every few days, I pull every email that has made it's way to my inside server and manually sort out all legit emails ( we archive all emails on our Exchange box ). What's left is pure SPAM, but it takes a few good hours to sort the header information. More often then not, I end up deleting most of it because I lack the time to properly utilize it. Does anyone know of anything before I break down and write it myself ? I'd rather not make a go-cart from scratch if someone has a used chevy pickup. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscr
Re: [Declude.JunkMail] Header Information Util...
Looks to me that if you turn on Message Tracking, you get a log file with the info you need all on one line. I'm not certain about REVDNS, but you certainly have from address, to address, and IPs. You could run a script over this to get the REVDNS if it isn't there. The stats you want could then be compiled in Excel, a database, etc. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 6:13 PM Subject: RE: [Declude.JunkMail] Header Information Util... Because the emails I have left are from a range of times/dates, and they're on an Exchange server. I'd have to know what SMTP ID's I was looking for in the logs, which I'd need from the email header information, etc etc... Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, May 14, 2007 6:04 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Header Information Util... Why don't you use the mail server log files instead. Much easier to parse, and tools like Grep and Sawmill can be used to do it. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 5:45 PM Subject: [Declude.JunkMail] Header Information Util... I am hoping the people here can help me. It's not Declude specific, but I consider the experts here as the most knowledgeable on SMTP and Email. I am looking for a script/utility to pull the header information out of every email in an Outlook/Exchange inbox. I want to be able to pull the sending IP's, reverse DNS, and sender names out of the headers directly. I'd like to point the script/util at an inbox, and have it yank this info out, so I can, for instance, sort it and see that 12 out of the 130 messages came from free2way.com, and the address ranges were all the same class C. Every few days, I pull every email that has made it's way to my inside server and manually sort out all legit emails ( we archive all emails on our Exchange box ). What's left is pure SPAM, but it takes a few good hours to sort the header information. More often then not, I end up deleting most of it because I lack the time to properly utilize it. Does anyone know of anything before I break down and write it myself ? I'd rather not make a go-cart from scratch if someone has a used chevy pickup. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] tqmcube.com
I've been using them for a while. dhcp.tqmcube.com has given good results, though I've gotten one or two false positives from spam.tqmcube.com (I still use spam.tqmcube.com, just with a lighter weight). ko.tqmcube.com flags ip's from South Korea, and prc.tqmcube.com flags ip's from China, so they are roughly the same as a country filter. I use those two as tests also, and the only instance where I've had trouble with that is a customer that works with a company called Emerson Process who routes their email in a really strange way. Check this out: Received: from ets-lonint02.emrsn.co.uk [80.79.80.101] by mail.plusultraweb.com with SMTP; Mon, 14 May 2007 09:58:26 -0400 Received: from ets-lonvir02.emrsn.co.uk ([129.130.102.103]) by ets-lonint02.emrsn.co.uk (8.12.11/8.12.11) with ESMTP id l4EDxk1l011490 for <[EMAIL PROTECTED]>; Mon, 14 May 2007 14:59:46 +0100 Received: from ets-lonprx03.emrsn.co.uk ([129.130.102.119]) by ets-lonvir02.emrsn.co.uk with InterScan Messaging Security Suite; Mon, 14 May 2007 14:58:37 +0100 Received: from etsmsg-lonexs01.etsmsg.org (mxsemeabb1.emrsn.co.uk [129.254.5.200]) by ets-lonprx03.emrsn.co.uk (8.12.11/8.12.11) with ESMTP id l4EDwGZp025604; Mon, 14 May 2007 14:58:16 +0100 Received: from etsmsg-lonexr01.etsmsg.org ([129.254.5.213]) by etsmsg-lonexs01.etsmsg.org with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 May 2007 14:58:37 +0100 Received: from gbedc-exr02.ema.emersonprocess.com ([129.130.110.15]) by etsmsg-lonexr01.etsmsg.org with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 May 2007 14:58:36 +0100 Received: from spmad-exm01.ema.emersonprocess.com ([129.76.41.6]) by gbedc-exr02.ema.emersonprocess.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 14 May 2007 14:58:35 +0100 All of this causes Declude to generate the following: X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-Country-Chain: UNITED STATES->KOREA-KR->UNITED STATES->UNITED KINGDOM->destination Emerson Process is a global company, and I assume they own or rent all those servers in the route, but it's still a weird way to send a message. Gary Original Message > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > Sent: Monday, May 14, 2007 5:26 PM > To: declude.junkmail@declude.com > Subject: [Declude.JunkMail] tqmcube.com > > Anyone have any comments about these guys? > > Kevin Bilbee > Network Administrator > Standard Abrasives, Inc. > [EMAIL PROTECTED] > > Changing the way industry works. > > > > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Header Information Util...
Because the emails I have left are from a range of times/dates, and they're on an Exchange server. I'd have to know what SMTP ID's I was looking for in the logs, which I'd need from the email header information, etc etc... Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Monday, May 14, 2007 6:04 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Header Information Util... Why don't you use the mail server log files instead. Much easier to parse, and tools like Grep and Sawmill can be used to do it. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 5:45 PM Subject: [Declude.JunkMail] Header Information Util... I am hoping the people here can help me. It's not Declude specific, but I consider the experts here as the most knowledgeable on SMTP and Email. I am looking for a script/utility to pull the header information out of every email in an Outlook/Exchange inbox. I want to be able to pull the sending IP's, reverse DNS, and sender names out of the headers directly. I'd like to point the script/util at an inbox, and have it yank this info out, so I can, for instance, sort it and see that 12 out of the 130 messages came from free2way.com, and the address ranges were all the same class C. Every few days, I pull every email that has made it's way to my inside server and manually sort out all legit emails ( we archive all emails on our Exchange box ). What's left is pure SPAM, but it takes a few good hours to sort the header information. More often then not, I end up deleting most of it because I lack the time to properly utilize it. Does anyone know of anything before I break down and write it myself ? I'd rather not make a go-cart from scratch if someone has a used chevy pickup. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Header Information Util...
Why don't you use the mail server log files instead. Much easier to parse, and tools like Grep and Sawmill can be used to do it. Darin. - Original Message - From: "IS - Systems Eng. (Karl Drugge)" <[EMAIL PROTECTED]> To: Sent: Monday, May 14, 2007 5:45 PM Subject: [Declude.JunkMail] Header Information Util... I am hoping the people here can help me. It's not Declude specific, but I consider the experts here as the most knowledgeable on SMTP and Email. I am looking for a script/utility to pull the header information out of every email in an Outlook/Exchange inbox. I want to be able to pull the sending IP's, reverse DNS, and sender names out of the headers directly. I'd like to point the script/util at an inbox, and have it yank this info out, so I can, for instance, sort it and see that 12 out of the 130 messages came from free2way.com, and the address ranges were all the same class C. Every few days, I pull every email that has made it's way to my inside server and manually sort out all legit emails ( we archive all emails on our Exchange box ). What's left is pure SPAM, but it takes a few good hours to sort the header information. More often then not, I end up deleting most of it because I lack the time to properly utilize it. Does anyone know of anything before I break down and write it myself ? I'd rather not make a go-cart from scratch if someone has a used chevy pickup. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Header Information Util...
I am hoping the people here can help me. It's not Declude specific, but I consider the experts here as the most knowledgeable on SMTP and Email. I am looking for a script/utility to pull the header information out of every email in an Outlook/Exchange inbox. I want to be able to pull the sending IP's, reverse DNS, and sender names out of the headers directly. I'd like to point the script/util at an inbox, and have it yank this info out, so I can, for instance, sort it and see that 12 out of the 130 messages came from free2way.com, and the address ranges were all the same class C. Every few days, I pull every email that has made it's way to my inside server and manually sort out all legit emails ( we archive all emails on our Exchange box ). What's left is pure SPAM, but it takes a few good hours to sort the header information. More often then not, I end up deleting most of it because I lack the time to properly utilize it. Does anyone know of anything before I break down and write it myself ? I'd rather not make a go-cart from scratch if someone has a used chevy pickup. PLEASE NOTE : Florida has a very broad public records law. Most written communications to or from City officials regarding City business are public records available to the public and media upon request. Your E-mail communications may be subject to public disclosure. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] tqmcube.com
Anyone have any comments about these guys? Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] Changing the way industry works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.