Re: [Declude.JunkMail] OT: Erasing Cisco Pix 515 flash RAM

2005-11-28 Thread Doug Anderson 



Only thing I can think of is from monitor mode...copy over the 
flash with tftp.
Otherwise you have to call cisco support and get an erase 
utility.

  - Original Message - 
  From: 
  S.J.Stanaitis 
  To: Declude.JunkMail@declude.com 
  
  Sent: Monday, November 28, 2005 2:00 
  PM
  Subject: Re: [Declude.JunkMail] OT: 
  Erasing Cisco Pix 515 flash RAM
  Sucks dude.  Any chance it's part of a load balanced 
  config and it's looking for the other PIX?  Have you just let it sit to 
  see if it times out?Darin Cox wrote: 
  

Unfortunately, wr erase only works from enable 
mode.  We can only get to monitor mode, as the Pix hangs after loading 
the flash image... I'm guessing it hangs in the process of loading the 
startup-config.
Darin.
 
 
- 
Original Message - 
From: 
S.J.Stanaitis 
To: Declude.JunkMail@declude.com 

Sent: Monday, November 28, 2005 2:12 PM
Subject: Re: [Declude.JunkMail] OT: Erasing Cisco Pix 515 flash 
RAM
Best way to reset a PIX to factory defaults (if you can log 
in) is "write erase" then reboot.  If you don't have the password, 
check this out: "http://www.cisco.com/warp/public/110/34.shtml#pix_without".Not 
100% if you can do it from the monitor, but I've been in a similar trap in 
the past and distinctly remember using "write 
erase."Enjoy!SamDarin Cox wrote: 

  
  

  This is way off topic, but I'm desperate so 
  I'm appealing to the list...
   
  We just purchased a used Cisco pix 515 
  running 7.0(4) that won't boot due to what we believe is a corrupted 
  startup-config.  Does anyone out there know how to clear NVRAM on a 
  pix from monitor mode?  We can't get to enable mode due to the 
  corrupted start-config, so it has to be done from monitor 
  mode.
   
  We've tried everything we can think of, even 
  a special flash erase image from Cisco, but it needs the Pix to be running 
  6.2(2) to work, and we don't have that image.
   
  Any Pix experts out there have any 
  ideas?
   
  Thanks in advance,
  Darin.
   
   -- 
S.J.Stanaitis
Network Administrator, Decorative Product Source
http://www.dpsource.com/

[EMAIL PROTECTED]
(877)-650-8054 x160-- 
S.J.Stanaitis
Network Administrator, Decorative Product Source
http://www.dpsource.com/

[EMAIL PROTECTED]
(877)-650-8054 x160

Re::Re: [Declude.JunkMail] example

2005-05-17 Thread Doug Anderson 
headers consistent with spam
[c010140e].
X-Declude-Sender: [EMAIL PROTECTED] [127.0.0.1]
X-Declude-Spoolname: D716C043E01AE0738.SMD
X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm)
for spam.
X-Declude-Scan: Score [26] at 17:34:22 on 17 May 2005
X-Declude-Tests: BADHEADERS, HELOBOGUS, MAILFROM, SPAMHEADERS, WEIGHT25PLUS
X-Country-Chain: UNITED STATES->destination
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 374011979


- Original Message - 
From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, May 17, 2005 5:24 PM
Subject: Spam-Junk-Ad:Re: [Declude.JunkMail] example


  
Doug,

Is it possible that the spam service you are using may send your message
through multiple servers on their end?

Darrell

 ----
DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus.  Try
it
  
today - http://www.invariantsystems.com

Doug Anderson writes:


  Does anyone have an example of a declude junkmail config file they can
  share which has a inbound from a gateway server?
  

  We have an external service scanning the emails for virus and spam
  (adding x-header only). So our mx record points to them. They then
  

  send the email via smtp to us.

What I'm hearing from the users is more spam coming through and what I'm
  seeing in the headers makes me wonder if we're really checking with
completely.
  

  In my global I have IPBYPASS for all the spam service IP's

Does any other settings need to be set?
  ---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail scanned for viruses by Declude Virus]



---
[This E-mail scanned for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


  -- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

Re: [Declude.JunkMail] example

2005-05-17 Thread Doug Anderson 
Anything's possible with sprint.

Below is a header. It seems to be the common theme. BADHEADERS, MAILFROM:
SPAMHEADERS, and HELOBOGUS. Nothing more, nothing less. I've scaned my
declude logs for the last 2 days. no IP4r or rhsbl test have run.

I put a >>>> at the mark where sprint's headers end and what I want checked.
Shouldn't IPBYPASS look at the 63.161.60.61 and say ignore this part? My
understanding is IPBYPASS should say that's one of mine - don't check it,
check the next hop.



Received: from mail39-res-R.bigfish.com [63.161.60.61] by
mail.ameripride.org with ESMTP
  (SMTPD32-8.15) id A16C43E01AE; Tue, 17 May 2005 17:34:20 -0500
Received: from mail39-res.bigfish.com (localhost.localdomain [127.0.0.1])
 by mail39-res-R.bigfish.com (Postfix) with ESMTP id 1DDC75A8670
 for <[EMAIL PROTECTED]>; Tue, 17 May 2005 22:31:24 + (UTC)
X-BigFish: vpcs45(z7b5iqca0ilzz2dh)
x-sprint-detected-spam: This message appears to be spam.
X-SpamScore: 45
X-CustomSpam: This message was filtered by custom spam filter option - Image
links to remote sites
Received: by mail39-res.bigfish.com (MessageSwitch) id
1116369083564041_21303; Tue, 17 May 2005 22:31:23 + (UCT)
>>>>
Received: from OUTGOING58.postalmailhostings.com (unknown [69.1.199.58])
 by mail39-res.bigfish.com (Postfix) with SMTP id 30BB45A86B1
 for <[EMAIL PROTECTED]>; Tue, 17 May 2005 22:31:23 + (UTC)
Date:Tue, 17 May 2005 18:31:23 -0700
From:Approval Department<[EMAIL PROTECTED]>
To:<[EMAIL PROTECTED]>
Subject:NEED FUNDS NOW? Get a 1000USD Cash Advance today
X-ID:4285425
Mime-Version:1.0
Content-Type: text/html;
Content-Transfer-Encoding: 7bit
Message-Id: <[EMAIL PROTECTED]>
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
[c010140e].
X-RBL-Warning: HELOBOGUS: Domain mail39-res.bigfish.com has no MX or A
records [0001].
X-RBL-Warning: MAILFROM: Domain OUTGOING58.emailfriendlyhoster.com has no MX
or A records [0001].
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
[c010140e].
X-Declude-Sender: [EMAIL PROTECTED] [127.0.0.1]
X-Declude-Spoolname: D716C043E01AE0738.SMD
X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm)
for spam.
X-Declude-Scan: Score [26] at 17:34:22 on 17 May 2005
X-Declude-Tests: BADHEADERS, HELOBOGUS, MAILFROM, SPAMHEADERS, WEIGHT25PLUS
X-Country-Chain: UNITED STATES->destination
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 374011979


- Original Message - 
From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, May 17, 2005 5:24 PM
Subject: Spam-Junk-Ad:Re: [Declude.JunkMail] example


> Doug,
>
> Is it possible that the spam service you are using may send your message
> through multiple servers on their end?
>
> Darrell
>
>  ----
> DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus.  Try
it
> today - http://www.invariantsystems.com
>
> Doug Anderson writes:
>
> > Does anyone have an example of a declude junkmail config file they can
share which has a inbound from a gateway server?
> > We have an external service scanning the emails for virus and spam
(adding x-header only). So our mx record points to them. They then
> > send the email via smtp to us.
> >
> > What I'm hearing from the users is more spam coming through and what I'm
seeing in the headers makes me wonder if we're really checking with
completely.
> >
> > In my global I have IPBYPASS for all the spam service IP's
> >
> > Does any other settings need to be set?
>
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] example

2005-05-17 Thread Doug Anderson 



Does anyone have an example of a declude junkmail config file 
they can share which has a inbound from a gateway server?
We have an external service scanning the emails for virus and 
spam (adding x-header only). So our mx record points to them. They 
then
send the email via smtp to us.
 
What I'm hearing from the users is more spam coming through 
and what I'm seeing in the headers makes me wonder if we're really checking with 
completely.
 
In my global I have IPBYPASS for all the spam service 
IP's
 
Does any other settings need to be set?
 

[Declude.JunkMail] Strange behavior

2005-05-13 Thread Doug Anderson 



Alright, due to "management decisions" they want me to test a 
product from sprint for spam and virus protection.
 
It is setup a pre-cursor to our imail and declude setup, but 
is only set to add a x-header into the email.
 
Since I've done this, more spam seems to be coming through. Do 
I need to set hop 0 and hophigh 1 or 2 now?
 
hop is currently set to 0 and hophigh is commented 
out.
 
Does declude virus need any modification as such?
 
 

[Declude.JunkMail] Opinion

2005-04-05 Thread Doug Anderson 



Anyone use Postini before? in addition to?
New manager wants to look at it
 
Comments?

Re: [Declude.JunkMail] [IMail Forum] odd behavior

2005-02-24 Thread Doug Anderson 



John's semi right. Forgive me for not using plain text...but 
I've colored the lines red and put ** by it. The first line is imail whitelist, 
the next 2 are declude. Does declude understand when imail 
whitelists?
 
Maybe I got it - under trusted addresses ameripride.org and 
our other domain WERE in there - I've removed it.

  - Original Message - 
  From: 
  John Tolmachoff (Lists) 
  To: IMail_Forum@list.ipswitch.com 
  
  Sent: Thursday, February 24, 2005 4:29 
  PM
  Subject: RE: [IMail Forum] odd 
  behavior
  
  
  No it is not. Look 
  at the log line again. It is in the Imail log and that line is on the SMTPD 
  line. Declude does not log to the Imail log. 
   
  
  John 
  Tolmachoff
  Engineer/Consultant/Owner
  eServices For 
  You
   
  
  -Original 
  Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of E. Shanbrom 
  (Ipswitch)Sent: 
  Thursday, February 24, 
  2005 12:48 
  PMTo: 
  IMail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] odd 
  behavior
   
  
  Says ameripride.org is on the 
  whitelist (decludes not IMail's)
  
   
  
  Eric S
  

- Original Message - 


    From: Doug Anderson 


To: IMail_Forum@list.ipswitch.com 


Sent: 
Thursday, February 24, 
2005 3:03 
PM

Subject: Re: 
[IMail Forum] odd behavior

 

Trying to figure out why it's white listed. 


 

02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] connect 
221.127.179.32 port 119402:22 07:41 SMTPD(3664039604421990) [221.127.179.32] HELO 
67.130.17.12602:22 07:41 SMTPD(3664039604421990) [221.127.179.32] MAIL FROM: 
<[EMAIL PROTECTED]>02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: 
<[EMAIL PROTECTED]>02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: 
<[EMAIL PROTECTED]>02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: 
<[EMAIL PROTECTED]>02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] 
d:\IMail\spool\D3664039604421990.SMD 20102:22 07:41 SMTP-(3664039604421990) processing 
d:\IMail\spool\Q3664039604421990.SMD** 
02:22 
07:41 SMTPD(3664039604421990) 
[ameripride.org] in white list02/22/2005 07:41:11 Q3664039604421990 Scanned: Virus Free 
02/22/2005 07:41:14 Q3664039604421990 L1 Message 
OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: 
BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE 
REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 
02/22/2005 07:41:14 Q3664039604421990 L2 Message 
OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: 
BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE 
REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 
** 02/22/2005 07:41:14 Q3664039604421990 Skipping4 
E-mail from [EMAIL PROTECTED]; 
whitelisted [EMAIL PROTECTED]** 
02/22/2005 
07:41:14 Q3664039604421990 Skipping4 
E-mail from [EMAIL PROTECTED]; 
whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 L3 Message 
OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=0]: 
CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) ldeliver 
mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 
97202:22 07:41 SMTP-(3664039604421990) ldeliver 
mail.ameripride.org reggie.licari-main (1) [EMAIL PROTECTED] 
97202:22 07:41 SMTP-(3664039604421990) ldeliver 
mail.ameripride.org richard.boudreau-main (1) [EMAIL PROTECTED] 
97202:22 07:41 SMTP-(3664039604421990) finished 
d:\IMail\spool\Q3664039604421990.SMD status=1

  
  - Original Message - 
  
  
  From: Travis Rabe 
  
  
  To: IMail_Forum@list.ipswitch.com 
  
  
  Sent: 
  Thursday, February 24, 
  2005 1:09 
  PM
  
  Subject: RE: 
  [IMail Forum] odd behavior
  
   
  What do the logs 
  show you?
   
  T
   
  
  
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Doug 
  AndersonSent: 
  Thursday, February 24, 
  2005 11:04 AMTo: IMail_Forum@list.ipswitch.comSubject: [IMail Forum] odd 
  behavior
   
  
  I have the following type of email showing 
  up...basically blank. 
  
  I'm trying to figure out if our imail server is 
  hacked or something - because it's coming from local 
  host.
  
   
  
  Any ideas here? Got 8.15 and the most current 
  release of declude running.
  
   
  
  Received: from 67.130.17.126 [221.127.179.32] by 
  mail.ameripride.org  (SMTPD32-8.15) id A66D3960442; 
  Tue, 22 Feb 
  2005 
  07:41:01 -0600Received: from localhost (HELO localhost 
  [127.0.0.1]) by actsX-

Re: [Declude.JunkMail] [IMail Forum] odd behavior

2005-02-24 Thread Doug Anderson 




That's the thing, I have one white list file (hate whitelists) 
and ameripride is not in it
Did anything change in declude junkmail lately in reguards to 
whitelists (I just upgrade 2 nights ago)? 
All I have for references to whitelist are 
:
 
$default.junkmail 
WHITELISTFILE D:\Imail\Declude\AWHITELST.txt
#note AWhitelst.txt does not include 
ameripride.org
 
Global.cfg
CODE    

LOGFILE 
d:\declude\logfiles\dec.logLOGLEVEL    
LOWHOP 
0HIDETESTS CATCHALLMAILS IPNOTINMX 
NOLEGITCONTENTXINHEADER X-Note: This E-mail was scanned by Declude 
JunkMail (www.declude.com) for 
spam.XINHEADER X-Spam-Tests-Failed: %TESTSFAILED% 
[%WEIGHT%]XINHEADER X-Country-Chain: 
%COUNTRYCHAIN%XOUTHEADER X-Note: E-mail scanned by Declude-JunkMail for 
spam by 
CRC.XSENDER  ONXSPOOLNAME ONXINHEADER X-Note: 
This E-mail was sent from %REVDNS% 
([%REMOTEIP%]).PREWHITELIST ONAUTOWHITELIST   
ONWHITELIST AUTH
.
.
WHITELIST IP 192.168.0.182WHITELIST IP 
192.168.0.85WHITELIST IP 192.168.0.86
#Servers on local network (not exposed to public) that send emails (status 
reports)
 

  - Original Message - 
  From: 
  E. Shanbrom (Ipswitch) 
  To: IMail_Forum@list.ipswitch.com 
  
  Sent: Thursday, February 24, 2005 2:48 
  PM
  Subject: Re: [IMail Forum] odd 
  behavior
  
  Says ameripride.org is on the whitelist (decludes 
  not IMail's)
   
  Eric S
  
- Original Message - 
From: 
Doug Anderson 
To: IMail_Forum@list.ipswitch.com 

Sent: Thursday, February 24, 2005 3:03 
PM
Subject: Re: [IMail Forum] odd 
behavior

Trying to figure out why it's white listed. 
 
02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] 
connect 221.127.179.32 port 119402:22 07:41 SMTPD(3664039604421990) 
[221.127.179.32] HELO 67.130.17.12602:22 07:41 SMTPD(3664039604421990) 
[221.127.179.32] MAIL FROM: <[EMAIL PROTECTED]>02:22 
07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: <[EMAIL PROTECTED]>02:22 
07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: <[EMAIL PROTECTED]>02:22 
07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: <[EMAIL PROTECTED]>02:22 
07:41 SMTPD(3664039604421990) [221.127.179.32] 
d:\IMail\spool\D3664039604421990.SMD 20102:22 07:41 
SMTP-(3664039604421990) processing 
d:\IMail\spool\Q3664039604421990.SMD02:22 07:41 SMTPD(3664039604421990) 
[ameripride.org] in white list02/22/2005 07:41:11 Q3664039604421990 
Scanned: Virus Free 02/22/2005 07:41:14 Q3664039604421990 L1 Message 
OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: 
BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE 
REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 
02/22/2005 07:41:14 Q3664039604421990 L2 Message OK02/22/2005 
07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN 
CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN 
COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 
07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted 
[EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 Skipping4 
E-mail from [EMAIL PROTECTED]; 
whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 
L3 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed 
[weight=0]: CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) 
ldeliver mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 
97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org 
reggie.licari-main (1) [EMAIL PROTECTED] 
97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org 
richard.boudreau-main (1) [EMAIL PROTECTED] 
97202:22 07:41 SMTP-(3664039604421990) finished 
d:\IMail\spool\Q3664039604421990.SMD status=1

  - Original Message - 
  From: 
  Travis Rabe 
  
  To: IMail_Forum@list.ipswitch.com 
  
  Sent: Thursday, February 24, 2005 
  1:09 PM
  Subject: RE: [IMail Forum] odd 
  behavior
  
  
  What do the logs 
  show you?
   
  T
   
  
  
  
  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Doug 
  AndersonSent: Thursday, 
  February 24, 2005 11:04 AMTo: IMail_Forum@list.ipswitch.comSubject: [IMail Forum] odd 
  behavior
   
  
  I have the following type of email showing 
  up...basically blank. 
  
  I'm trying to figure out if our imail server is 
  hacked or something - because it's coming from local 
  host.
  
   
  
  Any ideas here? Got 8.15 and the most current 
  release of declude running.
  
   
  
  Received: from 67.130.17.126 [221.127.179.32] by 
  mail.ameripride.org  (SMTPD32-8.15) id A66D396044

[Declude.JunkMail] Spamhaus

2004-11-30 Thread Doug Anderson 



Anyone use the xbl db from spamhaus? Good, bad, 
otherwise?

Re: [Declude.JunkMail] LDAP Error 19 / Registry validation tool

2004-11-29 Thread Doug Anderson 



Since it's openldap, check the event log/viewer and then goto 
eventid.net and lookup the source and Event ID.

  - Original Message - 
  From: 
  Dave Doherty 
  
  To: [EMAIL PROTECTED] 
  
  Sent: Monday, November 29, 2004 8:53 
  AM
  Subject: [Declude.JunkMail] LDAP Error 19 
  / Registry validation tool
  
  
  Imail version 8.14...
   
  I cannot start Imail OpenLDAP. The 
  event log reports service specific error 19
   
  Nothing in the Ipswitch kbase matches 
  exactly. There is a general article that indicates you should validate the 
  registry manually (ugh! - I have about 400 domains on this box), but nothing 
  that describes error 19...
   
  Does anybody have any info on this 
  one?  
   
  Does anyone have a registry validation 
  tool?
   
  -Dave Doherty Skywaves, 
  Inc. 301-652-8822 
x209

[Declude.JunkMail] would any valid email contain

2004-11-11 Thread Doug Anderson 



I'm wondering, would any valid corporate email contain http://%
 
Any valid reasons these would be in a corporate 
email?

Re: [Declude.JunkMail] Upgrading from 1.78 to 1.81

2004-10-04 Thread Doug Anderson 
Title: Message



upgrade manual is in the zip.

  - Original Message - 
  From: 
  Alejandro 
  Valenzuela 
  To: [EMAIL PROTECTED] 
  
  Sent: Monday, October 04, 2004 2:29 
  PM
  Subject: [Declude.JunkMail] Upgrading 
  from 1.78 to 1.81
  
  Last 
  upgrades from declude, where a single file, now the 1.81 zip 
  file
  has 
  many files in it, Could I just copy declude.exe to my Imail directory as 
  always 
  or 
  there is an installation procedure ?
   
  Where can I get that info/Upgrade manual  ??
   
  Thanks
   
  Alex 
  V

Re: [Declude.JunkMail] Outlook 2003

2004-08-22 Thread Doug Anderson 
vb code to give you a dos error code
In your declares use
Private Declare Sub ExitProcess Lib "kernel32" (ByVal uExitCode As Long)


and then call
ExitProcess 2

- Original Message - 
From: "Dave Doherty" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 22, 2004 10:55 PM
Subject: Re: [Declude.JunkMail] Outlook 2003


> Hi Scott-
>
> Would you write the exe in C? I have not found a way to have VB return a
> result code from an exe. Am I missing something?
>
> -d
>
> - Original Message - 
> From: "Scott Fisher" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, August 20, 2004 12:24 PM
> Subject: Re: [Declude.JunkMail] Outlook 2003
>
>
> I have a specific spamheader code that I punish very heavily for one
> specific spammer. You could use this code and change the spamheader code
to
> the one Outlook generates.
> If you supply the spamheader code and ask nicely, I could generate an EXE
to
> do it also.
>
> global.cfg:
> HEADER-C040120E external 2 "CScript
> D:\IMail\Declude\FPFilters\vbs\header.vbs %HEADERCODE%" 100 0
>
> header.vbs code:
> ' Initialize error checking
> On Error Resume Next
> Dim Headertocheck ' As String
> Dim intResult ' As Integer
> intresult = 0
> if Wscript.Arguments(0) = "c040120e" then
>Intresult = 2
> End If
> WScript.Quit(intresult)
>
> <<< [EMAIL PROTECTED]  8/20  9:57a >>>
> Has anyone found a way to add a negative weight to Outlook 2003 clients
for
> the spamheaders test?  I am running into a problem where it is failing the
> spamheaders test which is causing the weight to go over the and hold the
> emails?
>
> Thanks,
>
>
> Kris McElroy
> [EMAIL PROTECTED]
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
> *Scanned for viruses by Declude Virus*
>
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] NOW OT: ICMP

2004-07-09 Thread Doug Anderson 
Actually Russ, ICMP still works. Can you ping 127.0.0.1, the local loop
back? Can you ping other items on your local network?
It comes down intranet vs internet separated by a firewall. Many
corporations kill ICMP externally, but it works fine
internally and is used as intended OR they allow outgoing only on the
intranet and outgoing/incoming to the DMZ.

Since I deal with security, I get to read firewall logs (real boring). We
get a number of ping attacks (DOS attempts) and/or ping scans (up and down
the range from same ip) per day...script monkey's looking for a way in.

If you ever go through a security audit like we do, you'll understand.


- Original Message - 
From: "Russ Uhte (Lists)" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 09, 2004 3:16 PM
Subject: Re: [Declude.JunkMail] NOW OT: ICMP


> At 03:03 PM 7/9/2004, Dan Horne wrote:
> >"if you block ICMP, you break IP.  That's the bottom line, and nobody can
> >argue that."
> >
> >Sorry, but I can and will argue with that.  ICMP relies on IP, not the
other
> >way around.  IP works with or without ICMP.  RFC792, which defines ICMP,
> >states "The purpose of these control messages is to provide feedback
about
> >problems in the communication environment, not to make IP reliable."
>
> Acknowledged!!
>
> >It also states that "ICMP is actually an integral part of IP, and must be
> >implemented by every IP module", but that only means that anything that
has
> >an IP address must also understand ICMP.  It does NOT mean (IMO) that I
must
> >accept ICMP across my firewall.
>
> I guess this is open to interpretation.  My interpretation is that if my
> machine is behind an ICMP blocking firewall, ICMP is no longer actually
> implemented on my machine because ICMP no longer works on my
> machine.  Again, just my personal interpretation.
>
> -Russ
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
> *Scanned for viruses by Declude Virus*
>
>


*Scanned for viruses by Declude Virus*

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail

2004-07-09 Thread Doug Anderson 
We block all incoming and outgoing icmp traffic. A live reg should check at
80 or 443 because that typical allowable outbound traffic in my opinion.

- Original Message - 
From: "Sanford Whiteman" <[EMAIL PROTECTED]>
To: "Scott Fisher" <[EMAIL PROTECTED]>
Sent: Friday, July 09, 2004 11:47 AM
Subject: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database
test for Declude JunkMail


> > Allow ICMP packets fixed this for me.
>
> That's  a  pretty big issue, IMO. Lots of SOHO routers don't allow you
> to pick-and-choose different ICMP traffic types, so if you're blocking
> any, you end up blocking all.
>
> Why  does  this  thing need ICMP? I don't know of other "LiveReg"-type
> stuff  requiring  access  on  a  port other than the port on which the
> registration server _actually_ runs on.
>
> --Sandy
>
>
> 
> Sanford Whiteman, Chief Technologist
> Broadleaf Systems, a division of
> Cypress Integrated Systems, Inc.
> e-mail: [EMAIL PROTECTED]
>
> SpamAssassin plugs into Declude!
>
http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/
>
> Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases!
>
http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
> *Scanned for viruses by Declude Virus*
>
>


*Scanned for viruses by Declude Virus*

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail

2004-07-09 Thread Doug Anderson 



Admin server can not be reached...Error 3592. Need any special 
ports open or anything?

  - Original Message - 
  From: 
  Jay 
  Calvert 
  To: [EMAIL PROTECTED] 
  
  Sent: Friday, July 09, 2004 10:49 
AM
  Subject: Re: [Declude.JunkMail] Fw: New 
  Multiple Threat Lookup Database test for Declude JunkMail
  
  I don't think I have ever had an username and password with 
  Declude.  Where do we find this information?
   
  All we ever had to provide as verification was our 
  Hostname.
   
  
- Original Message - 
From: 
Dan 
Geiser 
To: [EMAIL PROTECTED] 

Sent: Friday, July 09, 2004 8:39 
AM
Subject: [Declude.JunkMail] Fw: New 
Multiple Threat Lookup Database test for Declude JunkMail

Is this guy serious when he says "The test is available for download".  What do 
we have to download?  What version number includes this test?  
What is the format of the test?  Is it just an IP4R test?  What 
host name do we use?

  - Original Message - 
  From: 
  Barry @ 
  CPHZ 
  To: [EMAIL PROTECTED] 
  
  Sent: Friday, July 09, 2004 10:35 
  AM
  Subject: New Multiple Threat Lookup 
  Database test for Declude JunkMail
  
  
  We are pleased to let you know that today we have 
  released a new test for all Declude JunkMail customers who are covered by 
  a currently valid Support Agreement.
   
  The MTLDB test will test each E-mail against our 
  database of IP addresses that have sent viruses.  If the IP address 
  is listed, the E-mail will fail the test.  Otherwise, the E-mail will 
  pass the test.  The MTLDB test is used in the same way as other 
  Declude JunkMail tests.  For most customers, it would be used towards 
  the weighting system, so that it is more likely that spam will get 
  caught.  However, like other tests in Declude JunkMail, it is 
  possible to take a separate action for E-mails failing the MTLDB test 
  (such as quarantining them with the HOLD 
  action).
   
  The test is available for download www.declude.com 
  
   
  Thanks for your 
  support.
   
  Barry
  Barry 
  SimpsonPresident & CEOComputerized Horizons, 
  LLC65 Parker 
  StreetUnit 5Newburyport, MA 01950 
  
   

Re: [Declude.JunkMail] Country Configuration?

2004-07-09 Thread Doug Anderson 



Ok, that's where I was getting confused. Didn't have the 
countries file, couldn't find it on the site anywhere.

  - Original Message - 
  From: 
  Dan 
  Geiser 
  To: [EMAIL PROTECTED] 
  
  Sent: Friday, July 09, 2004 10:14 
AM
  Subject: Re: [Declude.JunkMail] Country 
  Configuration?
  
  Hello, Doug,
  I would recommend using the COUNTRY/COUNTRIES 
  functionality in a filter.  Here is how I do it...
   
  1.  Download the file, http://www.declude.com/release/179/all_list.dat, and place 
  it in the directory that your GLOBAL.CFG file is in.
   
  2.  Add the following...
   
  GLOBAL.CFG
  --
  XINHEADER   
  X-Country-Chain: %COUNTRYCHAIN%
  --
   
  This will add a header in each e-mail which shows 
  you the countries that own each IP that a message passes 
  through.
   
  3.  Add the following...
   
  GLOBAL.CFG
  
  FILTER-COUNTRY  filter  D:\IMail\declude\JunkMail.01.Filter.Country.txt  x 0 0
  
   
  This will tell the GLOBAL.CFG file to use the 
  filter file referenced above.
   
  4.  Create a file called 
  JunkMail.01.Filter.Country.txt and place it in the same directory as 
  GLOBAL.CFG.
   
  I have attached my 
  JunkMail.01.Filter.Country.txt  file.  Keep in mind I HOLD on 100 and DELETE on 300 and that my 
  countries are heavily scaled towards the countries that our customers receive 
  e-mail from.
   
  COUNTRY adds points for the last country in the 
  chain.  COUNTRIES adds points for a country anywhere in the 
  chain.
   
  Let me know if it makes sense or 
not.
   
  Thanks,
  Dan Geiser
  [EMAIL PROTECTED]
  
- Original Message - 
From: 
    Doug Anderson 
To: [EMAIL PROTECTED] 

Sent: Friday, July 09, 2004 10:52 
AM
Subject: [Declude.JunkMail] Country 
Configuration?

After looking at the manual/archives and getting a 
little more confused I've decided to consult the masses.
What would be the easiest way of adding a few points for 
emails NOT orgininating from Canada, US, and Mexico?
We have users in all three areas so I'm guessing the 
nonenglish won't work because we have english, spanish, and french emails 
traveling through.
I just want to add 2 or 3 points for Non Canada/US/Mexico 
emails because what I'm doing now (endswith .ac, endwith ad...) needs to be 
enhanced somehow.
 
I'm running 1.75
 

[Declude.JunkMail] Country Configuration?

2004-07-09 Thread Doug Anderson 



After looking at the manual/archives and getting a little 
more confused I've decided to consult the masses.
What would be the easiest way of adding a few points for 
emails NOT orgininating from Canada, US, and Mexico?
We have users in all three areas so I'm guessing the 
nonenglish won't work because we have english, spanish, and french emails 
traveling through.
I just want to add 2 or 3 points for Non Canada/US/Mexico 
emails because what I'm doing now (endswith .ac, endwith ad...) needs to be 
enhanced somehow.
 
I'm running 1.75
 

[Declude.JunkMail] Phishing...

2004-04-19 Thread Doug Anderson 
> 'Phishing' scams luring more users
> By Munir Kotadia
>
> Security firm MessageLabs says the number of e-mails that use the
deceptive tactic has increased from 279 to 215,643 over the past six months.
>
> http://news.com.com/2100-7355-5194807.html?tag=sas.email
>
> 
> Copyright 2004 CNET Networks, Inc. All rights reserved.
> CNET Networks, Inc.
> 235 Second Street
> San Francisco, CA 94105
> U.S.A.
>
>
> *Scanned for viruses by Declude Virus*


*Scanned for viruses by Declude Virus*

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: Internet Usage Monitoring

2004-03-30 Thread Doug Anderson 
web trends firewall suite maybe?

- Original Message - 
From: "Kevin Bilbee" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 30, 2004 2:43 PM
Subject: [Declude.JunkMail] OT: Internet Usage Monitoring


> Management wants to do web usage mainitoring. They do not at this time
want
> to do blocking. We have a pix firewall that does what Cisco calls URL
> logging but in relaity it does not log the url but the ip address of the
> server and the path on the server to the document being viewed.
>
> What they want is a log of client ip and url including the host name. They
> also do not want to abandon the PIX.
>
>
> Any one have any suggestions?
>
>
>
> Kevin Bilbee
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>

---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] declude virus - additional info

2004-03-03 Thread Doug Anderson 
We have mcafee at our location. I understand that I can use declude virus
with it - but got some questions
1. which version of mcafee should I use? I have access to both the windows
Virus Scan Enterprise 7.1.0 and the dos based Version 4.3.20.
2. If the suggestion is dos based 4.3.20, does anyone have a good automated
update routine for it? If you say 7.1.0 then updating is not a problem, I'm
just not sure of the command line needed.

We're at a point were I've convinced Mgmnt that if they want zips to go
through they need Declude Virus to get rid of the encrypted zips.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Haeds up!

2004-02-25 Thread Doug Anderson 
I just got a wave of pif's, scr's, com's, exe's
both mcaffee and symantec had updates for a new netsky variant

- Original Message - 
From: "Dave Doherty" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 25, 2004 1:35 PM
Subject: [Declude.JunkMail] Haeds up!


> I've gotten a bunch of very short messages this AM with attachments. They
> don't seem to be coming from known spam sources, so it looks like we might
> have another virus storm starting up.
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] idea for a test - maybe

2004-02-20 Thread Doug Anderson 



Is there a test out there that checks for an email address in 
the subject line?
Example:
 
Jon Doe gets an email. In the subject line it has: 
Card #29546 - Award Pending for [EMAIL PROTECTED]
 
I'm seeing alot more of these. 
 
A test to match the to email address and subject contains 

 
 

[Declude.JunkMail] Virus Warning - Netsky.b@mm

2004-02-18 Thread Doug Anderson 
New ONE
Moving fast!
Virus Warning - [EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Whitelisting and SPAM

2004-02-18 Thread Doug Anderson 
check in global for
WHITELIST HABEAS

Spammers are putting Habeas headers in to their mail...we've reported 3 of
them today to www.habeas.com.

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 18, 2004 11:40 AM
Subject: Re: [Declude.JunkMail] Whitelisting and SPAM


>
> >I received a message from a customer that was receiving SPAM.  For some
> >reason, this message was whitelisted but we do not have any of theses
> >domains or IP addresses whitelisted.  Am I missing something from this
> >message header or can someone add the whitelist line to the message
> >header.
>
> Have you checked the Declude JunkMail log file?  It should say why the
> E-mail was whitelisted.  Do you have "mail.com" whitelisted?  That would
> cause the E-mail to be whitelisted.
>
>
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers
> since 2000.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask for a free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Slightly OT: calculating bandwidth

2004-02-04 Thread Doug Anderson 
Do you have read access to the router's snmp community? if you doMRTG
gives some great stats

- Original Message - 
From: "Omar K." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 04, 2004 9:26 PM
Subject: [Declude.JunkMail] Slightly OT: calculating bandwidth


Hello list,

Im trying to figure out how much bandwidth my imail server sends/receives, I
know its best to do this on the router level, but I don't have access to
these.  Is this information stored in any log file ?


Thanks,


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Off topic - iis, web servers and txt files

2004-02-04 Thread Doug Anderson 
Title: Message



I tried mime types for the "web site" and that 
wasn't working. one of the emails mentioned the onlineworkshop...I forgot about 
setting it for all of IIS. Now it downloads.
Thanks for all the help!
 
Soon to be published...ldaplst - an ldap reader / 
file creator. I'll post it here when ready..I'm just fine tuning and error 
proofing right now.

  - Original Message - 
  From: 
  Omar K. 
  To: [EMAIL PROTECTED] 
  
  Sent: Wednesday, February 04, 2004 2:21 
  PM
  Subject: RE: [Declude.JunkMail] Off topic 
  - iis, web servers and txt files
  
  Mess 
  around with the mime maps for your IIS server, define that file extension as 
  anything other than clear-text, I think that will tell the browser to treat it 
  as an attachment and not open it up in the browser.
  

-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Doug 
AndersonSent: Wednesday, February 04, 2004 9:25 PMTo: 
[EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Off 
topic - iis, web servers and txt files
That's what I'm trying to get away from. Actually have it 
pop up to open or download. my users have problems understanding right 
click.
Plus I'm rewriting it so that have to enter username and 
password to get to the link.

  - Original Message - 
  From: 
  Kevin Bilbee 
  To: [EMAIL PROTECTED] 
  
  Sent: Wednesday, February 04, 2004 
  1:16 PM
  Subject: RE: [Declude.JunkMail] Off 
  topic - iis, web servers and txt files
  
  In internet explorer right click your link and choose "Save Target 
  As"
   
  Kevin Bilbee
  
-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]On Behalf Of Doug 
AndersonSent: Wednesday, February 04, 2004 11:06 
AMTo: [EMAIL PROTECTED]Subject: 
[Declude.JunkMail] Off topic - iis, web servers and txt 
files
Ok, I'm running IIS 5.0 on my imail server. I've 
written a program to read the ldap and create a ldif file. 
I put the ldif file (xxx.ldif) in a sub directory 
on the web server and when I put a link to it, it displays it directly 
in the browser.
I want it to download, not display as 
text.
 
Any ideas on how to config IIS to make it 
download?
 
P.S. Once I get this program fully functional I'll put 
it out on my personal web site for download if anyone wants it. It's a 
console app made with .net that will create: csv, 
ldif, alias, or list-lst/txt files from the 
ldap.

Re: [Declude.JunkMail] Off topic - iis, web servers and txt files

2004-02-04 Thread Doug Anderson 



That's what I'm trying to get away from. Actually have it pop 
up to open or download. my users have problems understanding right 
click.
Plus I'm rewriting it so that have to enter username and 
password to get to the link.

  - Original Message - 
  From: 
  Kevin Bilbee 
  To: [EMAIL PROTECTED] 
  
  Sent: Wednesday, February 04, 2004 1:16 
  PM
  Subject: RE: [Declude.JunkMail] Off topic 
  - iis, web servers and txt files
  
  In 
  internet explorer right click your link and choose "Save Target 
  As"
   
  Kevin Bilbee
  
-Original Message-From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED]On Behalf Of Doug 
AndersonSent: Wednesday, February 04, 2004 11:06 AMTo: 
[EMAIL PROTECTED]Subject: 
[Declude.JunkMail] Off topic - iis, web servers and txt 
files
Ok, I'm running IIS 5.0 on my imail server. I've written a 
program to read the ldap and create a ldif file. 
I put the ldif file (xxx.ldif) in a sub directory on 
the web server and when I put a link to it, it displays it directly in the 
browser.
I want it to download, not display as text.
 
Any ideas on how to config IIS to make it 
download?
 
P.S. Once I get this program fully functional I'll put it 
out on my personal web site for download if anyone wants it. It's a console 
app made with .net that will create: csv, ldif, alias, 
or list-lst/txt files from the 
ldap.

[Declude.JunkMail] Off topic - iis, web servers and txt files

2004-02-04 Thread Doug Anderson 



Ok, I'm running IIS 5.0 on my imail server. I've written a 
program to read the ldap and create a ldif file. 
I put the ldif file (xxx.ldif) in a sub directory on the 
web server and when I put a link to it, it displays it directly in the 
browser.
I want it to download, not display as text.
 
Any ideas on how to config IIS to make it 
download?
 
P.S. Once I get this program fully functional I'll put it out 
on my personal web site for download if anyone wants it. It's a console app made 
with .net that will create: csv, ldif, alias, or 
list-lst/txt files from the ldap.

Re: [Declude.JunkMail] [IMail Forum] New, fast-spreading virus

2004-01-26 Thread Doug Anderson 
http://vil.nai.com/vil/content/v_100983.htm


- Original Message - 
From: "Travis Rabe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 26, 2004 3:55 PM
Subject: RE: [IMail Forum] New, fast-spreading virus


> McAfee just put out new defs about 30 minutes ago.
>
> Travis
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
> Sent: Monday, January 26, 2004 1:34 PM
> To: [EMAIL PROTECTED]
> Subject: [IMail Forum] New, fast-spreading virus
>
>
> FYI, there is a new fast-spreading virus out there, that is too new to be
> caught by AV programs yet.
>
> So far we have seen filenames of "body", "data", "document", "file",
> "glszfj", "message", "readme", "test", "text", "vgsu042a", and "vncexdl",
> with extensions of .pif, .scr, .zip.
>
> It may be a wise idea to temporarily ban .pif and .scr files (and possibly
> .zip as well), if you do not already.  If you are using Declude Virus, you
> can use "BANEXT PIF" and "BANEXT SCR" in the virus.cfg file to do this.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Question / interesting occurence

2004-01-26 Thread Doug Anderson 
Hi Scott,

Symantic returns this type of message to the administrator account

Message contained a virus
Virus detected - [EMAIL PROTECTED]
The message was Deleted
The message was from <[EMAIL PROTECTED]>
The message was to [EMAIL PROTECTED]
Subject: Spam-Junk-Ad: bug announcement
Message-Id: <[EMAIL PROTECTED]>

I search the syslog for [EMAIL PROTECTED], grab the ip address from
there, look it up at dnsstuff and see where it's coming from. If it's a
country that we don't do business with or in, I've been adding them to the
my ip blacklist. I'm also contemplating adding them to the kill file.

In the last hour I've had over 75 from various ip's. I just find it strange
that the email address is mine (email admin), it's a new address (change in
spelling) and I typically don't subscribe to lists or news with a primary
address. The Swen virus is know for haunting lists and news groups, so I
thought I'd mention itso people can check themselves if they so desire.

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, January 26, 2004 11:02 AM
Subject: Re: [Declude.JunkMail] Question / interesting occurence


>
> >Is anyone getting on either of these lists getting slammed with
> >[EMAIL PROTECTED] virus?
>
> Our customers are seeing Swen account for about 10% of the viruses
> (excluding vulnerabilities).
>
> >Out Symantec AV is set to email the administrator warnings.
> >Reading through the warnings, they're coming from everywhere outside of
> >the us & canada.
>
> Are you referring to the From: or return address ("[EMAIL PROTECTED]") or
the
> country of the IP address (which is highly accurate)?
>
> >The weird part is they're only going at the email address I use for these
> >boards which was created when I setup imail. I don't use that email for
> >any other boards or lists.
>
> Then it sounds like someone with IMail caught the Swen virus, and it's
> getting sent out to you.
>
> IIRC, the return address of Swen is correct.  So if you can find the
return
> address (from an X-Declude-Sender: header or "MAIL FROM" in the IMail SMTP
> log file) you should find the person who was sending it to you.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Question / interesting occurence

2004-01-26 Thread Doug Anderson 



Is anyone getting on either of these lists getting slammed 
with [EMAIL PROTECTED] virus?
Out Symantec AV is set to email the administrator warnings. 

Reading through the warnings, they're coming from everywhere 
outside of the us & canada. The weird part is they're only going at the 
email address I use for these boards which was created when I setup imail. I 
don't use that email for any other boards or lists.
 
Strange.

[Declude.JunkMail] New MS updates & Bug Report emails making the rounds

2004-01-22 Thread Doug Anderson 



Thought I'd warn everyone
Some different/newer (I haven't seen it before) versions of 
two emails are floating around 
 
#1
From Microsoft Corporation Network Security
to Commercial customer
No subject
Attachment "UPGRADE88.exe"
It claims to be updates from microsoft.
 
#2
From Internet Delivery Service
To Net Recipient
Subject Bug Report
Text : I'm sorry the message returned below could not be 
delivered to the following addresses:
Attachment "ctge.exe"
 
They making the rounds. There 
were older versions, that we were catchingbut they've changed it a 
bit
 
So watch out.
 
Headers are
 
#1
Received: from FE-mail03.sfg.albacom.net [213.217.149.83] by 
mail.ameripride.org with ESMTP  (SMTPD32-8.05) id A2A9E2A0166; Thu, 22 
Jan 2004 00:50:17 -0600Received: from wyadonm (217.220.55.169) by 
FE-mail03.sfg.albacom.net 
(7.0.009)    id 400CF7D10001F68F; 
Thu, 22 Jan 2004 07:48:41 +0100Date: Thu, 22 Jan 2004 07:48:41 +0100 (added 
by [EMAIL PROTECTED])Message-ID: 
<[EMAIL PROTECTED]> 
(added by [EMAIL PROTECTED])FROM: 
"Microsoft Corporation Network Security Center" <[EMAIL PROTECTED]>TO: 
"Commercial Customer" <[EMAIL PROTECTED]>SUBJECT:  
Mime-Version: 1.0Content-Type: multipart/mixed; 
boundary="nxjzttswpsxvy"X-RBL-Warning: GIBBERISH: Message failed GIBBERISH 
test (line 137, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed 
ANTI-GIBBERISH test (line 106, weight 0)X-Declude-Sender: [EMAIL PROTECTED] 
[213.217.149.83]X-Declude-Spoolname: D72a90e2a01660543.SMDX-Note: This 
E-mail was scanned by Declude JunkMail (www.declude.com) for 
spam.X-Spam-Tests-Failed: GIBBERISH, ANTI-GIBBERISH [0]X-Note: This 
E-mail was sent from FE-mail03.albacom.net ([213.217.149.83]).X-RCPT-TO: 
xxStatus: UX-UIDL: 373063459
 
(at the end of the email)
 
Content-Type: application/x-msdownload;  n a m e = " U P 
G R A D E 8 8 . e x e "Content-Transfer-Encoding: 
base64Content-Disposition: attachment
 
#2
Received: from FE-mail04.sfg.albacom.net [213.217.149.84] by 
mail.ameripride.org with ESMTP  (SMTPD32-8.05) id A3A6E3A0166; Thu, 22 
Jan 2004 00:54:30 -0600Received: from xkxxp (217.220.55.169) by 
FE-mail04.sfg.albacom.net 
(7.0.009)    id 400CB88400024360; 
Thu, 22 Jan 2004 07:52:18 +0100Date: Thu, 22 Jan 2004 07:52:18 +0100 (added 
by [EMAIL PROTECTED])Message-ID: 
<[EMAIL PROTECTED]> 
(added by [EMAIL PROTECTED])FROM: 
"Internet Delivery System" <[EMAIL PROTECTED]>TO: "Net 
Recipient" <[EMAIL PROTECTED]>SUBJECT: Bug 
ReportMime-Version: 1.0Content-Type: 
multipart/alternative; boundary="fxsnozzuqz"X-RBL-Warning: 
GIBBERISH: Message failed GIBBERISH test (line 137, weight 0)X-RBL-Warning: 
ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 106, weight 
0)X-Declude-Sender: [EMAIL PROTECTED] 
[213.217.149.84]X-Declude-Spoolname: D73a60e3a0166e227.SMDX-Note: This 
E-mail was scanned by Declude JunkMail (www.declude.com) for 
spam.X-Spam-Tests-Failed: GIBBERISH, ANTI-GIBBERISH [0]X-Note: This 
E-mail was sent from FE-mail04.albacom.net ([213.217.149.84]).X-RCPT-TO: 
xxxStatus: UX-UIDL: 373063460
 

(at the end of the email)
 
Content-Type: audio/x-wav;  n a m e = " c t g e . e x e 
"Content-Transfer-Encoding: base64Content-Id: 

 

[Declude.JunkMail] Off topic - Ldap

2004-01-18 Thread Doug Anderson 
I tried this on the normal Imail list with no answers, so I figured since
this list is more of the imail power users I'd try here

I'm trying to write a vb.net program to query the ldap and create a 3
different files from it. one is a standard csv file, next is an ldif file
for importing into Win Addr Book, and 3rd is a format compatible to the
alias.txt file in users directories. This program runs nightly.

The problem I'm running into is you call Ldap : / / xx.xx.xx.xx /
ou=orgunit, o=org
(space intentional so I don't get a link)

since Imail's ldap is flat not a tree, I'm not sure what to put for the part
ou=orgunit, o=org

Any idea's?


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Russian letters

2003-12-31 Thread Doug Anderson 
Careful if using NonEnglish.
We have Spanish and French users - nonEnglish can catch them.
Don't want to piss off our friends to the north or south.

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 31, 2003 1:18 PM
Subject: Re: [Declude.JunkMail] Russian letters


>
> >Is there any way to delete the Russian type spam that you cant read
because
> >it is all in Russian but it is a nuisance.
>
> The NONENGLISH test is designed to do this.  You can use it by adding a
line:
>
>  NONENGLISH  nonenglish  x   x   0   0
>
> to your \IMail\Declude\global.cfg file.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Common/best practice?

2003-12-27 Thread Doug Anderson 
We're using the beta with
PREWHITELIST ON
AUTOWHITELIST ON
WHITELIST AUTH

and it seems to do what we need. It whitelists our "Authenticated users" and
they (the users) can whitelist via their address book

- Original Message - 
From: "Omar K." <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 27, 2003 12:55 PM
Subject: [Declude.JunkMail] Common/best practice?


> Assuming you are the only one that uses the mail server to send out
emails,
> would it be a good thing to white list your own server in declude's config
> files ?
>
> Also, my own mail server generates a lot of emails (through scripts) to
its
> own users, would whitelisting the IP address decrease the load on the
> server?
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] declude program suggestion (wishlist)

2003-12-23 Thread Doug Anderson 




Since old programmers never die, they just flip their 
bits...and Unix people...I won't go there...
I have a suggestion for our declude creators out 
there.
 
Under filters you can use CONTAINS, STARTSWITH, ENDSWITH 
or IS on any of the pieces of an email. I wouldn't mind
seeing a MATCHES qualifier which you could put a Full Regular 
_expression_ in with.
 
Then you use a statement like (for those not knowing regualar 
expressions)
 

x.y.z
 
where the period is 'anycharacter' so
x.y z = true
x y z = true
x-y-z = true
x--y--z = false

x t z = false
 
or in the same case
 
x.+y.+z
 
where the period is 'anycharacter' and the + sign means 1 or 
more 

x.y z = true
x y z = true
x-y-z = true
x--y--z = true
xy--z = false
 
all someone would have to do is link in 
vbscript.dll to make it 
work.

[Declude.JunkMail] Suggestion

2003-12-23 Thread Doug Anderson 



Since old programmers never die, they just flip their 
bits...and Unix people...I won't go there...
I have a suggestion for our declude creators out 
there.
 
Under filters you can use CONTAINS, STARTSWITH, ENDSWITH 
or IS on any of the pieces of an email. I wouldn't mind
seeing a MATCHES qualifier which you could put a Full Regular 
_expression_ in with.
 
Then you use a statement like
 
chat.with.me
 
where the period is 'anycharacter' so
chat.with me = true
chat with me = true
chat-with-me = true
chat--with--me = false
 
or in the same case
 
chat.+with.+me
 
where the period is 'anycharacter' and the + sign means 1 or 
more 

chat.with me = true
chat with me = true
chat-with-me = true
chat--with--me = true
 
It's just a suggestion

Re: [Declude.JunkMail] Stupid question

2003-12-22 Thread Doug Anderson 
For all those "answering back"

Quill was just an example. I check into a sender before bl'ing them and
attempt list removal if they have it.

- Original Message - 
From: "Matthew Bramble" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 22, 2003 9:52 AM
Subject: Re: [Declude.JunkMail] Stupid question


> Just another follow-up.  This might be dangerous to blacklist anything
> from quill.com since they are an ecommerce site and you may very well be
> blocking receipts and other order related information.  It would then be
> safer to go after the MAILFROM, though this won't work if they change
> the third-party bulk mailer.
>
> MAILFROM  15  CONTAINS  quill.rsc01.com
>
> I generally unsubscribe customers from such lists when they report it as
> spam since they seem legit and they are probably only being sent E-mail
> because they have done business with the site.
>
> Matt
>
>
> Doug Anderson wrote:
>
> > I'm setting up a Sender "Black list" Given the following header, what
> > would I put in my black list file?
> > Is it the reply to or the from I need to look at?
> > In this instance I would like to kill everything from quill.com, so
> > would I just use that?
> >
> > Received: from om-quill.rgc3.net [66.35.244.68] by mail.ameripride.org
> > with ESMTP
> >   (SMTPD32-8.04) id A88E1B4014A; Wed, 10 Dec 2003 09:15:26 -0600
> > Received: by om-quill.rgc3.net (PowerMTA(TM) v2.0r5) id hqss6804faso;
> > Wed, 10 Dec 2003 07:14:44 -0800 (envelope-from <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>>)
> > MIME-Version: 1.0
> > Content-Type: text/html;
> >  charset="ISO-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> > Date: Wed, 10 Dec 2003 07:14:44 -0800
> > From: "Quill.com" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
> > Reply-To: "Quill.com" <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>>
> > Subject: Quill Values Your Opinion
> > X-cid: quil.954.1
> > To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > Message-Id: <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>>
> > X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with
> > spam [420e].
> > X-Declude-Sender: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > [66.35.244.68]
> > X-Declude-Spoolname: D388e01b4014a4491.SMD
> > X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com
> > <http://www.declude.com>) for spam.
> > X-Spam-Tests-Failed: IPNOTINMX, NOLEGITCONTENT, SPAMHEADERS [3]
> > X-Note: This E-mail was sent from (timeout) ([66.35.244.68]).
> > X-RCPT-TO: <[EMAIL PROTECTED]
> > <mailto:[EMAIL PROTECTED]>>
> > Status: U
> > X-UIDL: 367773216
> >
>
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Stupid question

2003-12-22 Thread Doug Anderson 



I'm setting up a Sender "Black list" Given the following 
header, what would I put in my black list file?
Is it the reply to or the from I need to look at? 

In this instance I would like to kill everything from 
quill.com, so would I just use that?
 
Received: from om-quill.rgc3.net [66.35.244.68] by 
mail.ameripride.org with ESMTP  (SMTPD32-8.04) id A88E1B4014A; Wed, 10 
Dec 2003 09:15:26 -0600Received: by om-quill.rgc3.net (PowerMTA(TM) v2.0r5) 
id hqss6804faso; Wed, 10 Dec 2003 07:14:44 -0800 (envelope-from <[EMAIL PROTECTED]>)MIME-Version: 
1.0Content-Type: 
text/html; charset="ISO-8859-1"Content-Transfer-Encoding: 
quoted-printableDate: Wed, 10 Dec 2003 07:14:44 -0800From: "Quill.com" 
<[EMAIL PROTECTED]>Reply-To: 
"Quill.com" <[EMAIL PROTECTED]>Subject: 
Quill Values Your OpinionX-cid: quil.954.1To: [EMAIL PROTECTED]Message-Id: 
<[EMAIL PROTECTED]>X-RBL-Warning: 
SPAMHEADERS: This E-mail has headers consistent with spam 
[420e].X-Declude-Sender: [EMAIL PROTECTED] 
[66.35.244.68]X-Declude-Spoolname: D388e01b4014a4491.SMDX-Note: This 
E-mail was scanned by Declude JunkMail (www.declude.com) for 
spam.X-Spam-Tests-Failed: IPNOTINMX, NOLEGITCONTENT, SPAMHEADERS 
[3]X-Note: This E-mail was sent from (timeout) 
([66.35.244.68]).X-RCPT-TO: <[EMAIL PROTECTED]>Status: 
UX-UIDL: 367773216
 
 

Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Doug Anderson 
>From an earthlink dsl user

Ping test
1 wltx.com 56 60 Success
2 wltx.com 56 60 Success
3 wltx.com 56 60 Success
4 wltx.com 56 60 Success
5 wltx.com 56 60 Success

trace rt
1 0 0 172.16.0.254
2 35 35 172.31.255.251
3 30 -5 192.168.5.53
4 30 0 209.247.34.177 ge-8-0-131.ipcolo1.Chicago1.Level3.net
5 30 0 4.68.112.201 so-7-0-0.bbr1.Chicago1.Level3.net
6 70 40 64.159.0.234 so-0-0-0.bbr1.NewYork1.Level3.net
7 60 -10 64.159.17.3 ge-6-0.ipcolo1.NewYork1.Level3.net
8 70 10 209.244.13.198 so-10-0.hsa1.Newark1.Level3.net
9 65 -5 64.156.0.26 unknown.Level3.net
10 Timed out
11 70 5 66.54.32.202 gannetttv.cust.loudcloud.com

Official name: wltx.com (stack DNS)
IP address: 66.54.32.202

wltx.com. (Earthlink DNS)
nameserver = ns1.infi.net.
wltx.com.
nameserver = ns2.infi.net.
wltx.com.
66.54.32.202

Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: WLTX.COM
   Registrar: NETWORK SOLUTIONS, INC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com
   Name Server: NS1.INFI.NET
   Name Server: NS2.INFI.NET
   Status: ACTIVE
   Updated Date: 18-dec-2003
   Creation Date: 19-dec-1997
   Expiration Date: 18-dec-2007

Scan (DNS,FTP,HTTP,POP3,SMTP,ECHO,GOPHER,NNTP,TIME,IMAP)
066.054.032.202 HTTP gannetttv.cust.loudcloud.com


Stupid question, what are you testing with? W2k? Turn of DNS Client Service
and Clear DNS Cache...just a thought.



- Original Message - 
From: "Darrell LaRock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 19, 2003 8:46 PM
Subject: Re: [Declude.JunkMail] OT: DNS Issue (HELP)


> I am absolutly baffled.
>
> Eathlink Dial-up - Does not work
> Charter Cable Connection - Does not work
> AT&T T1 using local bind server - Works
> Roadrunner Cable - Does not work
> AOL - Intermittent.
> Several users who replied - Works
>
> Darrell
>
>
> -- Original Message --
> From: Scott Winberg <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date:  Fri, 19 Dec 2003 19:13:55 -0700
>
> >Hello Darrell,
> >
> >Working from here. Denver, CO area.
> >
> >
> >Scott
> >
> >Friday, December 19, 2003, 6:59:06 PM, you wrote:
> >
> >Darrell> This is off topic, but I need some help in a bad way to figure
out a DNS problem I am having that is preventing one of our sites from
receiving mail and thier web site from loading.
> >
> >Darrell> We recently (this week) switched the name servers from our
current provider to another provider.   The zone files are duplicate between
providers.
> >
> >Darrell> However, something is seriously wrong as the major ISP's can't
resolve it (Earthlink, Charter, Some AOL Users, Road Runner).  This occured
right after the whois info was updated to the new
> >Darrell> authoratative servers.
> >
> >Darrell> Now the crazy thing is I can resolve the site using the auth.
servers, but not off one of Earthlink's or charters.
> >
> >Darrell> The site is "wltx.com".
> >
> >Darrell> Can you resolve it?
> >
> >Darrell> How can I verify that the site did not fall out of the root
servers? Anyone else have any input?
> >
> >Darrell> Darrell
> >Darrell> ---
> >Darrell> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
> >
> >Darrell> ---
> >Darrell> This E-mail came from the Declude.JunkMail mailing list.  To
> >Darrell> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >Darrell> type "unsubscribe Declude.JunkMail".  The archives can be found
> >Darrell> at http://www.mail-archive.com.
> >
> >
> >
> >-- 
> >
> > Scottmailto:[EMAIL PROTECTED]
> >
> >---
> >[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
> >
> >---
> >This E-mail came from the Declude.JunkMail mailing list.  To
> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >type "unsubscribe Declude.JunkMail".  The archives can be found
> >at http://www.mail-archive.com.
> >
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] SPAMCOP Question

2003-12-19 Thread Doug Anderson 



I was looking at the headers and saw SPAMCOP : 
Blocked
 
Is that how it should be - what it's returning? If not, ideas 
on what could be wrong?
 
 
X-RBL-Warning: SORBS-SPAM: Spam Received See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21X-RBL-Warning: 
SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?66.111.254.21X-RBL-Warning: 
SPAMHEADERS: This E-mail has headers consistent with spam 
[4000120e].X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 
303, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH 
test (line 283, weight 0)X-RBL-Warning: BLASTER: Message failed BLASTER test 
(line 3, weight 0)X-Declude-Sender: [EMAIL PROTECTED] 
[66.111.254.21]X-Declude-Spoolname: D25320b0a00f84423.SMDX-Note: This 
E-mail was scanned by Declude JunkMail (www.declude.com) for 
spam.X-Spam-Tests-Failed: SORBS-SPAM, SPAMCOP, SPAMHEADERS, GIBBERISH, 
ANTI-GIBBERISH, BLASTER, WEIGHT10, WEIGHT20 [22]X-Note: This E-mail was sent 
from net21.netholdem.com ([66.111.254.21]).X-RCPT-TO: <[EMAIL PROTECTED]>Status: 
UX-UIDL: 367795725

Re: [Declude.JunkMail] Active X filter

2003-12-18 Thread Doug Anderson 



what will it filter out? Anything with ActiveX embedded in the 
HTML of the email. From our system that would be ads for "micro shaver", some 
miracle bra, a travel "good dealz" ad, and as seen on TV ads.
 
I'm not familar with mypoints.com adshaven't seen any 
yet.
 
Typically, you'll recognize them when the email comes and you 
have your internet browsing set at high or medium security.

  - Original Message - 
  From: 
  Richard 
  Farris 
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, December 18, 2003 3:28 
  PM
  Subject: Re: [Declude.JunkMail] Active X 
  filter
  
  What will this filter out...will it filter out 
  email like  MyPoints.com which is not a good idea..
  Richard FarrisEthixs Online1.270.247. 
  Office1.800.548.3877 Tech Support
  
- Original Message - 
From: 
Doug Anderson 
To: [EMAIL PROTECTED] 

Sent: Thursday, December 18, 2003 2:48 
PM
Subject: [Declude.JunkMail] Active X 
filter

If anyone wants
 
BODY 4 CONTAINS BODY 4 CONTAINS .cab#version=BODY 4 CONTAINS 

[Declude.JunkMail] Active X filter

2003-12-18 Thread Doug Anderson 



If anyone wants
 
BODY 4 CONTAINS BODY 4 CONTAINS .cab#version=BODY 4 CONTAINS 

[Declude.JunkMail] Filter question

2003-12-16 Thread Doug Anderson 



This may sound stupid, but if I create a filter searching for 
a string in an email...
BODY 2 CONTAINS xyz
and the email contains 4 instances of that string
now is the xyx time for all xyz good men xyz to come 
to the aid xyz of their country
does the filter return an internal value of 8 or 
2?
 

Re: [Declude.JunkMail] whitelist

2003-12-15 Thread Doug Anderson 
I have the beta in place already, users all have to authenticate (no relay
what-so-ever)
Any additional settings or reg hacks?

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 15, 2003 1:07 PM
Subject: Re: [Declude.JunkMail] whitelist


>
> >What is auth in the commented out whitelist?
>
> "WHITELIST AUTH" will automatically whitelist E-mail where IMail lets
> Declude JunkMail know that the user authenticated (which happens with
IMail
> v8).  It is commented out because it is only available in the latest beta,
> and a warning will appear in the log file for previous versions of Declude
> JunkMail.
>
> >I'm trying to bypass spam testing for internal emails on the local
> >network, any examples?
>
> If your users authenticate, and you are using IMail v8 and the latest beta
> of Declude JunkMail, WHITELIST AUTH would be a good idea.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] whitelist

2003-12-15 Thread Doug Anderson 



What is auth in the commented out whitelist?
I'm trying to bypass spam testing for internal emails on the 
local network, any examples?
 
Right now I have in global
PREWHITELIST ONWHITELIST HABEASAUTOWHITELIST   
ON#WHITELIST AUTHWHITELIST IP 192.168.0.0/22WHITELIST IP 
10.1.0.0/22WHITELIST IP 10.1.4.0/22WHITELIST IP 
10.1.12.0/22WHITELIST IP 10.1.16.0/22WHITELIST IP 10.1.20.0/22(and 
soforth for all the addresses within our network)
 
Right track or barking up the wrong 
tree?

Re: [Declude.JunkMail] WHITELIST AUTH

2003-12-15 Thread Doug Anderson 
So in Global if I have

PREWHITELIST ON
WHITELIST IP XXX.XXX.XXX.XXX/XXX

where XXX.XXX.XXX.XXX/XXX is an ip in our local range

it will bypass all spam tests?
(using 8.04 & 1.77)

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, December 15, 2003 10:25 AM
Subject: Re: [Declude.JunkMail] WHITELIST AUTH


>
> >Question, when using this in the Global.cfg and Imail 8.x, do the tests
> >still run and no action, or does it cause tests not to run?
>
> With "PREWHITELIST ON", the tests will not be run (for WHITELIST
> AUTH).  Otherwise, they will be run.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] declude junkmail and external tests (info)

2003-12-12 Thread Doug Anderson 
oPPs!

I think the %REVDNS% was getting timeout because both the box and imails dns
settings were still set to the ip of the box (durning install and testing
phase) for the primary. Modified them to point to the dns server. It was the
only thing having dns issues to my knowledge (users weren't complaining).

Does it always return the text '(Private IP)' for internal addresses?



- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 12, 2003 3:24 PM
Subject: Re: [Declude.JunkMail] declude junkmail and external tests (info)


>
> >so if I have in global.cfg:
> >PHRASESCAN external nonzero "D:\Imail\mail_ameripride_org\phrscan.exe
> >%REVDNS%" 10 0
> >
> >it will give me:
> >phrscan (Private IP) c:\IMail\spool\D1234567.SMD
> >phrscan (timeout) c:\IMail\spool\D1234567.SMD
> >
> >depending on internal emails vs external emails
>
> Correct.
>
> >or does %REVDNS% actually give something I'm not seeing and it is
replaced
> >in the header?
> >When I look at the headers %REVDNS% returns the private or timeout
>
> That would occur if your DNS server is only returning certain answers, and
> timing out on others.  That's going to cause a lot of problems -- you
> should look into why that is happening.
>
> Normally, if everything (on your end and the remote end) is set up
> properly, the %REVDNS% variable will display the reverse DNS entry of the
> IP that connected to your server.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] declude junkmail and external tests (info)

2003-12-12 Thread Doug Anderson 
so if I have in global.cfg:
PHRASESCAN external nonzero "D:\Imail\mail_ameripride_org\phrscan.exe
%REVDNS%" 10 0

it will give me:
phrscan (Private IP) c:\IMail\spool\D1234567.SMD
phrscan (timeout) c:\IMail\spool\D1234567.SMD

depending on internal emails vs external emails

or does %REVDNS% actually give something I'm not seeing and it is replaced
in the header?
When I look at the headers %REVDNS% returns the private or timeout

- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 12, 2003 1:24 PM
Subject: Re: [Declude.JunkMail] declude junkmail and external tests (info)


>
> >if I'm passing a variable as a parameter would it be equal to
program-name
> >%variable% c:\IMail\spool\D1234567.SMD or program-name
> >c:\IMail\spool\D1234567.SMD %variable%
> >
> >I need the recieving order of the "parameter list"
>
> The variables will appear before the spool file name.  The spool file name
> will be the last parameter.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] declude junkmail and external tests (info)

2003-12-12 Thread Doug Anderson 




Previously posted on Imail site:
> When does declude junkmail add it's xheaders? Do it add 
as it conducts it's test(s)? can I conduct a test (if exists) on a previously 
added header?
 
Maybe I should explain it better
I wrote an external phrase test program. I'm trying to come up with a way 
of bypassing the test/program if the email is orginating from with the local 
domain.
 
I've read the manual and I can pass variables to the external file per the 
paragraph :

For more flexibility, you can have Declude JunkMail pass parameters 
to your program, using variables. For example, you can set up the test as 
'TESTNAME external returnvalue "filename %INOROUT%"', which would send the 
%INOROUT% variable as a parameter to your program (which would be "incoming" for 
an incoming E-mail, or "outgoing" for an outgoing E-mail).
if I'm passing a variable as a parameter would it be equal to program-name 
%variable% c:\IMail\spool\D1234567.SMD or 
program-name c:\IMail\spool\D1234567.SMD %variable%
I need the recieving order of the "parameter list"