RE: [Declude.JunkMail] Outlook Boundary Space Gap vulnerability
Hello All, I've been searching the archives to do with false positives with the outlook Boundary Space Gap vulnerability, and found a post (http://www.mail-archive.com/declude.virus@declude.com/msg12093.html) that seems to cover the same problem as I've found, whereby the senders use Outlook > Exchange and then MIMEsweeper, and Declude detects the OBSGV. The post mentions Outlook using a TAB to folder headers, and MIMEsweeper replacing this with 4 spaces. Although this does not seem to be breaking a specific RFC, would people view this as sloppy coding on Clearswifts part, or Declude incorrectly detecting a OBSGV? Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)9063407727 (calls cost £1.50/minute) Fax: +44(0)8712360300 Web: www.uksubnet.net Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Orphan files in work directory
Hi David, They are .sm$ files which all seem to be spam that have been 'ATTACHED'. > What is the content of the D file? Eg, is it spam, legit, > list request ? > > David B > www.declude.com > Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)9063407727 (calls cost £1.50/minute) Fax: +44(0)8712360300 Web: www.uksubnet.net Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Orphan files in work directory
Hi, just noticed I have orphan D files in the proc/work directory. Why would this be? Shouldn't they at least be moved back into \spool ? Regards, Lyndon Eaton E: [EMAIL PROTECTED] T: +44(0)8712360301 F: +44(0)8712360300 For all your consumable requirements www.premier-consumables.co.uk Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)9063407727 (calls cost £1.50/minute) Fax: +44(0)8712360300 Web: www.uksubnet.net Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HiJack Deccon in 3.0.5
OK thanks for confirming. Regards, Lyndon Eaton > John is correct we are replacing the Console with new > functionality. This is currently in design and we will update > you just as soon as we have a clearer picture of the delivery date. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)9063407727 (calls cost £1.50/minute) Fax: +44(0)8712360300 Web: www.uksubnet.net Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HiJack Deccon in 3.0.5
Hi, Just upgraded to Declude version 3.0.5 today (from 1.8!) and I'm a little unsure of how to monitor HiJack. Can't get the deccon.exe to open although I know declude now runs as a service. Had a look at the HiJack manual but can't find anything and done a quick search in the archives too. What am I missing? Could anyone point me in the right direction? Thanks. Lyndon Eaton. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)9063407727 (calls cost £1.50/minute) Fax: +44(0)8712360300 Web: www.uksubnet.net Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail 8.1 LOGLEVEL
Hello Guys! On 4th October I upgraded to Declude 1.81 by overwritting the declude.exe - I left our existing global.cfg and all other files inplace. It would seem that the only entries appearing in the declude log files since then are those for emails that are whitelisted either by authentication or IP. IE: 10/07/2004 23:52:44 Qc8bb2f91014a74eb E-mail whitelisted - automatically passing all spam tests [194.62.46.] 10/07/2004 23:53:44 Q5a4612f09d8 Skipping E-mail from authenticated user virus2; whitelisted. I have LOGLEVEL set to LOW and LOG_OK set to NONE. Before upgrading I would see lines such as: 10/04/2004 00:02:11 Q84e68aa9011c7282 Tests failed [weight=68]: DSBL=ATTACH SPAMCOP=ATTACH 10/04/2004 00:02:19 Q84f68aac011cafab Tests failed [weight=5]: MAILFROM=WARN IPNOTINMX=IGNO Should I now be doing more than just replacing the declude.exe when upgrading, have the paramerters for LOGLEVEL changed, or is it a bug? Regards, Lyndon Eaton E: [EMAIL PROTECTED] T: +44(0)8712360301 F: +44(0)8712360300 Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)9063407727 (calls cost £1.50/minute) Fax: +44(0)8712360300 Web: www.uksubnet.net Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Attach action
I don't see how you could do this for the information I want. I want domain to & from, size of email & number of recipients. To take into account all those things by also including lines from the declude logs, your program would have to search out the Q names and follow the trail as you would do manually when following the flow. Adding some options to the actions within declude would not only increase its features and make it a more dynamic product but also give me what I want :) > -Original Message- > From: Darin Cox [mailto:[EMAIL PROTECTED] > Sent: 07 June 2004 14:57 > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Attach action > > > Why don't you just report on the Declude logs? Then you can > parse it to see how many spam and non-spam messages are sent > and received. > > Darin. > > > - Original Message - > From: "Lyndon Eaton" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, June 07, 2004 9:34 AM > Subject: RE: [Declude.JunkMail] Attach action > > > Hello everyone > > I have a questions about a function of Declude. Not sure if > anything similar to what I want to achieve is possible, but > if not would like to add this to your wish list. > > We have a small program that scans through the Imail logs and > exports the contents of the rdeliver & ldeliver lines to a > database. We then use the database to monitor how many emails > we send/receive per domain. > > We also use the attach action in JunkMail, as I think this is > the best way for individual users to manage their spam. > > The problem I have is that I only want to know how many non > spam emails have been sent/received per domain. So if a > domain receives 100 emails where 30 are spam, I only want the > 70 genuine emails to be reported. > > The only way I can think of doing this would be to allow a > domain prefix or alternate domain parameter to the attach > action. So if an email is sent to [EMAIL PROTECTED] and is > detected as spam, the ATTACH action is run but prefixes or > alters the domain to prefix.domain.com. That way when running > a query in the access database, prefix.domain.com (all the > spam) will not be included when running a query on domain.com. > > I don't think this is possible at present, but does anybody > have any other ideas as to how this can be done? > > Regards, > Lyndon Eaton (CASE) > E: [EMAIL PROTECTED] > T: +44(0)8712360301 > F: +44(0)8712360300 > > > > > Email checked by UKsubnet anti-virus service > To prevent email abuse & block spam > contact [EMAIL PROTECTED] > Tel: +44(0)8712360301 Web: www.uksubnet.net > Fax: +44(0)8712360300 > > Powered by UKsubnet Internet Service Provider > Business to Business Internet (ISP) > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Attach action
Hello everyone I have a questions about a function of Declude. Not sure if anything similar to what I want to achieve is possible, but if not would like to add this to your wish list. We have a small program that scans through the Imail logs and exports the contents of the rdeliver & ldeliver lines to a database. We then use the database to monitor how many emails we send/receive per domain. We also use the attach action in JunkMail, as I think this is the best way for individual users to manage their spam. The problem I have is that I only want to know how many non spam emails have been sent/received per domain. So if a domain receives 100 emails where 30 are spam, I only want the 70 genuine emails to be reported. The only way I can think of doing this would be to allow a domain prefix or alternate domain parameter to the attach action. So if an email is sent to [EMAIL PROTECTED] and is detected as spam, the ATTACH action is run but prefixes or alters the domain to prefix.domain.com. That way when running a query in the access database, prefix.domain.com (all the spam) will not be included when running a query on domain.com. I don't think this is possible at present, but does anybody have any other ideas as to how this can be done? Regards, Lyndon Eaton (CASE) E: [EMAIL PROTECTED] T: +44(0)8712360301 F: +44(0)8712360300 Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT what a con
Thought you all might like to have a laugh at this: www.unsubscribenow.org Bit of a con really... Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT SPF PTR Problem
Thanks Scott, I did just work this out and was about to post back to the list when I read your reply. Many thanks for your response! Lyndon. > -Original Message- > From: R. Scott Perry [mailto:[EMAIL PROTECTED] > Sent: 14 May 2004 17:06 > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] OT SPF PTR Problem > > > > >I have therefore added a ptr:directpceu.com record to the > domain, and > >tested it here: > >http://www.dnsstuff.com/tools/spf.ch?server=bedstone.org&ip=6 2.128.191. >2 >6 > >This page and the SPF test page both say the email should fail. Even >though 62.128.191.26 has a reverse ending in directpceu.com The catch here is a technicality of SPF, where it won't allow the "ptr:" to pass if the PTR record matches, but has no A record pointing back to the same IP. So in this case, relay03-1.direcpceu.com does contain "direcpceu.com", but since relay03-1.direcpceu.com does not have an A record, it doesn't pass the test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT SPF PTR Problem
Hi! I have added many SPF records to all of my domains, and so far not had a problem. With one domain however I have a strange issue. The domain is bedstone.org - and most outbound IP addresses for this domain will have a reverse lookup ending in direcpceu.com. I have therefore added a ptr:directpceu.com record to the domain, and tested it here: http://www.dnsstuff.com/tools/spf.ch?server=bedstone.org&ip=62.128.191.2 6 This page and the SPF test page both say the email should fail. Even though 62.128.191.26 has a reverse ending in directpceu.com Any ideas? This is really puzzling me! Regards, Lyndon Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Logs
Hi Jeffrey, You'll need to provide a little more information than that. All that log snippet shows is that domain.com isn't local, which in itself is not an issue or a reason to not deliver an email (providing you are allowing relay for the sender). Declude HiJack will only block emails based on sender IP, not recipient domain, so unless the senders IP is being blocked by HiJack, HiJack won't be the problem. If this is the case, and the sender IP is being stopped by HiJack - no emails from that IP will be delivered. Are the clients that are having problems on static or dynamic IP addresses? Also are there any files in your \imail\spool\spam\hold2 directory? If not this would confirm HiJack isn't stopping anything. I'd check the general Imail SMTP logs first, depending on what you have there would indicate where to look next. Regards, Lyndon. > -Original Message- > From: Jeffrey M Donley [mailto:[EMAIL PROTECTED] > Sent: 22 April 2004 13:33 > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Hijack Logs > > > Hi, > I am new to the declude world and inherited a network that > utilizes all 3 of the declude solutions. I am using Imail 7.5 > and declude 1.75. > > I have received several complaints from customers stating > that email has not arrived to certain recipients. When > researching this I found that the recipients are listed in > the hijack log. Here is a snippet of the log. I have looked > and can not find clarification on what is going on, any help > would be appreciated. > > 04/22/2004 00:01:01 Q437c088e00f224cb [EMAIL PROTECTED] is not local. > > jeff > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Logs
Could you clarify one thing for me: The emails that are not being delivered to the recipients - are they inbound or outbound? IE is your client the recipient your is your client the sender? > -Original Message- > From: Jeffrey M Donley [mailto:[EMAIL PROTECTED] > Sent: 22 April 2004 13:33 > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Hijack Logs > > > Hi, > I am new to the declude world and inherited a network that > utilizes all 3 of the declude solutions. I am using Imail 7.5 > and declude 1.75. > > I have received several complaints from customers stating > that email has not arrived to certain recipients. When > researching this I found that the recipients are listed in > the hijack log. Here is a snippet of the log. I have looked > and can not find clarification on what is going on, any help > would be appreciated. > > 04/22/2004 00:01:01 Q437c088e00f224cb [EMAIL PROTECTED] is not local. > > jeff > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] MS DNS and SPF
I should be able to help you there, what's the problem? > -Original Message- > From: serge [mailto:[EMAIL PROTECTED] > Sent: 17 April 2004 16:06 > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] MS DNS and SPF > > > Need assitance setting my SPF records on windows DNS > Anyone ? > Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
I'm interested. Thanks. Original Message From: Bud Durland Subject: [Declude.JunkMail] New test Date: Wed, 14 Apr 2004 06:05:40 -0700 I am testing a small external test program. A message fails the test if there is an discernable IP address in the HELO entry of the message. These fail the test: > Received: from host-68-212-107-146.msy.bellsouth.net [68.212.107.146] by mrpcap.com > Received: from ip-62-129-160-91.evhr.net [62.129.160.91] by mrpcap.com > Received: from acs-24-154-41-142.zoominternet.net [24.154.41.142] by mrpcap.com Only the bolded part of the line (HELO name) is tested. Basically, dashes become 'dots', and anything other than numbers and dots are stripped out. If what remains looks like a valid 4-octet IP address, the test fails. These entries would NOT fail -- stray number make the location of the IP ambiguous > Received: from wbar3.lax1-4-8-227-083.dsl-verizon.net [4.8.227.83] by mrpcap.com > Received: from c-24-125-42-12.va.client2.attbi.com [24.125.42.12] by mrpcap.com For testing, I set it up with 0 weight and a HOLD action. So far, it has not flagged anything that was not spam. If anyone is interested in trying it out, let me know. I'll probably be putting it up for download from my web site later this week. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack questions
> So that makes it unusable for dial up connections. > Still can be usefull for our wireless clients, those are > assigned fixed IPs. But we will have to "hijack white list" > all the Dial up IPs, correct ? No it still works for dialups - We have dynamic & static users and have not had this problem. We run a script (from the declude site) that sends an email when messages hit hold2. Only yesterday Declude stopped 25,000-30,000 spams from going out from a client who had been attacked using SMTP AUTH. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijak questions
I only know the answer to point 1, this would count as 20 messages. Don't think 2 or 3 are possible. I also have a question about HiJack... Authenticated users are still bound to the hijack limits aren't they? -Original Message- From: Serge [mailto:[EMAIL PROTECTED] Sent: 06 April 2004 02:24 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hijak questions 1- A message with 20 recipients, does it count as 1 message or 20 message toward the threshold? 2- If a user exeeds therhold 1, and not 2, is there a way to release his hold messages at a certain hour, instead than after x Minutes ? 3- Can we set thresholds on size/MB instead of number of messages ? TIA Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting & SPF
Hi Scott, I'm running 1.78i28. PREWHITELIST is only entered once in the global.cfg, so no overriding. I have 7 whitelist lines in the global.cfg, three are IP ranges, three are domains, and the 7th is an ANYWHERE whitelist. In the Global.cfg, PREWHITELIST ON is above my WHITELISTs (if that makes any difference?) Regards, Lyndon > Are you running v1.70 or later? Do you also have a line > "PREWHITELIST OFF" > (which could override the ON setting)? Where exactly is the > whitelist (is > it a WHITELIST IP line in the \IMail\Declude\global.cfg file, > which should > work with PREWHITELIST ON)? Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting & SPF
Sorry, I also have a WHITELIST AUTH. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting & SPF
Hi Scott, Having added PREWHITELIST ON in my GLOBAL.CFG file, my server still seems to be running the SPFFAIL test on 'local'/whitelisted IP addresses. Any ideas? Thanks, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Is IMail Server Upgrade Worth It? 6.06 -> 8.01
We've just upgraded from Imail 6.06 to 8.05 (but now 8.1 is out). I really wanted to upgrade because there are a number of issues with v6 (and I believe pre 7) that I didn't think were good at all. Small % of miss deliveries, trying to send mail to domain A records instead of MX, display bug with W2K SP4, the fact that icons in web messaging didn't always load. So we upgraded. Unfortunately I seem to have a problem with the retry timer. It's set to try sending mail every 30 minutes, with 96 attemps - this works out at 48 hours. However Imail seems to try sending more than once a minute meaning that 48 hours drops to just over 2! Waiting for a reply from Imail support but not hopfully, havn't found them very helpful in the past - hopefully they'll surprise me this time. Regards, Lyndon. -Original Message- From: Dan Geiser [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 21:01 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: Is IMail Server Upgrade Worth It? 6.06 -> 8.01 Hello, All, We are currently running IMail Server 6.06. We are considering upgrading to the newest version of IMail and I was interested in knowing whether the users of this list think the upgrade is worth the price tag? Does anyone know if there's any reduced upgrade pricing? Are the features in the latest versions of IMail of any benefit? One of the main reasons we are even considering not upgrading is because IMail Server 6.06 has been so stable for us. We literally have not had a problem with it, ever. We currently have about 200 domains hosted on the server and I don't know if I want to deal with the fallout and learning curve in getting the customers accustomed to the new way of doing things, if any, either. I'd be interested in your feedback. Thanks, Dan Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting & SPF
> To do that, you can add a line "PREWHITELIST ON" to the > \IMail\Declude\global.cfg file. With that line, Declude > JunkMail will > prevent tests from being run for many of the various types of > whitelists > (including the WHITELIST IP lines in the global.cfg file). Ahh brilliant. Thanks for that! Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelisting & SPF
Hello all, I've recently added SPF records to all our domains and want to keep a close eye on which users are not sending mail out through our server (via my DNS server logs), and which emails we are receiving that are failing SPF checks. I'm getting a lot of fails in the SPF log from my own clients sending via my server, because I haven't added their dialup ranges into their SPF records - the SPF records only contain my server range of addresses. My dialup IPs are all white listed in declude, so with this being the case, should declude not skip the SPF testing? If not would it be possible to do so? Thanks, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] v1.78i28 Hijack / Deccon
My fault! Sorry... The console was appearing, and everything in it but the relay section. I didn't wait long enough for a host that wasn't whitelisted to send to me :) Sorry Lyndon. > -Original Message- > From: R. Scott Perry [mailto:[EMAIL PROTECTED] > Sent: 26 March 2004 18:12 > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] v1.78i28 Hijack / Deccon > > > > >I'm running Declude v1.78i28 and have just noticed the > HiJack info is > >not appearing in the console. I've had a look through the > archive and > >noticed a previous interim has this problem, the post indicated > >upgrading to a later interim... > > Is the console appearing? If so, what is missing from it? > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader > in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] v1.78i28 Hijack / Deccon
Hi! I'm running Declude v1.78i28 and have just noticed the HiJack info is not appearing in the console. I've had a look through the archive and noticed a previous interim has this problem, the post indicated upgrading to a later interim... Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WARN
Last week (I think) I sent an email asking how I can see why an email failed the BADHEADERS test when I'm also using the ATTACH action. The answer was that the WARN headers would have been displayed in the spamattach email. I've had another email where I could do with identifying why an email failed the BADHEADER test, but when I go to view the header info in the spamattach email, as with the attached email that internet headers are blank. I think this is because Exchange strips them? Because of this is there another simple way I can find out specifically triggered the BADHEADER test to fail? Or prevent exchange from stripping these headers? Thanks, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Sales call on new domain
In that case what registrar do you use Todd? Im with Tucows and never had such calls either. > -Original Message- > From: Dave Doherty [mailto:[EMAIL PROTECTED] > Sent: 25 March 2004 19:46 > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] OT: Sales call on new domain > > > Todd- > > Sounds like your registrar is selling their data. > > I've never had such a sales call using either Bulk Register > or Network Solutions > > -Dave Doherty > Skywaves, Inc. > > Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF - ignore internal IP
Have you tried WHITELISTing your internal IP range? > -Original Message- > From: Kaj Søndergaard Laursen [mailto:[EMAIL PROTECTED] > Sent: 24 March 2004 14:22 > > Hi > > I finally got spf set up for my domain. I'm running Imail + > declude as a > gateway scanner, so it only relays mail to and from the two > mailservers. So > now I see that mail from my mail-servers are tested with spf, > and get an > result of unknown (I use v=spf1 mx ?all). > > Should I set this up differently? Listing internal ip's or > names in the > spf1 record does not seem to be the right solution. > > Regards, > > Kaj > Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CMDSPACE
> WHITELIST AUTH can work only if you use SMTP-Authentication > to allow relaying trough your server. Yep I know. But as we're only using Imail 6 ATM the WHITELIST AUTH does not work (although the clients are authing). > If your clients connects from a defined IP range(s) you can > use the same > range(s) for whitelisting in declude. That's what we currently do > When there is a customer from outside this IP range(s) then > you should already found a solution to allow relaying for > this client. I think you use SMTP-Authentication, or you > allow relaying for his (hopefully) static IP. The solution will by SMTP Auth - so that I don't have to maintain an whitelist of external IP's. However I'm temporarily whitelisting a single static IP for this client. > What has WebMessaging to do with the CMDSPACE problem? WM has nothing to do with CMDSPACE. What I meant to get across is that CMDSPACE and HELOBOGUS are causing us a problem (plus no REVDNS with that provider). Having Imail 8 would allow us to use WHITELIST AUTH which is what I want to use. Unfortunately I am not allowed to install Imail 8 yet because my director isnt happy with how the WM template looks. Which means for the time being im stuck with Imail 6 (meaning I cant use WHITELIST AUTH - yet). Its ok, I'm sorted now. As you answered my original question by stating most mail clients will fail the CMDSPACE test. Therefore nothing wrong with Declude, so that's fine. I just wanted to check, and then went on to explain my situation. Thanks, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CMDSPACE
They also fail the helobogus. These would not normally be a problem because the vast majority of clients are within our dialup/xDSL or lease line range that is already white listed. This client unfortunately has broadband through another provider! I had a (mini) brain storm and added WHITELIST AUTH to declude, but it didn't work. When I checked the declude release notes it stated you needed Imail 8. We have Imail 8, but it isn't installed yet. Although I've re-branded the web messaging my director does not want to install it until its to his liking. I personally think the standard re-branded web messaging on v8 is better than our v6 customised! I've done all the customising I'm prepared to though... Never mind! I've temporarily white listed the external IP, until I'm allowed to upgrade! Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CMDSPACE
Hello guys, I may be wrong but I think I read somewhere on the list that an email failed the CMDSPACE test when it shouldn't have? Would somebody mind checking these headers to see if this email should have failed the CMDSPACE test also? If you need anything else please let me know, Thanks! Received: from debbie [217.205.147.186] by broxapmawrob.co.uk with ESMTP (SMTPD32-6.06) id AB294F870160; Tue, 23 Mar 2004 12:18:49 + Message-ID: <[EMAIL PROTECTED]> From: "Sheena Singleton" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: test back outbound Date: Tue, 23 Mar 2004 12:19:19 - MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_0005_01C410D1.1151CF80" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPFPASS (Junk)
SPF does not prevent SPAM, only spoofing - which in turn can reduce spam. I don't even run the SPFPASS test because I think its quite pointless. If I receive an SPFFAIL on the other hand I block the email straight away - don't even bother weighting it. If a spammer adds SPF to their own domain, when you know its a spammers domain you can blacklist it. That makes them easier to blacklist before they go buy another domain. And you would only be blacklisting the domain, not an ISP with many other innocent users. -Original Message- From: Colbeck, Andrew [mailto:[EMAIL PROTECTED] Sent: 19 March 2004 20:49 To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] SPFPASS (Junk) Makes perfect sense to me. Everyone, including ROKSO spammers, can benefit from implementing SPF defensively, resulting in a valid SPFPASS. And *their* doing so dilutes the incentive for antispammers to reward those who implement SPF defensively, which in turn dilutes SPF. As noted in the last 2 weeks, current wisdom is to add points to those senders that trigger a SPFFAIL, and that rewarding a SPFPASS or SPFUNKNOWN will reveal no joy. Andrew 8) -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: Friday, March 19, 2004 12:25 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPFPASS (Junk) So zombie spamers forge Habeas, and ROKSO spammers give themselves SPF records. Not a surprise. You can't stop them from doing this, so I might suggest not crediting any points to those that pass. Matt Frederick Samarelli wrote: This is the offending header. Received: from mail13.americanfamilydeals.com ([69.56.11.46]) by DNS2.tcbinc.net (SAVSMTP 3.1.3.37) with SMTP id M2004031909522726515 for <[EMAIL PROTECTED]>; Fri, 19 Mar 2004 09:52:29 -0500 Message-ID: <[EMAIL PROTECTED] > Date: Fri, 19 Mar 2004 08:52:30 -0600 (CST) From: "Point.com" <[EMAIL PROTECTED]> Reply-To: American Family Deals <[EMAIL PROTECTED]> To: Nancy Gladwell <[EMAIL PROTECTED]> Subject: [~23]Cell Phone, Accessories & Shipping at NO Cost Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=_Part_1277094_8887513.1079707950959" X-nb: zspttavsabivfviftpfnfnnn maifvvbmwpmfifmpa pmfwstssn X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. [2-3-1800] X-RBL-Warning: SNIFFER: Message failed SNIFFER: 63. [2-6-3000] X-RBL-Warning: SPFPASS: SPF returned PASS for this E-mail. [2-17-8800] X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from mxllvniqnx.americanfamilydeals.com, a potential spam source listed in MAILPOLICE-BULK. [2-26-d000] X-RBL-Warning: SBL-XBL: "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL9613"; [2-33-10800] X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 426, weight 3) [2-57-1c800] X-Declude-Sender: [EMAIL PROTECTED] [69.56.11.46] X-Declude-Spoolname: D09300e8a005e2c5b.SMD X-RBL-Warning: Total weight: 23 X-Note: Sent from: [EMAIL PROTECTED] X-Note: Sent from Reverse DNS: mail13.americanfamilydeals.com ([69.56.11.46]). X-Note: This E-mail was scanned by TCB [1.78i21] for virus. --=_Part_1277094_8887513.1079707950959 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable This message contains an HTML formatted message but your email client does = not support the display of HTML. Please view this message in a different ma= il client or forward this email to a web-based mail system. --=_Part_1277094_8887513.1079707950959 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 19, 2004 11:46 AM Subject: Re: [Declude.JunkMail] SPFPASS (Junk) What do we do when we find Junkmail passing the SPF Test. Is there a place to report it. It should be treated the same way as regular spam that you would report, but there is a big exception here: you can almost certainly find someone responsible that allowed the spam through. If you have the headers, feel free to post them here. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at h
RE: [Declude.JunkMail] WARN
So they are - apologies. Didn't think they'd be there because that's the email from my server, but I guess it makes sense. > -Original Message- > From: R. Scott Perry [mailto:[EMAIL PROTECTED] > Sent: 18 March 2004 17:26 > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] WARN > > > > >In the spamattach.eml file, we are displaying the %HEADERS% > but these > >do not include the WARNing with the code, and when I open the email > >attached and view the internet headers they're blank. > > > >Anyway of being able to find out the BADHEADER codes etc? > > Those should appear in the headers of the actual E-mail that > is received > (the one containing the spam in the attachment). > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers > since 2000. > Declude Virus: Ultra reliable virus detection and the leader > in mailserver > vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WARN
There are certain domains that we used to use the WARN action for say the BADHEADERS test, and the warning would give you a little code to find out what exactly was wrong with the header. The WARN action on this test is still there, but another one of the tests uses the ATTACH action. In the spamattach.eml file, we are displaying the %HEADERS% but these do not include the WARNing with the code, and when I open the email attached and view the internet headers they're blank. Anyway of being able to find out the BADHEADER codes etc? Thanks, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Block on HELO
> -Original Message- > From: Kevin Bilbee [mailto:[EMAIL PROTECTED] > Sent: 17 March 2004 22:03 > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Block on HELO > > > Yes, it would do the trick. As long as they never travel, > dial another ISP, and use your server. > > Kevin Bilbee > In that case they would AUTH. I just wanted to make sure that if the whitelist on my IP range didn't work - and it explicitly had to by Auth, then I'd have to get all my clients to re-config. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Block on HELO
> -Original Message- > From: Matt [mailto:[EMAIL PROTECTED] > > I think the important lesson is to understand that there are often > exceptions. This filter has hit some of my customers who have boxes > doing automated notifications with their own SMTP engine (such as > Windows 2003), and if you gateway for customers, you either need to > whitelist their server or exclude them from this list. I use an IS > match to limit the potential of false positives. > So would the WHITELIST for my IP range (that my clients use) do the trick or would I explicitly need WHITELIST AUTH and have my clients use SASL? Cheers Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Block on HELO
Yes Kevin I think you would be right. A Netscape/Mozilla user sending mail through another ISP for a domain on my server may pass the 'sending' domain in its HELO to the server, but that server should then not pass the same onto my server - if it did I guess that ISP would have big problems. And if a local user was using Netscape, there would be no reason for them not to SMTP AUTH, meaning they'd be whitelisted. Mat would you agree? Kevin, as I whitelist my IP range anyway, would I need the WHITELIST AUTH? If the 'Netscape/Mozilla' user were in that range? -Original Message- From: Kevin Bilbee [mailto:[EMAIL PROTECTED] Sent: 17 March 2004 20:55 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Block on HELO If an ISP SMTP server is dynamically changing their HELO to what it receives from the cleint then the ISP has the issue. The hello from an ISP should be a valid host name with an IP address or the ISP's domain name with an MX record. I have been running the HELO test since DECLUDE started supporting IMail auth and have 0 reported incidents of a false positive. All the articles I read all say the same thing use SMTP auth when filtering the HELO on local domain names. Kevin Bilbee Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Block on HELO
> If you have a client that say for instance is being blocked > on port 25, they may have Netscape configured with their > E-mail address from your server, but they would be using the > SMTP server of their ISP. The HELO is often passed intact > from the client to the destination. Really? I didn't know that. I thought the HELO represented the FQDN of the sending server - didn't think it was passed along the chain from the client. What a pain! Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Block on HELO
> While you are att it you will also see many spoofs of you domain name > > I would also suggest adding > > HELO xx IS mydomainname > > Kevin Bilbee Good thinking, thanks. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Block on HELO
I've seen a few spams that use the IP address of my server (the receiving server) as their HELO: Received: from 194.164.103.70 [219.128.180.36] by mail.uksubnet.net (SMTPD32-6.06) id AB451525028C; Wed, 17 Mar 2004 04:59:49 + 194.164.103.70 is my IP address, they use it, but are really in this case 219.128.180.36. Is there any way I can use Declude to block this? Thanks! Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RBL PTR responses
Would adding the following in the global.cfg cause Declude any problems? What I'm trying to achieve is to use the same 'rule name' in all the per domain configs for the multiple responses, with some exclusions (like DUL - Note 127.0.0.2 is not listed among the FIVETEN's and 127.0.0.10 is not listed among the SORBS). Also if Declude sees that multiply ip4r tests are queries on the same host, in the case below would it perform 20 queries or 2? FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.1 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.3 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.4 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.5 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.6 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.7 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.8 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.9 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.10 0 0 FIVETEN ip4rblackholes.five-ten-sg.com 127.0.0.11 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.2 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.3 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.4 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.5 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.6 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.7 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.8 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.9 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.11 0 0 SORBS ip4rdnsbl.sorbs.net 127.0.0.12 0 0 Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF test on declude tools
Hi Scott, Just trying to test the SPF rule on one of my domains, and set the SPF record to -all (so that any email from that domain should be an SPFFAIL. However my IP range is white listed so I can't test it. Would it be possible for you to add an SPFPASS and SPFFAIL to your "Test Spam Sender" (http://www.declude.com/tools/spamsend.html)? Might be useful to others. Thanks, Lyndon Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF actions
> If the SPF processing produces a result of PASS, then the > SPFPASS test will > be triggered. If the SPF processing produces a result of > FAIL, then the > SPFFAIL test will be triggered. Anything else will not > trigger either of > those tests. So if there is a match on: ~ softfail + pass ? neutral It will be SPFPASS. If there is a match on: - fail (ie the -all) It will be SPFFAIL Thanks Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF actions
In the global.cfg file the two lines I've added for SPF are: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 What I would like to know is what SPF responses fall under the SPFFAIL, and SPFPASS rules. IE if an email positively fails an SPF test I would want to simply DELETE the email. I assume a positive fail would be 'SPFFAIL'? If a domain does not have any SPF records, or the query times out - would this also be a SPFFAIL or an SPFPASS? Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Server Recommendation
> It turns out > that several of the tests provided in the original config > have since been turned off (no this is not Scotts or Decludes > fault, its our fault/problem for just not having enough time > to read up everything for every single server we have). So we > removed all of the monkeylists etc and just left on ORDB and > spamcop for DNS tests. Are the Monkey definitely list no longer working then? Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT SPF poll
After reading up on SPF, Caller-ID and Domain Keys, I'm backing SPF! I prefer SPF over caller-id because is looks like SPF is being pushed by the internet community in general, making it easy to adopt by all. Caller-id on the other hand is being developed and pushed my Microsoft (trying to take over the world! lol). Caller-id seems to be unnecessarily longer txt fields compared to SPF, and also unnecessarily using XML (language written by MS!) I also prefer SPF over Domain Keys because Domain Keys seem slightly more unnecessarily complex, with a greater overhead and harder to implement. Does not have the same issues with mail forwarding as SPF does, but I believe those issues can still be overcome with SPF. Regards, Lyndon Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF
> There is also nothing stopping a static bulk mailer from > implementing SPF on their own system, and to my knowledge, > there is no way to stop that from happening. That is correct. As somebody else has said passing the SPF does not mean the email isn't spam, and as SPF states it is aimed to work in line with existing black lists. In that scenario it would prevent the spammer from hijacking somebody else's domain. And as you said, if static bulk mailers implemented SPF on their own domains, they'd be somewhat easier to blacklist. > To each their own of course. I'm just trying to document > some of the issues that people should look out for when > implementing SPF for their domains, and scoring it on their systems. I'm sure your input is appreciated, the replies you have generated from other members of the list have helped me see more pros in SPF in the number of ways it is beneficial. You have certainly prompted more of a discussion which may have helped other people on the list understand, or made aware of SPF. Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF
> Also to add to Matt's comments a lot of problems also come up > with web forms. This is one reason we have not yet > implemented SPF for our server.. Have not taken the time to > figure out .. Wouldn't this be similar to a mail forwarder? Whereby implementing an SRS system would get round the issue? (http://spf.pobox.com/srs.html) Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF
> > I get a lot of E-mail that would fail SPF that is in fact valid. A > > lot of mail scripts and E-commerce sites are set up to send E-mail > > notifications with the Mail From generated from a user submission > > (since one can just simply press reply in order to respond). > > Many e-commerce sites do this type of stuff improperly. They > should use an address from their site as the from with the > reply-to header for where you ar to reply to. I'd agree. Admittedly that's not how our own sites are set to work right now but I'd change them to confirm to new standards aimed at improving email authenticity and reducing spam. The internet community has to be proactive and cooperative if things are to improve. > > Also, some of my own customers are blocked by their ISP's > from using > > my mail server for SMTP, which means that if I configured > SPF strictly > > for their domains, they would fail this test wherever implemented. > > You could setup port forwarding for the users that are > blocked so their mail goes out your server. So instead of > using port 25 to send mail they could use port 925 for > example. The ISP probably is not blocking this. I'd accept this as an issue, but I'd say this one is down to the client. The client should be advised to choose an ISP who supports pro-active measures for reducing spam and improving email authenticity, or accept the fact that their emails may not be delivered to some companies/ISPs. This would be similar to clients who use ISPs that are black listed for whatever reason, or their own server is open relay, and then whinge when their emails don't get through. Alternatively you could add the IP range of their ISP to their domain records that you host - better than nothing. > > If you opt to use SPF on your system, take advantage of the > weighting > > capabilities of Declude, and I would suggest at most being very > > cautious about how much weight you give it. If a domain is using SPF, and an email is received from an invalid client IP, you should have the option to reject before receiving. However in the case with some of your domains, you'd probably use the neutral or pass all mechanism, allowing others to accept the email but apply a weighting to it. Wouldn't you agree? It's a two way thing, 1) up to the receive to decide how stringent they want to be 2) up to the hostmaster/postmaster to decide what other people should do with emails received from their domain not passing the SPF test. Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF
There are four, - fail, ~ softfail, + pass & ? Neutral. There are also: error (if the DNS fails) unknown (if the syntax is unrecognised) none (if there is no SPF info) How do these difference responses work? Apologies if these have already been covered... -Original Message- From: Kevin Bilbee [mailto:[EMAIL PROTECTED] Sent: 11 March 2004 18:37 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF Scott I remember an issue with SPF that does not fall into pass or fail but if they use the ? in the spf record the email may be a maby. Has this been resoved? Or am I understanding it improperly? I do not want to negative weight a maby if it falls into the pass category. I know I do not have to negative weight and can use the fail only. Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry > Sent: Thursday, March 11, 2004 10:03 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] SPF > > > > >First I'd heard about SPF. Sounds like a way forward! > > > >On the SPF site is says SPF is supported by Declude, how can I begin > >to check inbound emails for SPF? > > Here's a copy of my original post. The latest beta version (1.78) and > recent interims have the SPF support. > > --- > For those that are interested, we now have an interim release with SPF > support in it. [interim information removed] To use the new SPF test, > you can add lines such as: > > SPFPASS spf passx -5 0 > SPFFAIL spf failx 8 0 > > to your global.cfg file. SPF returns "PASS" for E-mail that passes > SPF (that comes from an IP that is acceptable to the owner of the > domani that it claims to be coming from), "FAIL" for E-mail that fails > SPF (that does not come from an acceptable IP for the domain), or > "UNKNOWN" (for E-mail from domains that do not use SPF yet, or for > some other reason should return UNKNOWN). > > This will help reduce false positives (for domains that have SPF > support), and help capture more spam (as spam comes in from domains > that have SPF support, but the spammer isn't using an acceptable IP). > --- > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers since 2000. Declude Virus: Catches known viruses and is > the leader in mailserver vulnerability detection. > Find out what you've been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF
That's a real shame! If you received a negative response from an SPF participating domain, you should be able to reject the message straight off. That way you aren't left 'carrying the can' so to speak, and the email gets stuck with the HiJacked server or the spammer. Similar to how AOL reject connected if the rev DNS lookup fails. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF
You can use SPF to just check. But it would work best when you do both. Otherwise if nobody implemented, nobody would have anything to check against - catch 22. By implementing you also protect your own domain(s) from being spoofed (providing the recipient checks against SPF). The more publicity SPF gets and the more IT bods that implement it, the better everything will get (in my opinion). -Original Message- From: John Carter [mailto:[EMAIL PROTECTED] Sent: 11 March 2004 18:28 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF Forgive the ignorance. To use the SPF test, do we have to have implemented SPF ourselves or can it be used to check against those who have? Thanks, John --- For those that are interested, we now have an interim release with SPF support in it. [interim information removed] To use the new SPF test, you can add lines such as: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 to your global.cfg file. SPF returns "PASS" for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to be coming from), "FAIL" for E-mail that fails SPF (that does not come from an acceptable IP for the domain), or "UNKNOWN" (for E-mail from domains that do not use SPF yet, or for some other reason should return UNKNOWN). This will help reduce false positives (for domains that have SPF support), and help capture more spam (as spam comes in from domains that have SPF support, but the spammer isn't using an acceptable IP). --- -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT SPF SRS
What is the best way to implement SRS in Imail? Maybe one for the Imail list (or SRS somewhere). Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF
Thanks for that Scott! One more question, In the event we want to reject an email that fails the SPF test for a SPF participating domain, is Declude able to reject incoming emails before receiving the message body? IE terminate the SMTP connection? Regards, Lyndon. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: 11 March 2004 18:03 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF >First I'd heard about SPF. Sounds like a way forward! > >On the SPF site is says SPF is supported by Declude, how can I begin to >check inbound emails for SPF? Here's a copy of my original post. The latest beta version (1.78) and recent interims have the SPF support. --- For those that are interested, we now have an interim release with SPF support in it. [interim information removed] To use the new SPF test, you can add lines such as: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 to your global.cfg file. SPF returns "PASS" for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to be coming from), "FAIL" for E-mail that fails SPF (that does not come from an acceptable IP for the domain), or "UNKNOWN" (for E-mail from domains that do not use SPF yet, or for some other reason should return UNKNOWN). This will help reduce false positives (for domains that have SPF support), and help capture more spam (as spam comes in from domains that have SPF support, but the spammer isn't using an acceptable IP). --- -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: SPF [Declude.JunkMail]
First I'd heard about SPF. Sounds like a way forward! On the SPF site is says SPF is supported by Declude, how can I begin to check inbound emails for SPF? Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude, Outlook 2003 and Spamheadersfailed?
Amazing! -Original Message- Yes. Apparently, a small percentage of their customers complained that the Message-ID: header included information they did not want others to see. Instead of adding an option to either disable the Message-ID: header or alter the content used in it, they opted to remove it completely, with the understanding that all Outlook 2003 customers are more likely to have their E-mail tagged as spam than they otherwise would. -Scott Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bonded senders
The concept behind BONDEDSENDER seems to be the same as HABEAS. But if I understand things correctly, Declude can not treat the two in the same way. To use HABEAS headers you simply enter WHITELIST HABEAS in the global.cfg. And by using this an email could fail every rule you have (but pass the HABEAS) and get through. Lets say you have certain actions that block on rule (not weighting), using the BONDEDSENDER rule you can not whitelist but only reducing the weighting? Scott, is there a way of WHITELISTING a positive BONDEDSENDER? Like you do with HABEAS? Regards, Lyndon. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Message routing question
Its the OE Rule you need to re-write. With the later versions of OE you have a condition that's is 'Where the message is from the specified account'. So in Tools>Accounts>Mail you'd have one profile/account to download from the main mailbox, and another for downloading from the spam mailbox. Instead of setting up a rule the looks at the To: field, get the rule to perform the action based on 'Where the message is from the specified account'. Hope that makes sence? Regards, Lyndon. -Original Message- From: Dave Doherty [mailto:[EMAIL PROTECTED] Sent: 09 March 2004 16:13 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Message routing question Hi, I need to find a way to route email to a spam folder in a client's Outlook Express setup. I had him set up two POP boxes, [EMAIL PROTECTED] and [EMAIL PROTECTED] (which OE combines into one folder set) and a message rule so that anything addressed to [EMAIL PROTECTED] is routed into a spam folder. This works fine, as I can send mail to user or user-spam and the message winds up in the right place. I divert his messages at WEIGHT20. I tried WEIGHT20 MAILBOX SPAM, and the message goes into the user-spam folder on the server, but the "to" address is not changed, so it winds up in his main mailbox in OE. I tried WEIGHT20 ROUTETO [EMAIL PROTECTED], figuring that would force a rewrite of the to address, but I got the same result - it came in still addressed to [EMAIL PROTECTED] Ideas, anyone? -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) Email checked by UKsubnet anti-virus service To prevent email abuse & block spam contact [EMAIL PROTECTED] Tel: +44(0)8712360301 Web: www.uksubnet.net Fax: +44(0)8712360300 Powered by UKsubnet Internet Service Provider Business to Business Internet (ISP) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.