from:"Paul Fuhrmeister"

[Declude.JunkMail] Spam Domains File Format

2005-08-10 Thread Paul Fuhrmeister

Title: Message



What is the file format 
for the spamdomains.txt file? 
 
I'm looking at the file 
but can't figure it out and can't find a description of the format anywhere. 

 

Paul 
Fuhrmeister

[Declude.JunkMail] if there's a "?" in the X-Declude-Sender

2004-11-17 Thread Paul Fuhrmeister

Here's the X-Declude-Sender in a spam message. It includes my domain name
and a "?":

X-Declude-Sender: [EMAIL PROTECTED]
[65.249.245.10]

How would one add weight if there's a "?" in the X-Declude-Sender? I assume
this is a valid test to add weight.

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Filter File - Maximum Size?

2004-10-07 Thread Paul Fuhrmeister

Yes, it does get caught. 

Our filtered word list includes vagra

If the program does not see vagra before stripping non-alpha characters, but
does after stripping, the subject line fails. 

We have only 38 words in our list, here's the last of it:

valium
valum
Vcodin
vagra
viagr
viagra
Vicdin
VICODIN
xanax
xanex
xanx
xnx

PF

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Thursday, October 07, 2004 2:34 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Filter File - Maximum Size?

One of the most common misspellings I see is v1agra.  According to your
logic, this wouldn't get caught, would it?

Perhaps amend the test to do some standard replacements of numbers with
letters? For example,

0 -> o
1 -> i
3 -> e
5 -> s
8 -> a

Darin.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Filter File - Maximum Size?

2004-10-07 Thread Paul Fuhrmeister

We wrote an external program that

1. Works with Declude as an external filter, 
2. reads the email and picks out the subject line, 
3. reads a very short list of words from a text file,
4. looks for the words in the subject line, then
5. strips all of the non-alpha characters out of the subject line (including
numbers and spaces),
6. looks for the words in the subject line AGAIN,
7. returns a DOS error number ONLY if a banned word appears AFTER stripping
out the non-alpha characters, and
8. keeps a log file identifying each message that failed and why.

It only leaves about 5 ways to spell viagra. The after but not before test
avoids false positives. We weight it 20 on our 20 point scale, but we're not
aggressive with our word list. 
 
You have to be careful with your word list because we strip the spaces, some
words are contained in other words, etc.

I guess you could change it up and check the first 250 characters of the
message body or something, but it doesn't deal with html.

I can post the source code if anyone's interested (it' Visual Basic complied
to an exe).

Paul Fuhrmeister
[EMAIL PROTECTED]

 




From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Aaron Moreau-Cook
Sent: Tuesday, October 05, 2004 6:51 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Filter File - Maximum Size?


Thanks for the response. We are already using Sniffer; if a message triggers
Sniffer we give the e-mail 60% of our delete weight. This works great, trust
me... but I'm sick and tired of seeing w^^o_r-d#s l-!+k^e this in my hold
queue.
 
The problem is, how many ways can you spell a word? How many ^,*,$,#, and
other characters can you put into a word to slip by Sniffer? Apparently
there are 360,000 to spell Viagra by inserting these characters (and others)
and changing certain letters to numbers.
 
I'm frustrated by spammers, I know we all are so I'm just trying to find out
if this is *even* a viable way to help declude stop spam.
 
Thanks
 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] WhiteList FILES Question

2004-07-21 Thread Paul Fuhrmeister

1. We have multiple domains, and want each to be able to create their own
white list

2. We have a program that copies the $default$.junkmail files out to the per
domain directories so making changes is easy.

To make this easy on us, 

If we use: WHITELISTFILE mywhitelist.txt

instead of: WHITELISTFILE D:\IMail\Declude\mywhitelist.txt

Will Declude search in the same (per domain) directory as the
$default$.junkmail file, or do we have to manually edit the 25 different
$default$.junkmail files?

[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, July 21, 2004 9:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] WhiteList FILES Question


>I am not clear on the WhiteListFiles option.
>...
>Using the WhitelistFiles option, my would look like this?
>
>WHITELISTFILE D:\IMail\Declude\mywhitelist.txt
>AHBLWARN
>DSBLMulti   WARN
>CBL WARN
>DSBLWARN
>ORDBWARN
>
>... Etc ...

Correct.  Declude JunkMail will then look at the
D:\IMail\Declude\mywhitelist.txt file and whitelist any E-mail coming from
an address/domain listed in there.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] WhiteList FILES Question

2004-07-21 Thread Paul Fuhrmeister

Using JunkMail Pro,

I am not clear on the WhiteListFiles option. 

My $default$.junkmail file currently looks like this:

AHBLWARN
DSBLMulti   WARN
CBL WARN
DSBLWARN
ORDBWARN

... Etc ...

Using the WhitelistFiles option, my would look like this?


WHITELISTFILE D:\IMail\Declude\mywhitelist.txt
AHBLWARN
DSBLMulti   WARN
CBL WARN
DSBLWARN
ORDBWARN

... Etc ...

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Njabl test?

2004-07-20 Thread Paul Fuhrmeister

I notice the njabl test is not a "standard" test in the sample Declude
JunkMail config file:

# The following tests are commented out by 
  default because they are not commonly used
# NJABL  ip4r  dnsbl.njabl.org  127.0.0.2  5  0

Is this test worth the machine time doing the lookup?

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Reconfiguring sorbs.net tests

2004-07-20 Thread Paul Fuhrmeister

I currently have 9 sorbs.net lookups:

SORBS-HTTP  ip4rdnsbl.sorbs.net 127.0.0.2   5   0
SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3   5   0
SORBS-MISC  ip4rdnsbl.sorbs.net 127.0.0.4   5   0
SORBS-SMTP  ip4rdnsbl.sorbs.net 127.0.0.5   5   0
SORBS-SPAM  ip4rdnsbl.sorbs.net 127.0.0.6   4   0
SORBS-WEB   ip4rdnsbl.sorbs.net 127.0.0.7   5   0
SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8   5   0
SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9   5   0
SORBS-DUHL  ip4rdnsbl.sorbs.net 127.0.0.10  4   0

It seems I can replace these 9 lookups with 1:

rhsbl.sorbs.net - Aggregate zone (contains all RHS zones)

Would the new config file line would look like this? (replacing the ip
numbers with a *)?

SORBS-DUHL  ip4rdnsbl.sorbs.net *   4   0

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] accept email ONLY from white listed senders

2004-05-13 Thread Paul Fuhrmeister

Cross post from Imail list:

We set up a domain (IMGate / Declude / Imail 8.11) at an IP Number.

We want it to accept email ONLY from white listed senders using Imail's
anti-spam feature so the customer can maintain the white list. 

Has anyone done this? Does anyone have any ideas how to do it?
 
Paul Fuhrmeister
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] accept email ONLY from white listed senders

2004-05-13 Thread Paul Fuhrmeister

Cross post from Imail list:

We set up a domain (IMGate / Declude / Imail 8.11) at an IP Number.

We want it to accept email ONLY from white listed senders using Imail's
anti-spam feature so the customer can maintain the white list. 

Has anyone done this? Does anyone have any ideas how to do it?
 
Paul Fuhrmeister
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] OT: disabling NDR's/badmail dir with Microsoft SMTP

2004-05-11 Thread Paul Fuhrmeister

Just write a bat file to rotate and delete the files, then "schedule" it. 

ren Badmail_07 Badmail_08
ren Badmail_06 Badmail_07
ren Badmail_05 Badmail_06
ren Badmail_04 Badmail_05
ren Badmail_03 Badmail_04
ren Badmail_02 Badmail_03
ren Badmail_01 Badmail_02
ren BadmailBadmail_01
md  Badmail

del /q Badmail_08
rd  Badmail_08



Paul Fuhrmeister
[EMAIL PROTECTED]

 

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of decjunkmail
> Sent: Saturday, May 08, 2004 12:36 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] OT: disabling NDR's/badmail dir 
> with Microsoft SMTP
> 
> Hi,
> 
> I'm setting up Microsoft SMTP mail server as an outbound 
> gateway/offload and I've noticed that failed NDR's ultimately 
> pile up in a "badmail" directory.
> 
> Is there a regkey setting to configure MS SMTP to simply 
> bit-bucket those instead of creating a growing folder that 
> must be cleaned out periodically?
> ---
> [This E-mail was scanned for viruses by Declude Virus 
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To 
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and 
> type "unsubscribe Declude.JunkMail".  The archives can be 
> found at http://www.mail-archive.com.
> 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Blocking Sender

2004-05-03 Thread Paul Fuhrmeister

I want to block anything sent from onlinelifetime.com. I could use


BLACKLIST  fromfile  C:\iMail\Declude\blacklist.txt  x  50  0 

Or

BLOCKSENDER  filter  C:\IMail\Declude\BlockSender.txt  x  0  0
(
BlockSender.txt: 
HEADERS  50  CONTAINS  @onlinelifetime.com
HEADERS  50  CONTAINS  .onlinelifetime.com
)

It seems to me the second way would work better, catching anything the first
filter would catch, and anything sent through onlinelifetime servers, even
if they change the reply-to address. 

Why would one use a blacklist fromfile instead of a headers filter file? Is
there a performance or CPU difference?


Paul Fuhrmeister
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Processing Order

2004-04-22 Thread Paul Fuhrmeister

I am looking at the Processing Order from the JunkMail manual

> 1. IMail's Control Access file (to block IPs)
> 2. IMail's Kill List (to block return addresses)
> 3. IMail v8 anti-spam (most tests)
> 4. Declude Virus
> 5. Declude Hijack
> 6. Declude JunkMail
> 7. IMail's filters and extra IMail v8 anti-spam tests

If I use IMail Antispam to add an X-Header for statistical filtering and
HTML features detection, would Declude JunkMail see it? Or are those IMail
tests after JunkMail?


Paul Fuhrmeister
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Comcast.net Spam

2004-04-22 Thread Paul Fuhrmeister

OK, I understand. 

SPAMDOMAINS would fail if they said they were [EMAIL PROTECTED] and
sent through a tvp.ndo.co.uk mail server, 

But does not fail if they say they are [EMAIL PROTECTED] and send
through a comcast.net server.

So, I need to looks at Matt's filter. I am using 1.78+ Pro, but do not
understand the filter Matt referenced earlier 

( 
MAILFROM   END   ENDSWITH   @comcast.net
REVDNS 5 ENDSWITH   client.comcast.net
)

Where is that filtering documented? Archives? 

Paul Fuhrmeister
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Comcast.net Spam

2004-04-22 Thread Paul Fuhrmeister

I have SPAM-DOMAINS setup, my spamdomains.txt file contains

.comcast.
@comcast.  .comcast. 

The messages (headers below) did not fail this test.

Paul Fuhrmeister
[EMAIL PROTECTED]


> You could implement SPAMDOMAINS that would check the "from" 
> and where the message came from to add weight to the message.  
> Seems to work well when you don't get DNS timeouts (which I 
> have been having problems with lately).


An email is "from" [EMAIL PROTECTED] [24.5.121.88] AND was received
from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88]

Is there a way to add weight when
- received from client.comcast.net BUT sender is not "@comcast.net"


Here are example headers:

Received: from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88])
by mail17.**.com (Postfix) with SMTP id 858D630F4B;
Wed, 21 Apr 2004 21:25:31 -0500 (CDT)
(envelope-from [EMAIL PROTECTED])
Message-ID: <[EMAIL PROTECTED]>
From: "Tim Salazar" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Pain Pills V.icodin Hy.drocodone Lortab Lorcet Norco
Date: Thu, 22 Apr 2004 01:00:15 +
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-RBL-Warning: DSBL: "http://dsbl.org/listing?ip=24.5.121.88";
X-RBL-Warning: BLOCKTEXT: Message failed BLOCKTEXT test (line 394, weight 7)
X-Declude-Sender: [EMAIL PROTECTED] [24.5.121.88]
X-Declude-Spoolname: D2d2c2f4000be40bf.SMD
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 1049636097


Paul Fuhrmeister
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Comcast.net Spam

2004-04-22 Thread Paul Fuhrmeister

An email is "from" [EMAIL PROTECTED] [24.5.121.88]
AND was received from cib.co.za (c-24-5-121-88.client.comcast.net
[24.5.121.88]

Is there a way to add weight when
- received from client.comcast.net BUT sender is not "@comcast.net"


Here are example headers:

Received: from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88])
by mail17.**.com (Postfix) with SMTP id 858D630F4B;
Wed, 21 Apr 2004 21:25:31 -0500 (CDT)
(envelope-from [EMAIL PROTECTED])
Message-ID: <[EMAIL PROTECTED]>
From: "Tim Salazar" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Pain Pills V.icodin Hy.drocodone Lortab Lorcet Norco
Date: Thu, 22 Apr 2004 01:00:15 +
MIME-Version: 1.0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: 8bit
X-RBL-Warning: DSBL: "http://dsbl.org/listing?ip=24.5.121.88";
X-RBL-Warning: BLOCKTEXT: Message failed BLOCKTEXT test (line 394, weight 7)
X-Declude-Sender: [EMAIL PROTECTED] [24.5.121.88]
X-Declude-Spoolname: D2d2c2f4000be40bf.SMD
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 1049636097


Paul Fuhrmeister
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Processing load on machine

2004-04-22 Thread Paul Fuhrmeister

Since my weights are all so close I could make them the same. 

Is there a way to combined these 8 tests into 1 to determine if it failed
any if the tests? That is, IF NOT 127.0.0.0, or what ever their OK response
is? Does it really matter?

Paul Fuhrmeister
[EMAIL PROTECTED]


>If the following is in the Global.cfg file, is it true that 
>dnsbl.sorbs.net will be queried once and the result will be evaluated 8 
>times?
>
>SORBS-HTTP  ip4rdnsbl.sorbs.net 127.0.0.2   5   0
>SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3   5   0
>SORBS-MISC  ip4rdnsbl.sorbs.net 127.0.0.4   5   0
>SORBS-SMTP  ip4rdnsbl.sorbs.net 127.0.0.5   5   0
>SORBS-SPAM  ip4rdnsbl.sorbs.net 127.0.0.6   7   0
>SORBS-WEB   ip4rdnsbl.sorbs.net 127.0.0.7   5   0
>SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8   5   0
>SORBS-DUHL  ip4rdnsbl.sorbs.net 127.0.0.10  6   0

That is correct.  With old versions of Declude JunkMail -- back when
multiple tests on the same zone first came out -- would make 8 DNS queries.
But recent versions of Declude JunkMail will send just 1 DNS query, and
evaluate the results 8 times.

-Scott
---

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Log analysis and test check scripts

2004-04-22 Thread Paul Fuhrmeister

Thank you Bill and Roger for sharing your excellent work.  

[EMAIL PROTECTED]


> The scripts run under both Windows NT 4 and Windows 2000. They are 
> pure Windows command scripts and therefore not as fast as some of the 
> other log analysis tools. The analyses below took about one minute 
> each in "all" mode.

Took a bit longer on my system but there were 230,000 messages.  In
comparing the results with my program (WAMLOG) they were within 0.2%!  

Your program:

WEIGHT10 218863
WEIGHTdel 207491 

My Program:

WEIGHT10 218866
WEIGHTDEL 207493

I didn't know command script was so powerful.  Only about 100 lines of code!
I wrote my program in C++ and it took about 300 lines of code :)

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Processing load on machine

2004-04-21 Thread Paul Fuhrmeister

If the following is in the Global.cfg file, is it true that 
dnsbl.sorbs.net will be queried once and the result will be 
evaluated 8 times?

SORBS-HTTP  ip4rdnsbl.sorbs.net 127.0.0.2   5   0
SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3   5   0
SORBS-MISC  ip4rdnsbl.sorbs.net 127.0.0.4   5   0
SORBS-SMTP  ip4rdnsbl.sorbs.net 127.0.0.5   5   0
SORBS-SPAM  ip4rdnsbl.sorbs.net 127.0.0.6   7   0
SORBS-WEB   ip4rdnsbl.sorbs.net 127.0.0.7   5   0
SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8   5   0
SORBS-DUHL  ip4rdnsbl.sorbs.net 127.0.0.10  6   0

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Store and Forward - Outgoing Actions

2004-03-29 Thread Paul Fuhrmeister

Thanks Scott.

I think I understand. I guess I'll wait and see what happens.  

[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, March 29, 2004 4:33 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Store and Forward - Outgoing Actions


When an E-mail arrives, Declude JunkMail will use the configuration file(s)
for the recipients, not the senders.  For E-mail where a recipient is not
local, Declude JunkMail will use the outgoing actions, which are the ones in
the \IMail\Declude\global.cfg file.

The \IMail\Declude\example.com\$default$.JunkMail file will be used for
E-mail *to* an @example.com user, but not for an E-mail *from* 
an  @example.com user.

The outgoing E-mail settings are global, and cannot be changed per domain.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Store and Forward - Outgoing Actions

2004-03-29 Thread Paul Fuhrmeister

Wesetup Store and Forward (Imail 8.05, Declude JunkMail Pro) and everything
seems to work correctly. 

But, The manual and archives talk about "Outgoing Actions". 

We have a declude/domainname.com directory with a $default$.junkmail file.
Do those tests get performed on the outbound email or is there something
special to make them "outgoing" tests?

Is Declude JunkMail testing ALL of my outgoing email? I don't think I want
it to, just store and forward email.


[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Automatic Whitelisting

2004-03-23 Thread Paul Fuhrmeister

Using JunkMail PRO,

I want to white list an email address for the users of a specific virtual
domain, but not for all virtual domains on the server.

Regarding WebMail:

- Each individual user has their own address book, and
- I can do a domain wide address book by putting it in the /domain/web
directory.

Regarding JunkMail PRO:

- I can white list an email address for a single user by adding it to a
users address book, BUT

- can I white list an email address for a single virtual domain by adding it
to the domain wide address book?

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] black list based on the domain registrants email address?

2004-03-05 Thread Paul Fuhrmeister

I'll explain the issue and then ask the question.

We are having trouble with a spammer who registers new domain names every
day and spams our customers from a DSL line with a dynamic ip. They changes
the text a bit each time, leaving us nothing to filter on except this, from
(unix) whois lookups:

Domain Name: POPSERVERDATA.COM
Administrative Contact: Blanch Willson-> [EMAIL PROTECTED]

Domain Name: TAPESERVPRO.COM
Administrative Contact: Blanch Willson: [EMAIL PROTECTED]

Domain Name: WORKDATASERVERPRO.COM
Administrative Contact: Blanch Willson [EMAIL PROTECTED]

We'd like to dynamically build a black list based on the domain registrants
email address. 

Does anyone have this programmed already?

Any ideas?

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] test if recipient's domain name in the sender address

2004-02-26 Thread Paul Fuhrmeister

Is there a test that tells me if the recipient's domain name is in the
sender address? It seems this would be a good tip-off that it's bulk mail,
AND IF from a DUL OR listed in SpamCop, MailPolice, etc. it's THEN it's
probably spam. 

X-RBL-Warning: AHBL: 1067376393 bruns - Spam Source - acumenmedia.com
X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from bounces.asm61.com, a
potential spam source listed in MAILPOLICE-BULK.
X-Declude-Sender: [EMAIL PROTECTED]
[64.253.207.123]

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] test if recipient's domain name in the sender address

2004-02-26 Thread Paul Fuhrmeister

Let me re-state the point:

If the recipient's domain name is in the left hand side of the sender's
address (to the left of the @) then it's probably from a list server. You
could also look for the word "bounce" in the sender address. 

I don't see how sending through an ISP SMTP server is relevant. 

If it's from a mailing list AND from a DUL or listed in SpamCop or
MailPolice, then it's probably junk.

[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gerald V.
Livingston II
Sent: Thursday, February 26, 2004 11:00 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] test if recipient's domain name in the
sender address

Not a good test. With port 25 blocking becoming more common to force ISP
subscribers to route all email out through the ISP SMTP server the sender
address is likely to show the ISP email address while the From: line will
show whatever email address they normally use depending on the SMTP Auth
setup.

G

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Bonded senders

2004-02-20 Thread Paul Fuhrmeister

Looking on the bondedsender.com web site, I see no where to report things
like this:

Received: from adsl-68-78-114-74.dsl.emhril.ameritech.net
(adsl-68-78-114-74.dsl.emhril.ameritech.net [68.78.114.74])
Received: from ebay.com (data.ebay.com [66.135.195.180])
From: eBay Service <[EMAIL PROTECTED]>
Subject: Ebay Account Update
X-RAV-AntiVirus: This message has been scanned for viruses on
adsl-68-78-114-74.dsl.emhril.ameritech.net
X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=68.78.114.74
X-RBL-Warning: SORBS-DUHL: Dynamic IP Address See:
http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=68.78.114.74
X-RBL-Warning: SPAMCOP: Blocked - see
http://www.spamcop.net/bl.shtml?68.78.114.74
X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED]
X-RBL-Warning: BONDEDSENDER: IronPort Bonded Sender -
http://www.bondedsender.com
X-RBL-Warning: SPAM-DOMAINS: Spamdomain '@ebay.com' found: Address of
[EMAIL PROTECTED] sent from invalid
adsl-68-78-114-74.dsl.emhril.ameritech.net.
X-Declude-Sender: [EMAIL PROTECTED] [68.78.114.74]

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] New CMD space test info

2004-02-19 Thread Paul Fuhrmeister

What version / release do we need to be running to use this test? 

> CMDSPACEcmdspacex   x   8   0

[EMAIL PROTECTED]


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] something I can add weight on?

2004-02-19 Thread Paul Fuhrmeister

I see this in the headers of spam:
 
> Received: from uk2.net (unknown [61.155.209.7])

Is this something I can add weight on? I assume it's a clue. 


[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] ATTACH & ROUTETO action?

2004-01-30 Thread Paul Fuhrmeister

I put this in the $default$.junkmail and it doesn't work. Things get routed
but not attached.

WEIGHT20ATTACH
WEIGHT20ROUTETO [EMAIL PROTECTED]

[EMAIL PROTECTED]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, January 26, 2004 9:23 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] ATTACH & ROUTETO action?


>According to the manual, it seems that only one action can be applied to a
>message. Is this correct? Any way we could get an ATTACH & ROUTETO action?

I believe both the ATTACH and ROUTETO actions can be combined, per the 
"Multiple actions per test" section of the manual.

-Scott

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] ATTACH & ROUTETO action?

2004-01-26 Thread Paul Fuhrmeister

Scott,

We use the ROUTETO action on suspected spam to take it out of the user's
mail stream.

When users forward false positives to me from the abuse box I don't get the
headers. Without the headers I have to do a good deal of work to determine
why the message failed. The users (customers), for the most part, are not
sophisticated enough to get the headers and include them in the email. (The
ones who are sophisticated enough are busy and figure I should do it since
I'm the one who generated the false positive).

It would (1) increase our spam filtering effectiveness, (2) save us a great
amount of time and (3) increase our level of custom service (and
satisfaction) if we could use the ATTACH action AND THEN the ROUTETO action.
So, when a customer forwards a false positive we would get the whole message
with the headers and even a description of why it failed. Most of our work
would be done for us. 

According to the manual, it seems that only one action can be applied to a
message. Is this correct? Any way we could get an ATTACH & ROUTETO action?

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] AOL on SPAMCOP

2004-01-22 Thread Paul Fuhrmeister

SpamCop blocked the ActiveServerPages list at 15seconds.com (which is not a
source of spam):

List-Unsubscribe: 
X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?

The problem with SpamCop is, it's only as reliable as it's users. It would
appear that some of it's users are not very reliable. 

We could all report spam cop to spam cop and they'd probably block
themselves ;)

But we do use them in moderation.

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Address for DNSStuff.com / DNSReport.com

2004-01-19 Thread Paul Fuhrmeister

What is the address we can use for DNSStuff.com and DNSReport.com? I know
this has been on the list a few time, but I didn't save those emails and
can't find it in the archives. 

These two domain names are not working for me. 

> server ns1.easydns.com
Default Server:  ns1.easydns.com
Address:  216.220.40.243

> ls dnsstuff.com
ls: connect: No error
*** Can't list domain dnsstuff.com: Unspecified error

> ls dnsreport.com
ls: connect: No error
*** Can't list domain dnsreport.com: Unspecified error
>

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Combo Test . . .

2004-01-15 Thread Paul Fuhrmeister

Scott,

If I could assign a weight to a combination of tests . . . 

Specifically, if a message fails both SpamCop and NOLEGITCONTENT (meaning it
has no legitimate content) it is almost certainly junk.

SpamCop ID's more spam than anything else, but the flip side of that is
false positives. 

I guess I could add weight for NOLEGITCONTENT, but if we could "COMBO" tests
. . .


[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Host Alias Question

2003-12-19 Thread Paul Fuhrmeister

Yes, I have per-domain settings. 

I do not scan their mail for spam unless they pay for it. So, I turn the
domains on individually. 

I assume I need to set up each individual domain in Declude. 

[EMAIL PROTECTED]

> 
> You will only need to do something special if you set up per-user or 
> per-domain settings.
> 
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail 
> mailservers. Declude Virus: Catches known viruses and is the 
> leader in mailserver 
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day 
> evaluation.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Host Alias Question

2003-12-19 Thread Paul Fuhrmeister

I'm confused.

I have :

  >Official Host Name: TripleBDomain.com
  >Host Aliases: 3BDomain.com, 3BD.com

Some users use the TripleBDomain.com domain name for their email 
([EMAIL PROTECTED] and [EMAIL PROTECTED])

Other users use the 3BD.com domain name:
([EMAIL PROTECTED])

Yet another uses [EMAIL PROTECTED]

All on the same virtual server using Host Aliases.

Do I need to set up Decule for each domain name or does setting Declude up
on the Official Host Name cover them all?

[EMAIL PROTECTED]


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of R. 
> Scott Perry
> Sent: Friday, December 19, 2003 1:57 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] Host Alias Question
> 
> 
> 
> >I have a mail domain with three different domain names:
> >
> >Official Host Name: TripleBDomain.com
> >
> >Host Aliases: 3BDomain.com, 3BD.com
> >
> >Do I need to set up Decule Virus and Junk Mail for each domain name?
> 
> That depends on what you are doing.  For a default 
> installation, you don't 
> need to do anything -- all mail to/from those domains will be scanned.
> 
> However, if you are setting up per-user or per-domain 
> settings in Declude 
> JunkMail, you should use the official name (unless the 
> address is a user 
> alias, in which case the domain used in the user alias will 
> be used, but 
> that *should* be the same as the official name).
> 
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail 
> mailservers. Declude Virus: Catches known viruses and is the 
> leader in mailserver 
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day 
> evaluation.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Host Alias Question

2003-12-19 Thread Paul Fuhrmeister

I can not find this in the archive . . . 

I have a mail domain with three different domain names:

Official Host Name: TripleBDomain.com

Host Aliases: 3BDomain.com, 3BD.com

Do I need to set up Decule Virus and Junk Mail for each domain name?

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Filtering (Pro version)

2003-08-14 Thread Paul Fuhrmeister

On the Filtering (Pro version) - create your own filters, similar to the
filters in IMail,

1. Is there a space character like iMail filters (/s)
   For example:
   BODY  3  CONTAINS  /ssex/s

2. Realistically, how many rules can you put in a "filter" file.

[EMAIL PROTECTED]


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] White list question

2003-03-25 Thread Paul Fuhrmeister

We have a customer who subscribes to a real estate service that sends info
via a list serv. The messages are being diverted because they fail a few too
many tests. 

How do we white-list list serv messages when they come from the subscribers,
not from the list?

Here are some headers:

From: "preston whisenant" <[EMAIL PROTECTED]>  Save Address 
Received: from lists2.texasstar.net [63.214.164.124] by LandDeals.com
  (SMTPD32-6.06) id AB5E4270284; Tue, 25 Mar 2003 15:53:02 +
X-Originating-IP: [67.234.71.122]
X-Originating-Email: [EMAIL PROTECTED]
To: "CIBList" <[EMAIL PROTECTED]>


[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Whitelisting Discussion Groups?

2003-03-17 Thread Paul Fuhrmeister

We are having trouble white-listing a couple of YahooGroup Discussion
Groups. 

The messages are not from the group, they are from the group members,
and they often fail our spam tests for various reasons.  

How would one go about white-listing a specific YahooGroup (or other)
discussion group? 

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: Re[2]: [Declude.JunkMail] Windows API call to WINSOCK.DLL

2003-01-30 Thread Paul Fuhrmeister

> > The  project  is to set up a dns server to list spam-vertised domain
> > names, plus all of the opt-in services domain names.
>
> Right.  And  are  you  successfully  updating  the name server at this
> point?  This  was  some  of  the  confusion:  some  people were giving
> suggestions for DNS server APIs, others for DNS client functions.

Exactly, we have the program updating a name server, no problem there.

>
> > You  point the program to this name server, look up the domain name,
> > if it resolves, it's a spamvertised domain.
>
> So  your  program's  client application needs to do a GetHostByName(),
> like the RHSBL tests in Declude.

Right again, but we want to use the native Windows API call, which we know
is there, for a few different reasons. We will also want GetHostByAddr
functionality incase we want to index spam-vertised IP numbers.

Using  DNS server appears to be the most scalable way to look these sites up
and make the list available to the industry. Making the list available to
the industry is the key. If people's email gets blocked industry wide
because they spamvertised, then there's some deterant to "legitimate"
businesses spamming, if that's not an oxymoran.

We're thinking of paying for the server, bandwidth, maintence, headackes,
etc. by fining spammers. If you want your domain name off the list you pay a
$50 fine. Maybe three strikes and you're never off the list. Free service to
the industry, make the spammers pay for it. Might pay for it, we'll see.

>
> Sounds  like  the  COM  objects  for ASP, and either COM or direct API
> calls  for  VB,  will  do  the trick. Have all the bases been covered,
> AFAYK?
>
> -Sandy
>

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: Re[2]: [Declude.JunkMail] Windows API call to WINSOCK.DLL

2003-01-30 Thread Paul Fuhrmeister

> > The  project  is to set up a dns server to list spam-vertised domain
> > names, plus all of the opt-in services domain names.
>
> Right.  And  are  you  successfully  updating  the name server at this
> point?  This  was  some  of  the  confusion:  some  people were giving
> suggestions for DNS server APIs, others for DNS client functions.

Exactly, we have the program updating a name server, no problem there.

>
> > You  point the program to this name server, look up the domain name,
> > if it resolves, it's a spamvertised domain.
>
> So  your  program's  client application needs to do a GetHostByName(),
> like the RHSBL tests in Declude.

Right again, but we want to use the native Windows API call, which we know
is there, for a few different reasons. We will also want GetHostByAddr
functionality incase we want to index spam-vertised IP numbers.

Using  DNS server appears to be the most scalable way to look these sites up
and make the list available to the industry. Making the list available to
the industry is the key. If people's email gets blocked industry wide
because they spamvertised, then there's some deterant to "legitimate"
businesses spamming, if that's not an oxymoran.

We're thinking of paying for the server, bandwidth, maintence, headackes,
etc. by fining spammers. If you want your domain name off the list you pay a
$50 fine. Maybe three strikes and you're never off the list. Free service to
the industry, make the spammers pay for it. Might pay for it, we'll see.

>
> Sounds  like  the  COM  objects  for ASP, and either COM or direct API
> calls  for  VB,  will  do  the trick. Have all the bases been covered,
> AFAYK?
>
> -Sandy
>

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Windows API call to WINSOCK.DLL

2003-01-29 Thread Paul Fuhrmeister

The project is to set up a dns server to list spam-vertised domain
names, plus all of the opt-in services domain names. 

This would be a domain name server set up only with spamvertised
domains, the way MAPS and ORDB setup name servers to lookup open relays.

You point the program to this name server, look up the domain name, if
it resolves, it's a spamvertised domain.

[EMAIL PROTECTED]


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sanford
Whiteman
Sent: Monday, January 27, 2003 10:03 PM
To: Paul Fuhrmeister
Subject: Re: [Declude.JunkMail] Windows API call to WINSOCK.DLL


> It's   for  a  project  where  we're  running  a  name  server  with
> spam-vertised domain names, IP Numbers and phone numbers. We have an 
> .exe  to pick them out of emails, now we need to look them up on the 
> name server.

The  ultimate  goal  would be to get the IP address of a spam-vertised
domain  name?  I'm not sure what good would that do for you. You can't
use  that  IP  address  on  a  blacklist,  since  the  chances  of  it
originating   mail   itself   are   infinitesmal  (that's  why  people
spamvertise  from  other  servers,  I'd  think).  If  you want to just
provide  an RBL for hostnames you find in an email body, using the DNS
protocol  is  a  great  idea,  but there's no reason to have a real IP
address associated with the name, just a 127.0.0.2 response or similar
to  signify  whether  the name is listed. You could do likewise for IP
addresses, like the IP4r method does, and even phone numbers if you're
creative.

GetHostByName()   usage   is  pretty  straightforward--there  must  be
hundreds  of  howtos  for VB (though you'll probably need to build/buy
COM object for ASP).

Again, what's the project exactly?

-Sandy

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Windows API call to WINSOCK.DLL

2003-01-27 Thread Paul Fuhrmeister

We need to do a Windows API call to WINSOCK.DLL 
 - GetHostByAddr and
 - GetHostByName

Need to do it in an ASP page and in a server side .exe (VB6).

It's for a project where we're running a name server with spam-vertised
domain names, IP Numbers and phone numbers. We have an .exe to pick them
out of emails, now we need to look them up on the name server.

Can anyone tell us what is the code to do these winsock api call?

Will make all source and system available to everyone.

[EMAIL PROTECTED]


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Virus Name.: [Conflicting Encoding Vulnerability]

2002-12-18 Thread Paul Fuhrmeister

Valid emails are being caught by Declude Virus:

Virus Name.: [Conflicting Encoding Vulnerability]

This seems to happen when someone forwards a good html formatted email.

It's a big issue here because we send out html formatted invoices via
email and they're ending up in the virus directory when people forward
them to whoever pays the bill :(

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Rules Question

2001-11-29 Thread Paul Fuhrmeister


On iMail 6.06, we're setting a rule at the virtual domain level and putting
in a mail box name.

The User's Guide seems to say I can put an account name at the server level
and it gets routed to that account. But the server creates a sub-account for
the recipient every time, we can't get it to route directly to an account.
Again, We're doing the rules at the virtual domain level.

Can a rule at the virtual domain level send directly to an account or do you
have to send to a recipient sub-account and forward it?

[EMAIL PROTECTED]


---

This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  You can E-mail
[EMAIL PROTECTED] for assistance.  You can visit our web
site at http://www.declude.com .

45 matches

Mail list logo