Re: [Declude.JunkMail] Damaged Image Files
Title: Message Eric, Forwarded E-mail that goes outside of your server is handled by actions contained within the Global.cfg instead of a JunkMail file. This causes a lot of confusion. This would explain some of the issues. If you have questions about this, just post them to the list and I or someone else will help out. Forwarded E-mail within the same server I believe is always handled by a JunkMail file. This is clearly the case in the sample that you sent me off-list. Your logs on that sample shows the SUBJECT action should have been called and it seems that it wasn't. I believe that the message is using non-compliant line breaks based on other reports for this spammer, and this is probably why it didn't put the SUBJECT in (or rather the bugs in Declude in handling poorly formated messages). You should forward what you sent me to Declude's support and let them know that this is in reference to the discussion on the list about missing/broken headers and zombie spam. Even though the messages are broken, Declude is clearly not handling them properly and it should be fixed. Thanks for following up. Please share whatever else you find with the list. Matt Erik wrote: Matt, I have emailed you off-list with an example of this type of email that Declude fails to "mark". Let me know if you receive it. I attached the email along with our Imail log and Declude log. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Tuesday, February 28, 2006 8:18 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Damaged Image Files Erik, I don't doubt the possibility of a bug causing the scanning of such a message to fail, but there is a possibility of this also just simply being a spam that passed, and a failure to insert the headers in the correct place. It would be great if you guys could supply the full source of one such E-mail and check your logs for an entry that matches, and clarify which version you are running. Thanks, Matt Erik wrote: Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this "spammer" has corrected "his" image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them.
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Matt, I have sent Declude what I sent you. I'll keep you and the list posted; if Declude does not. Thanks for your time and input, Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Saturday, March 04, 2006 3:56 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Damaged Image FilesEric,Forwarded E-mail that goes outside of your server is handled by actions contained within the Global.cfg instead of a JunkMail file. This causes a lot of confusion. This would explain some of the issues. If you have questions about this, just post them to the list and I or someone else will help out.Forwarded E-mail within the same server I believe is always handled by a JunkMail file. This is clearly the case in the sample that you sent me off-list. Your logs on that sample shows the SUBJECT action should have been called and it seems that it wasn't. I believe that the message is using non-compliant line breaks based on other reports for this spammer, and this is probably why it didn't put the SUBJECT in (or rather the bugs in Declude in handling poorly formated messages).You should forward what you sent me to Declude's support and let them know that this is in reference to the discussion on the list about missing/broken headers and zombie spam. Even though the messages are broken, Declude is clearly not handling them properly and it should be fixed.Thanks for following up. Please share whatever else you find with the list. MattErik wrote: Matt, I have emailed you off-list with an example of this type of email that Declude fails to "mark". Let me know if you receive it. I attached the email along with our Imail log and Declude log. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MattSent: Tuesday, February 28, 2006 8:18 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Damaged Image FilesErik,I don't doubt the possibility of a bug causing the scanning of such a message to fail, but there is a possibility of this also just simply being a spam that passed, and a failure to insert the headers in the correct place. It would be great if you guys could supply the full source of one such E-mail and check your logs for an entry that matches, and clarify which version you are running.Thanks,MattErik wrote: Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this "spammer" has corrected "his" image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, AndrewSent: Tuesday, February 28, 2006 7:34 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Harry VanderzandSent: Tuesday, February 28, 2006 10:10 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of ErikSent: Tuesday, February 28, 2006 12:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PR
RE: [Declude.JunkMail] Damaged Image Files
We too are receiving these.Upgrading to version 4 did not fix the problem. Declude is scanning them, but then the headers are inserted at the END of the message. Most email readers won't show those "headers". However, if you are using iMail you can open the .mbx file (located on the server)with notepad see the "headers" at the bottom of the message. I've attached a text file with the contents of one of the messages we get daily. Scroll to the bottom and you'll see the misplaced headers. Now, why this is happening is beyond my skill level. Any fixes would be appreciated. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Monday, February 27, 2006 10:38 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 From [EMAIL PROTECTED] Wed Mar 01 18:02:52 2006 Received: from friend [207.255.199.178] by mail.agid.com with ESMTP (SMTPD-8.22) id A248011C; Wed, 01 Mar 2006 18:02:48 -0800 Message-ID: [EMAIL PROTECTED] From: Geoffrey [EMAIL PROTECTED] To: corby@removed Subject: She wants a better sex? All you need's here! Date: Wed, 01 Mar 2006 21:02:46 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=ms050904060202070904070106 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-UIDL: 441267089 This is a multi-part message in MIME format. --ms050904060202070904070106 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: quoted-printable Cheapest medications based LICENSED online phartmacy! Cialis Soft Tabs as low as $4.72 Viagra Professional as low as $3.8 Viagra Soft Tabs as low as $3.8 Cialis as low as $5.67 Valium as low as $2.85 Generic Viagra as low as $3.5 Need medicine? All here! --ms050904060202070904070106 Content-Type: text/html; charset=koi8-r Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; charset=3Dkoi8-r META content=3DMSHTML 6.00.2900.2180 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ffFONT face=3DArial size=3D2 H3 align=3DleftA href=3Dhttp://auuiek.tradeearth.info/?88276620;FONT face=3DTimes New Roman = color=3D#ff=20 size=3D5EMCheapest medications based LICENSED online=20 phartmacy!/EM/FONT/A/H3 H3 align=3DleftCialis Soft Tabs SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low as=20 $4.72/SPAN/H3SPAN style=3DFONT-WEIGHT: bold; COLOR: = rgb(234,107,31) H3 align=3DleftFONT color=3D#00Viagra Professional/FONT SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low as=20 $3.8/SPAN/H3SPAN style=3DFONT-WEIGHT: bold; COLOR: = rgb(234,107,31) H3 align=3DleftFONT color=3D#00Viagra Soft Tabs/FONT SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low as=20 $3.8/SPAN/H3SPAN style=3DFONT-WEIGHT: bold; COLOR: = rgb(234,107,31) H3 align=3DleftFONT color=3D#00Cialis /FONTSPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)FONT = color=3D#00as=20 low/FONT as $5.67/SPAN/H3SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31) H3 align=3DleftFONT color=3D#00Valium/FONT SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low
RE: [Declude.JunkMail] Damaged Image Files
Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
Re: [Declude.JunkMail] Damaged Image Files
Title: Message Would you be willing to post the full contents of one of the D* files and also indicate the version that you are running. This is for my own interest, but I think it might be beneficial to others. It would also be useful to see what was logged for this message. It may be that it was scanned and Declude just failed to insert the headers. I don't know. Thanks, Matt Erik wrote: The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ErikSent: Tuesday, February 28, 2006 12:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry VanderzandSent: Tuesday, February 28, 2006 10:10 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ErikSent: Tuesday, February 28, 2006 12:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this "spammer" has corrected "his" image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Tuesday, February 28, 2006 7:34 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry VanderzandSent: Tuesday, February 28, 2006 10:10 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ErikSent: Tuesday, February 28, 2006 12:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
I received a couple with the broken gif as late as yesterday. The Declude headers end up at the bottom of the message, but they are there. I'm running Declude 3.0.5.26 and SmarterMail 2.6. Gary Original Message From: Erik [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 1:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net http://www.martek.net/ PROGRAMMING: http://www.martekware.com http://www.martekware.com/ iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Damaged Image Files
Title: Message Erik, I don't doubt the possibility of a bug causing the scanning of such a message to fail, but there is a possibility of this also just simply being a spam that passed, and a failure to insert the headers in the correct place. It would be great if you guys could supply the full source of one such E-mail and check your logs for an entry that matches, and clarify which version you are running. Thanks, Matt Erik wrote: Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this "spammer" has corrected "his" image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Interesting. As Matt, said, if you can get an original D*.SMD that would be great for following this trail. I would note that in addition, use the headers that were received to track the sending IP and time, and check your IMail log, and from there you will have the GUID for the message. Then check the Declude log for that GUID (but do a case-insensitive search). That will tell you whether Declude processed the message at all; it could be that Declude processed the message but failed to insert the headers, or failed to lock the file and had to "fail open" and allow IMail to deliver the message without being able to insert the headers. For more information, I found all 94 of the messages with this title sent to my server in today and yesterday, and found that they were all held as spam. I then copied each to my workstation and compared the filesize to see if I could spot any that were obviously different. They were all with 1 or 2 KB of each other, so I opened quite a few and found them all intact, and all with the Declude headers correctly placed. My mileage will vary from yours, but it doesn't seem that I received any broken images in this particular spam run, and I've had no user feedback indicating spam received today. Hopefully, this counter-example will help narrow down the problem. I'm using Declude v2.0.6.16 from 2005-05-25 and IMail v8.14 with whatever hotfixes. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ErikSent: Tuesday, February 28, 2006 10:51 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this "spammer" has corrected "his" image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, AndrewSent: Tuesday, February 28, 2006 7:34 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry VanderzandSent: Tuesday, February 28, 2006 10:10 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ErikSent: Tuesday, February 28, 2006 12:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this?
RE: [Declude.JunkMail] Damaged Image Files
Title: Message We had an issue with Declude corrupting images from SmarterStats long ago. It turned out the SmarterStats wasnt inserting line breaks in their images, and thus single lines were going out past 8,000 characters, at which point Declude truncated the line. I wouldnt be surprised if the spamware being used to send these was doing something similar. Thanks! - Jay Sudowski // Handy Networks LLC Director of Technical Operations Providing Shared, Reseller, Semi Managed and Fully Managed Windows 2003 Hosting Solutions Tel: 877-70 HANDY x882 | Fax: 888-300-2FAX www.handynetworks.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 2:54 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Interesting. As Matt, said, if you can get an original D*.SMD that would be great for following this trail. I would note that in addition, use the headers that were received to track the sending IP and time, and check your IMail log, and from there you will have the GUID for the message. Then check the Declude log for that GUID (but do a case-insensitive search). That will tell you whether Declude processed the message at all; it could be that Declude processed the message but failed to insert the headers, or failed to lock the file and had to fail open and allow IMail to deliver the message without being able to insert the headers. For more information, I found all 94 of the messages with this title sent to my server in today and yesterday, and found that they were all held as spam. I then copied each to my workstation and compared the filesize to see if I could spot any that were obviously different. They were all with 1 or 2 KB of each other, so I opened quite a few and found them all intact, and all with the Declude headers correctly placed. My mileage will vary from yours, but it doesn't seem that I received any broken images in this particular spam run, and I've had no user feedback indicating spam received today. Hopefully, this counter-example will help narrow down the problem. I'm using Declude v2.0.6.16 from 2005-05-25 and IMail v8.14 with whatever hotfixes. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 10:51 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached
Re: [Declude.JunkMail] Damaged Image Files
Gary, you should upgrade to 3.0.6, which has been out for about a week now, as 3.0.5.26 had serious problems with handling certain kinds of mime encapsulate messages. We actually had to roll back to 3.0.5.23 after reporting the issues with 3.0.5.26 to Declude. Version 3.0.6 fixed this issue. Bill - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, February 28, 2006 11:06 AM Subject: RE: [Declude.JunkMail] Damaged Image Files I received a couple with the broken gif as late as yesterday. The Declude headers end up at the bottom of the message, but they are there. I'm running Declude 3.0.5.26 and SmarterMail 2.6. Gary Original Message From: Erik [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 1:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files We're getting the same. Also using Declude with smartermail. Because Declude doesn't appear to be scanning the headers there is no way for us to stop them. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files I'm getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so I'm not sure if these are being scanned or not. I don't know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? I'm running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net http://www.martek.net/ PROGRAMMING: http://www.martekware.com http://www.martekware.com/ iPlus Info Browser - IPB's IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL
Re: [Declude.JunkMail] Damaged Image Files
Title: Message There is also a longstanding bug in at least Declude Virus that has issues with very long base64 encoding. I have seen no reports that this was fixed. I am wondering in this case whether or not the bug is now being exploited by spammers also. Matt Jay Sudowski - Handy Networks LLC wrote: We had an issue with Declude corrupting images from SmarterStats long ago. It turned out the SmarterStats wasnt inserting line breaks in their images, and thus single lines were going out past 8,000 characters, at which point Declude truncated the line. I wouldnt be surprised if the spamware being used to send these was doing something similar. Thanks! - Jay Sudowski // Handy Networks LLC Director of Technical Operations Providing Shared, Reseller, Semi Managed and Fully Managed Windows 2003 Hosting Solutions Tel: 877-70 HANDY x882 | Fax: 888-300-2FAX www.handynetworks.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 2:54 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Interesting. As Matt, said, if you can get an original D*.SMD that would be great for following this trail. I would note that in addition, use the headers that were received to track the sending IP and time, and check your IMail log, and from there you will have the GUID for the message. Then check the Declude log for that GUID (but do a case-insensitive search). That will tell you whether Declude processed the message at all; it could be that Declude processed the message but failed to insert the headers, or failed to lock the file and had to "fail open" and allow IMail to deliver the message without being able to insert the headers. For more information, I found all 94 of the messages with this title sent to my server in today and yesterday, and found that they were all held as spam. I then copied each to my workstation and compared the filesize to see if I could spot any that were obviously different. They were all with 1 or 2 KB of each other, so I opened quite a few and found them all intact, and all with the Declude headers correctly placed. My mileage will vary from yours, but it doesn't seem that I received any broken images in this particular spam run, and I've had no user feedback indicating spam received today. Hopefully, this counter-example will help narrow down the problem. I'm using Declude v2.0.6.16 from 2005-05-25 and IMail v8.14 with whatever hotfixes. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Erik Sent: Tuesday, February 28, 2006 10:51 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this "spammer" has corrected "his" image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Beckstrom
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Are you utilizing smartermail as your mail server? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 12:10 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
Re: [Declude.JunkMail] Damaged Image Files
They kept that one quiet. I wasn't aware of any problems with 3.0.5.26, and this is the first mention I've seen of 3.0.6, on this list or anywhere else. I guess I need to check Declude's upgrade section on a daily basis to see when they've snuck out a new release, since this information isn't announced anywhere. Original Message From: Bill Landry [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 3:07 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Damaged Image Files Gary, you should upgrade to 3.0.6, which has been out for about a week now, as 3.0.5.26 had serious problems with handling certain kinds of mime encapsulate messages. We actually had to roll back to 3.0.5.23 after reporting the issues with 3.0.5.26 to Declude. Version 3.0.6 fixed this issue. Bill - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, February 28, 2006 11:06 AM Subject: RE: [Declude.JunkMail] Damaged Image Files I received a couple with the broken gif as late as yesterday. The Declude headers end up at the bottom of the message, but they are there. I'm running Declude 3.0.5.26 and SmarterMail 2.6. Gary Original Message From: Erik [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 1:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files We're getting the same. Also using Declude with smartermail. Because Declude doesn't appear to be scanning the headers there is no way for us to stop them. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files I'm getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so I'm not sure if these are being scanned or not. I don't know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? I'm running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180
[Declude.JunkMail] Damaged Image Files
Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 C1alis 10 Pills 20 mg $89 95.msg Description: Binary data