Re: [Declude.JunkMail] Damaged Image Files
Title: Message
Eric,
Forwarded E-mail that goes outside of your server is handled by actions
contained within the Global.cfg instead of a JunkMail file. This
causes a lot of confusion. This would explain some of the issues. If
you have questions about this, just post them to the list and I or
someone else will help out.
Forwarded E-mail within the same server I believe is always handled by
a JunkMail file. This is clearly the case in the sample that you sent
me off-list. Your logs on that sample shows the SUBJECT action should
have been called and it seems that it wasn't. I believe that the
message is using non-compliant line breaks based on other reports for
this spammer, and this is probably why it didn't put the SUBJECT in (or
rather the bugs in Declude in handling poorly formated messages).
You should forward what you sent me to Declude's support and let them
know that this is in reference to the discussion on the list about
missing/broken headers and zombie spam. Even though the messages are
broken, Declude is clearly not handling them properly and it should be
fixed.
Thanks for following up. Please share whatever else you find with the
list.
Matt
Erik wrote:
Matt, I have emailed you off-list with an
example of this type of email that Declude fails to "mark".
Let me know if you receive it. I attached the
email along with our Imail log and Declude log.
-Erik
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Tuesday, February 28, 2006 8:18 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Damaged Image Files
Erik,
I don't doubt the possibility of a bug causing the scanning of such a
message to fail, but there is a possibility of this also just simply
being a spam that passed, and a failure to insert the headers in the
correct place. It would be great if you guys could supply the full
source of one such E-mail and check your logs for an entry that
matches, and clarify which version you are running.
Thanks,
Matt
Erik wrote:
Yes, they are passing SNIFFER and Darrell's
INV-URIBL at this time. But what Evans wrote is true. Either this
"spammer" has corrected "his" image.. the fact remains that in the past
when it was a corrupted; Declude failed in our version.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Colbeck, Andrew
Sent: Tuesday, February 28, 2006 7:34 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Damaged Image Files
Ditto.
I've received and held 24
messages with the same title. Re-queuing 3 of these to myself, they
had an image that was intact.
They fail the usual RBL tests
plus Message Sniffer.
Andrew 8)
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Harry Vanderzand
Sent: Tuesday, February 28, 2006 10:10 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Damaged Image Files
Judgement is quick to pass for
some around here.
These are getting caught by my
system
X-Note: Spam Tests Failed: SBL
[28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13]
Harry Vanderzand
inTown Internet Computer
Services
519-741-1222
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Erik
Sent: Tuesday, February 28, 2006 12:49 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Damaged Image Files
The problem
that we've seen this "spammer" is that the image is corrupted as you
mentioned... and Declude is exiting; thus why it's being allowed to be
delivered. "Smart" coding on the spammer... Not so smart on Declude.
-Erik
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Dave Beckstrom
Sent: Tuesday, February 28, 2006 6:41 PM
To: Declude.JunkMail@declude.com
Cc: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Damaged Image Files
Were
getting the same. Also using Declude with smartermail. Because
Declude doesnt appear to be scanning the headers there is no way for
us to stop them.
RE: [Declude.JunkMail] Damaged Image Files
Title: Message
Matt,
I have sent Declude what I sent you.
I'll
keep you and the list posted; if Declude does not.
Thanks
for your time and input,
Erik
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of MattSent: Saturday, March 04, 2006 3:56
AMTo: Declude.JunkMail@declude.comSubject: Re:
[Declude.JunkMail] Damaged Image
FilesEric,Forwarded E-mail that goes outside of
your server is handled by actions contained within the Global.cfg instead of a
JunkMail file. This causes a lot of confusion. This would explain
some of the issues. If you have questions about this, just post them to
the list and I or someone else will help out.Forwarded E-mail within
the same server I believe is always handled by a JunkMail file. This is
clearly the case in the sample that you sent me off-list. Your logs on
that sample shows the SUBJECT action should have been called and it seems that
it wasn't. I believe that the message is using non-compliant line breaks
based on other reports for this spammer, and this is probably why it didn't
put the SUBJECT in (or rather the bugs in Declude in handling poorly formated
messages).You should forward what you sent me to Declude's support and
let them know that this is in reference to the discussion on the list about
missing/broken headers and zombie spam. Even though the messages are
broken, Declude is clearly not handling them properly and it should be
fixed.Thanks for following up. Please share whatever else you
find with the list. MattErik wrote:
Matt, I have emailed you off-list with an example of this type of
email that Declude fails to "mark".
Let me know if you receive it. I attached the email along with
our Imail log and Declude log.
-Erik
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of MattSent: Tuesday, February 28, 2006 8:18
PMTo: Declude.JunkMail@declude.comSubject:
Re: [Declude.JunkMail] Damaged Image
FilesErik,I don't doubt the possibility of a
bug causing the scanning of such a message to fail, but there is a
possibility of this also just simply being a spam that passed, and a
failure to insert the headers in the correct place. It would be
great if you guys could supply the full source of one such E-mail and
check your logs for an entry that matches, and clarify which version you
are running.Thanks,MattErik wrote:
Yes, they are passing SNIFFER and Darrell's INV-URIBL at this
time. But what Evans wrote is true. Either this "spammer"
has corrected "his" image.. the fact remains that in the past when it
was a corrupted; Declude failed in our version.
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Colbeck, AndrewSent: Tuesday, February
28, 2006 7:34 PMTo: Declude.JunkMail@declude.comSubject:
RE: [Declude.JunkMail] Damaged Image Files
Ditto.
I've received and held 24 messages
with the same title. Re-queuing 3 of these to myself, they had
an image that was intact.
They fail the usual RBL tests plus
Message Sniffer.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Harry VanderzandSent: Tuesday,
February 28, 2006 10:10 AMTo: Declude.JunkMail@declude.comSubject:
RE: [Declude.JunkMail] Damaged Image Files
Judgement is quick to pass for some
around here.
These are getting caught by my
system
X-Note: Spam Tests Failed: SBL [28],
SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13]
Harry Vanderzand
inTown Internet Computer
Services 519-741-1222
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of ErikSent: Tuesday, February 28,
2006 12:49 PMTo: Declude.JunkMail@declude.comSubject:
RE: [Declude.JunkMail] Damaged Image Files
The problem that we've
seen this "spammer" is that the image is corrupted as you
mentioned... and Declude is exiting; thus why it's being allowed
to be delivered. "Smart" coding on the spammer... Not so smart on
Declude.
-Erik
-Original
Message-From: [EMAIL PR
RE: [Declude.JunkMail] Damaged Image Files
We too are receiving these.Upgrading to version 4 did not fix the problem. Declude is scanning them, but then the headers are inserted at the END of the message. Most email readers won't show those "headers". However, if you are using iMail you can open the .mbx file (located on the server)with notepad see the "headers" at the bottom of the message. I've attached a text file with the contents of one of the messages we get daily. Scroll to the bottom and you'll see the misplaced headers. Now, why this is happening is beyond my skill level. Any fixes would be appreciated. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Monday, February 27, 2006 10:38 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 From [EMAIL PROTECTED] Wed Mar 01 18:02:52 2006 Received: from friend [207.255.199.178] by mail.agid.com with ESMTP (SMTPD-8.22) id A248011C; Wed, 01 Mar 2006 18:02:48 -0800 Message-ID: [EMAIL PROTECTED] From: Geoffrey [EMAIL PROTECTED] To: corby@removed Subject: She wants a better sex? All you need's here! Date: Wed, 01 Mar 2006 21:02:46 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=ms050904060202070904070106 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-UIDL: 441267089 This is a multi-part message in MIME format. --ms050904060202070904070106 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: quoted-printable Cheapest medications based LICENSED online phartmacy! Cialis Soft Tabs as low as $4.72 Viagra Professional as low as $3.8 Viagra Soft Tabs as low as $3.8 Cialis as low as $5.67 Valium as low as $2.85 Generic Viagra as low as $3.5 Need medicine? All here! --ms050904060202070904070106 Content-Type: text/html; charset=koi8-r Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; charset=3Dkoi8-r META content=3DMSHTML 6.00.2900.2180 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ffFONT face=3DArial size=3D2 H3 align=3DleftA href=3Dhttp://auuiek.tradeearth.info/?88276620;FONT face=3DTimes New Roman = color=3D#ff=20 size=3D5EMCheapest medications based LICENSED online=20 phartmacy!/EM/FONT/A/H3 H3 align=3DleftCialis Soft Tabs SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low as=20 $4.72/SPAN/H3SPAN style=3DFONT-WEIGHT: bold; COLOR: = rgb(234,107,31) H3 align=3DleftFONT color=3D#00Viagra Professional/FONT SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low as=20 $3.8/SPAN/H3SPAN style=3DFONT-WEIGHT: bold; COLOR: = rgb(234,107,31) H3 align=3DleftFONT color=3D#00Viagra Soft Tabs/FONT SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low as=20 $3.8/SPAN/H3SPAN style=3DFONT-WEIGHT: bold; COLOR: = rgb(234,107,31) H3 align=3DleftFONT color=3D#00Cialis /FONTSPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)FONT = color=3D#00as=20 low/FONT as $5.67/SPAN/H3SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31) H3 align=3DleftFONT color=3D#00Valium/FONT SPAN=20 style=3DFONT-WEIGHT: bold; COLOR: rgb(234,107,31)as low
RE: [Declude.JunkMail] Damaged Image Files
Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
Re: [Declude.JunkMail] Damaged Image Files
Title: Message Would you be willing to post the full contents of one of the D* files and also indicate the version that you are running. This is for my own interest, but I think it might be beneficial to others. It would also be useful to see what was logged for this message. It may be that it was scanned and Declude just failed to insert the headers. I don't know. Thanks, Matt Erik wrote: The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ErikSent: Tuesday, February 28, 2006 12:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry VanderzandSent: Tuesday, February 28, 2006 10:10 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ErikSent: Tuesday, February 28, 2006 12:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave BeckstromSent: Tuesday, February 28, 2006 6:41 PMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans MartinSent: Tuesday, February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: "Abrahams"[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="ms020700070106060404020304" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message
Yes,
they are passing SNIFFER and Darrell's INV-URIBL at this time. But what
Evans wrote is true. Either this "spammer" has corrected "his" image.. the
fact remains that in the past when it was a corrupted; Declude failed in our
version.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Colbeck, AndrewSent: Tuesday, February 28, 2006
7:34 PMTo: Declude.JunkMail@declude.comSubject: RE:
[Declude.JunkMail] Damaged Image Files
Ditto.
I've received and held 24 messages with the same
title. Re-queuing 3 of these to myself, they had an image that was
intact.
They fail the usual RBL tests plus Message
Sniffer.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harry
VanderzandSent: Tuesday, February 28, 2006 10:10 AMTo:
Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail]
Damaged Image Files
Judgement is quick to pass for some around
here.
These are getting caught by my
system
X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4],
HELOBOGUS [3], SNIFFER [13]
Harry Vanderzand inTown Internet Computer Services 519-741-1222
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
ErikSent: Tuesday, February 28, 2006 12:49 PMTo:
Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail]
Damaged Image Files
The problem that we've seen this
"spammer" is that the image is corrupted as you mentioned... and Declude
is exiting; thus why it's being allowed to be delivered. "Smart" coding on
the spammer... Not so smart on Declude.
-Erik
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave
BeckstromSent: Tuesday, February 28, 2006 6:41
PMTo: Declude.JunkMail@declude.comCc:
[EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged
Image Files
Were
getting the same. Also using Declude with smartermail.
Because Declude doesnt appear to be scanning the headers there is no
way for us to stop them.
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Evans
MartinSent: Tuesday,
February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Damaged
Image Files
Im getting a lot of messages that have only a
graphic in them. The graphic appears to have been damaged as only
about ½ of it displays. Declude has not modified the headers at
all so Im not sure if these are being scanned or not. I dont
know how it could be bypassing Declude. I have attached the .msg
file. Anyone have any ideas what might be causing
this?
Im running Declude 3.0.5.22 and SmarterMail
2.6.
The header is as
follows:
Return-Path: [EMAIL PROTECTED] Tue Feb 28
00:24:32 2006
Received: from 225-65-10-72.planters.net
[72.10.65.225] by matrix.martek.net with
SMTP;
Tue, 28 Feb 2006 00:24:32
-0600
Date: Tue, 28 Feb 2006 01:24:22
+0100
Return-path:
[EMAIL PROTECTED]
From:
"Abrahams"[EMAIL PROTECTED]
To:
[EMAIL PROTECTED]
Subject: C1alis 10 Pills 20 mg
$89.95
Message-ID:
[EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type:
multipart/related;
type="multipart/alternative";
boundary="ms020700070106060404020304"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express
6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.2180
Thanks,
Evans Martin
EVANS MARTIN [EMAIL PROTECTED]
HOSTING: http://www.martek.net
PROGRAMMING: http://www.martekware.com
iPlus Info Browser IPBs IMail Migration Tool,
password browser, reporting suite make IPlus Info Browser something no
IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
I received a couple with the broken gif as late as yesterday. The Declude headers end up at the bottom of the message, but they are there. I'm running Declude 3.0.5.26 and SmarterMail 2.6. Gary Original Message From: Erik [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 1:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net http://www.martek.net/ PROGRAMMING: http://www.martekware.com http://www.martekware.com/ iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Damaged Image Files
Title: Message
Erik,
I don't doubt the possibility of a bug causing the scanning of such a
message to fail, but there is a possibility of this also just simply
being a spam that passed, and a failure to insert the headers in the
correct place. It would be great if you guys could supply the full
source of one such E-mail and check your logs for an entry that
matches, and clarify which version you are running.
Thanks,
Matt
Erik wrote:
Yes, they are passing SNIFFER and Darrell's
INV-URIBL at this time. But what Evans wrote is true. Either this
"spammer" has corrected "his" image.. the fact remains that in the past
when it was a corrupted; Declude failed in our version.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck,
Andrew
Sent: Tuesday, February 28, 2006 7:34 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Damaged Image Files
Ditto.
I've received and held 24
messages with the same title. Re-queuing 3 of these to myself, they
had an image that was intact.
They fail the usual RBL tests
plus Message Sniffer.
Andrew 8)
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Harry
Vanderzand
Sent: Tuesday, February 28, 2006 10:10 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Damaged Image Files
Judgement is quick to pass for
some around here.
These are getting caught by my
system
X-Note: Spam Tests Failed: SBL
[28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13]
Harry Vanderzand
inTown Internet Computer
Services
519-741-1222
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Erik
Sent: Tuesday, February 28, 2006 12:49 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Damaged Image Files
The problem that
we've seen this "spammer" is that the image is corrupted as you
mentioned... and Declude is exiting; thus why it's being allowed to be
delivered. "Smart" coding on the spammer... Not so smart on Declude.
-Erik
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Dave
Beckstrom
Sent: Tuesday, February 28, 2006 6:41 PM
To: Declude.JunkMail@declude.com
Cc: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Damaged Image Files
Were
getting the same. Also using Declude with smartermail. Because
Declude doesnt appear to be scanning the headers there is no way for
us to stop them.
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Evans Martin
Sent: Tuesday,
February 28, 2006 12:38 AM
To: Declude.JunkMail@declude.com
Cc: [EMAIL PROTECTED]
Subject:
[Declude.JunkMail] Damaged Image Files
Im getting a lot of messages that have only
a graphic in them. The graphic appears to have been damaged as only
about of it displays. Declude has not modified the headers at all so
Im not sure if these are being scanned or not. I dont know how it
could be bypassing Declude. I have attached the .msg file. Anyone
have any ideas what might be causing this?
Im running Declude 3.0.5.22 and SmarterMail
2.6.
The header is as follows:
Return-Path: [EMAIL PROTECTED] Tue Feb
28 00:24:32 2006
Received: from 225-65-10-72.planters.net
[72.10.65.225] by matrix.martek.net with SMTP;
Tue, 28 Feb 2006 00:24:32 -0600
Date: Tue, 28 Feb 2006 01:24:22 +0100
Return-path: [EMAIL PROTECTED]
From: "Abrahams"[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: C1alis 10 Pills 20 mg $89.95
Message-ID:
[EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="ms020700070106060404020304"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express
6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE
V6.00.2900.2180
Thanks,
Evans Martin
EVANS MARTIN [EMAIL PROTECTED]
HOSTING: http://www.martek.net
PROGRAMMING: http://www.martekware.com
iPlus Info Browser IPBs IMail Migration
Tool, password browser, reporting suite make IPlus Info Browser
something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
RE: [Declude.JunkMail] Damaged Image Files
Title: Message
Interesting. As Matt, said, if you can get an
original D*.SMD that would be great for following this
trail.
I would note that in addition, use the headers that were
received to track the sending IP and time, and check your IMail log, and from
there you will have the GUID for the message. Then check the Declude log
for that GUID (but do a case-insensitive search). That will tell you
whether Declude processed the message at all; it could be that Declude processed
the message but failed to insert the headers, or failed to lock the file and had
to "fail open" and allow IMail to deliver the message without being able to
insert the headers.
For more information, I found all 94 of the messages with
this title sent to my server in today and yesterday, and found that they were
all held as spam. I then copied each to my workstation and compared the
filesize to see if I could spot any that were obviously different. They
were all with 1 or 2 KB of each other, so I opened quite a few and found them
all intact, and all with the Declude headers correctly placed. My mileage
will vary from yours, but it doesn't seem that I received any broken images in
this particular spam run, and I've had no user feedback indicating spam received
today. Hopefully, this counter-example will help narrow down the
problem.
I'm using Declude v2.0.6.16 from 2005-05-25 and IMail v8.14
with whatever hotfixes.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
ErikSent: Tuesday, February 28, 2006 10:51 AMTo:
Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Damaged
Image Files
Yes,
they are passing SNIFFER and Darrell's INV-URIBL at this time. But what
Evans wrote is true. Either this "spammer" has corrected "his" image..
the fact remains that in the past when it was a corrupted; Declude failed in
our version.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
AndrewSent: Tuesday, February 28, 2006 7:34 PMTo:
Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail]
Damaged Image Files
Ditto.
I've received and held 24 messages with the same
title. Re-queuing 3 of these to myself, they had an image that was
intact.
They fail the usual RBL tests plus Message
Sniffer.
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Harry
VanderzandSent: Tuesday, February 28, 2006 10:10
AMTo: Declude.JunkMail@declude.comSubject: RE:
[Declude.JunkMail] Damaged Image Files
Judgement is quick to pass for some around
here.
These are getting caught by my
system
X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4],
HELOBOGUS [3], SNIFFER [13]
Harry Vanderzand inTown Internet Computer Services 519-741-1222
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
ErikSent: Tuesday, February 28, 2006 12:49
PMTo: Declude.JunkMail@declude.comSubject: RE:
[Declude.JunkMail] Damaged Image Files
The problem that we've seen
this "spammer" is that the image is corrupted as you mentioned... and
Declude is exiting; thus why it's being allowed to be delivered. "Smart"
coding on the spammer... Not so smart on Declude.
-Erik
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave
BeckstromSent: Tuesday, February 28, 2006 6:41
PMTo: Declude.JunkMail@declude.comCc:
[EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Damaged
Image Files
Were
getting the same. Also using Declude with smartermail.
Because Declude doesnt appear to be scanning the headers there is no
way for us to stop them.
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Evans
MartinSent: Tuesday,
February 28, 2006 12:38 AMTo: Declude.JunkMail@declude.comCc: [EMAIL PROTECTED]Subject: [Declude.JunkMail]
Damaged Image Files
Im getting a lot of messages that have only a
graphic in them. The graphic appears to have been damaged as
only about ½ of it displays. Declude has not modified the
headers at all so Im not sure if these are being scanned or
not. I dont know how it could be bypassing Declude. I
have attached the .msg file. Anyone have any ideas what might be
causing this?
RE: [Declude.JunkMail] Damaged Image Files
Title: Message We had an issue with Declude corrupting images from SmarterStats long ago. It turned out the SmarterStats wasnt inserting line breaks in their images, and thus single lines were going out past 8,000 characters, at which point Declude truncated the line. I wouldnt be surprised if the spamware being used to send these was doing something similar. Thanks! - Jay Sudowski // Handy Networks LLC Director of Technical Operations Providing Shared, Reseller, Semi Managed and Fully Managed Windows 2003 Hosting Solutions Tel: 877-70 HANDY x882 | Fax: 888-300-2FAX www.handynetworks.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 2:54 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Interesting. As Matt, said, if you can get an original D*.SMD that would be great for following this trail. I would note that in addition, use the headers that were received to track the sending IP and time, and check your IMail log, and from there you will have the GUID for the message. Then check the Declude log for that GUID (but do a case-insensitive search). That will tell you whether Declude processed the message at all; it could be that Declude processed the message but failed to insert the headers, or failed to lock the file and had to fail open and allow IMail to deliver the message without being able to insert the headers. For more information, I found all 94 of the messages with this title sent to my server in today and yesterday, and found that they were all held as spam. I then copied each to my workstation and compared the filesize to see if I could spot any that were obviously different. They were all with 1 or 2 KB of each other, so I opened quite a few and found them all intact, and all with the Declude headers correctly placed. My mileage will vary from yours, but it doesn't seem that I received any broken images in this particular spam run, and I've had no user feedback indicating spam received today. Hopefully, this counter-example will help narrow down the problem. I'm using Declude v2.0.6.16 from 2005-05-25 and IMail v8.14 with whatever hotfixes. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 10:51 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached
Re: [Declude.JunkMail] Damaged Image Files
Gary, you should upgrade to 3.0.6, which has been out for about a week now, as 3.0.5.26 had serious problems with handling certain kinds of mime encapsulate messages. We actually had to roll back to 3.0.5.23 after reporting the issues with 3.0.5.26 to Declude. Version 3.0.6 fixed this issue. Bill - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, February 28, 2006 11:06 AM Subject: RE: [Declude.JunkMail] Damaged Image Files I received a couple with the broken gif as late as yesterday. The Declude headers end up at the bottom of the message, but they are there. I'm running Declude 3.0.5.26 and SmarterMail 2.6. Gary Original Message From: Erik [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 1:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files We're getting the same. Also using Declude with smartermail. Because Declude doesn't appear to be scanning the headers there is no way for us to stop them. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files I'm getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so I'm not sure if these are being scanned or not. I don't know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? I'm running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net http://www.martek.net/ PROGRAMMING: http://www.martekware.com http://www.martekware.com/ iPlus Info Browser - IPB's IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL
Re: [Declude.JunkMail] Damaged Image Files
Title: Message There is also a longstanding bug in at least Declude Virus that has issues with very long base64 encoding. I have seen no reports that this was fixed. I am wondering in this case whether or not the bug is now being exploited by spammers also. Matt Jay Sudowski - Handy Networks LLC wrote: We had an issue with Declude corrupting images from SmarterStats long ago. It turned out the SmarterStats wasnt inserting line breaks in their images, and thus single lines were going out past 8,000 characters, at which point Declude truncated the line. I wouldnt be surprised if the spamware being used to send these was doing something similar. Thanks! - Jay Sudowski // Handy Networks LLC Director of Technical Operations Providing Shared, Reseller, Semi Managed and Fully Managed Windows 2003 Hosting Solutions Tel: 877-70 HANDY x882 | Fax: 888-300-2FAX www.handynetworks.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 2:54 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Interesting. As Matt, said, if you can get an original D*.SMD that would be great for following this trail. I would note that in addition, use the headers that were received to track the sending IP and time, and check your IMail log, and from there you will have the GUID for the message. Then check the Declude log for that GUID (but do a case-insensitive search). That will tell you whether Declude processed the message at all; it could be that Declude processed the message but failed to insert the headers, or failed to lock the file and had to "fail open" and allow IMail to deliver the message without being able to insert the headers. For more information, I found all 94 of the messages with this title sent to my server in today and yesterday, and found that they were all held as spam. I then copied each to my workstation and compared the filesize to see if I could spot any that were obviously different. They were all with 1 or 2 KB of each other, so I opened quite a few and found them all intact, and all with the Declude headers correctly placed. My mileage will vary from yours, but it doesn't seem that I received any broken images in this particular spam run, and I've had no user feedback indicating spam received today. Hopefully, this counter-example will help narrow down the problem. I'm using Declude v2.0.6.16 from 2005-05-25 and IMail v8.14 with whatever hotfixes. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Erik Sent: Tuesday, February 28, 2006 10:51 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this "spammer" has corrected "his" image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this "spammer" is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. "Smart" coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Beckstrom
RE: [Declude.JunkMail] Damaged Image Files
Title: Message Are you utilizing smartermail as your mail server? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 12:10 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files Were getting the same. Also using Declude with smartermail. Because Declude doesnt appear to be scanning the headers there is no way for us to stop them. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96
Re: [Declude.JunkMail] Damaged Image Files
They kept that one quiet. I wasn't aware of any problems with 3.0.5.26, and this is the first mention I've seen of 3.0.6, on this list or anywhere else. I guess I need to check Declude's upgrade section on a daily basis to see when they've snuck out a new release, since this information isn't announced anywhere. Original Message From: Bill Landry [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 3:07 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Damaged Image Files Gary, you should upgrade to 3.0.6, which has been out for about a week now, as 3.0.5.26 had serious problems with handling certain kinds of mime encapsulate messages. We actually had to roll back to 3.0.5.23 after reporting the issues with 3.0.5.26 to Declude. Version 3.0.6 fixed this issue. Bill - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, February 28, 2006 11:06 AM Subject: RE: [Declude.JunkMail] Damaged Image Files I received a couple with the broken gif as late as yesterday. The Declude headers end up at the bottom of the message, but they are there. I'm running Declude 3.0.5.26 and SmarterMail 2.6. Gary Original Message From: Erik [EMAIL PROTECTED] Sent: Tuesday, February 28, 2006 1:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Yes, they are passing SNIFFER and Darrell's INV-URIBL at this time. But what Evans wrote is true. Either this spammer has corrected his image.. the fact remains that in the past when it was a corrupted; Declude failed in our version. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, February 28, 2006 7:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Ditto. I've received and held 24 messages with the same title. Re-queuing 3 of these to myself, they had an image that was intact. They fail the usual RBL tests plus Message Sniffer. Andrew 8) _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry Vanderzand Sent: Tuesday, February 28, 2006 10:10 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files Judgement is quick to pass for some around here. These are getting caught by my system X-Note: Spam Tests Failed: SBL [28], SORBS-DUHL [4], HELOBOGUS [3], SNIFFER [13] Harry Vanderzand inTown Internet Computer Services 519-741-1222 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Tuesday, February 28, 2006 12:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Damaged Image Files The problem that we've seen this spammer is that the image is corrupted as you mentioned... and Declude is exiting; thus why it's being allowed to be delivered. Smart coding on the spammer... Not so smart on Declude. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Tuesday, February 28, 2006 6:41 PM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Damaged Image Files We're getting the same. Also using Declude with smartermail. Because Declude doesn't appear to be scanning the headers there is no way for us to stop them. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin Sent: Tuesday, February 28, 2006 12:38 AM To: Declude.JunkMail@declude.com Cc: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Damaged Image Files I'm getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so I'm not sure if these are being scanned or not. I don't know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? I'm running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180
[Declude.JunkMail] Damaged Image Files
Im getting a lot of messages that have only a graphic in them. The graphic appears to have been damaged as only about ½ of it displays. Declude has not modified the headers at all so Im not sure if these are being scanned or not. I dont know how it could be bypassing Declude. I have attached the .msg file. Anyone have any ideas what might be causing this? Im running Declude 3.0.5.22 and SmarterMail 2.6. The header is as follows: Return-Path: [EMAIL PROTECTED] Tue Feb 28 00:24:32 2006 Received: from 225-65-10-72.planters.net [72.10.65.225] by matrix.martek.net with SMTP; Tue, 28 Feb 2006 00:24:32 -0600 Date: Tue, 28 Feb 2006 01:24:22 +0100 Return-path: [EMAIL PROTECTED] From: Abrahams[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: C1alis 10 Pills 20 mg $89.95 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020700070106060404020304 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thanks, Evans Martin EVANS MARTIN [EMAIL PROTECTED] HOSTING: http://www.martek.net PROGRAMMING: http://www.martekware.com iPlus Info Browser IPBs IMail Migration Tool, password browser, reporting suite make IPlus Info Browser something no IMail administrator should be without. http://www.martek.net/Default.aspx?tabid=96 C1alis 10 Pills 20 mg $89 95.msg Description: Binary data
