Re: [Declude.JunkMail] Declude Gone Wild
Today I had an instance where all my mail started being held as SPAM. 99% of it was legit mail. Fortunately, this is usually easy to diagnose. I am running Declude 1.63 FYI, 1.63 is an old beta version, so I would recommend upgrading to 1.65. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed OSRELAY (This entry was last confirmed open on 1/4/2003). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed DSBL (http://dsbl.org/listing.php?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed NJABL (relay tested -- 1007947419). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [804f].). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 202.105.130.36 with no reverse DNS entry.). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SNIFFER (Message failed SNIFFER: 63.). Action=HOLD. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed WEIGHT10 (Weight of 32 reaches or exceeds the limit of 10.). Action=BOUNCE. This shows that the E-mail failed a *lot* of tests. This E-mail will be treated as spam by most servers running anti-spam software. 202.105.130.36 is apparently a serious source of spam. It's also an IP address in China, so I'm guessing this probably isn't legitimate mail. So the question here would just be whether or not the E-mail actually came from that IP. If it did, this is just a standard false positive, and would need to be handled appropriately (perhaps whitelisting it). If it did not, then there is a serious problem somewhere along the line -- but I'll be that the E-mail really did come from that IP. //Later On During Day 01/22/2003 20:28:12 Q4527514f0150ab35 Msg failed HELOBOGUS (Domain scanner2 has no MX or A records.). Action=WARN. This, too, is a case of Declude JunkMail working properly (again, with the assumption that it is finding the correct information, and that the computer that sent the mail to IMail claimed to be "scanner2"). "scanner2" isn't a valid host name (and I'd guess it is coming from an open relay scanner, which wouldn't be legitimate mail either). What you need to do here is find some log file entries for legitimate mail that is getting caught -- from those, we can figure out if it should be getting caught (in which case tweaking your settings would likely be necessary, if such a high rate of legitimate mail is caught), or if it should not due to some problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude Gone Wild
Today I had an instance where all my mail started being held as SPAM. 99% of it was legit mail. At first I thought it may be a sniffer problem as that was installed within the last week. Attached is a snippet of logs that shows declude over and over testing a peice of mail I disabled Sniffer at approximatly 2:30pm today. Reviewing the logs now seems to show that declude is still repeating the behavior below *substantially* less though. I am running Declude 1.63 Any thoughts? //INITIAL PROBLEM 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed OSRELAY (This entry was last confirmed open on 1/4/2003). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed DSBL (http://dsbl.org/listing.php?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed NJABL (relay tested -- 1007947419). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [804f].). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 202.105.130.36 with no reverse DNS entry.). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SNIFFER (Message failed SNIFFER: 63.). Action=HOLD. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed WEIGHT10 (Weight of 32 reaches or exceeds the limit of 10.). Action=BOUNCE. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed OSRELAY (This entry was last confirmed open on 1/4/2003). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed DSBL (http://dsbl.org/listing.php?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed NJABL (relay tested -- 1007947419). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [804f].). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 202.105.130.36 with no reverse DNS entry.). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SNIFFER (Message failed SNIFFER: 63.). Action=HOLD. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed WEIGHT10 (Weight of 32 reaches or exceeds the limit of 10.). Action=BOUNCE. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed OSRELAY (This entry was last confirmed open on 1/4/2003). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed DSBL (http://dsbl.org/listing.php?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed NJABL (relay tested -- 1007947419). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [804f].). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 202.105.130.36 with no reverse DNS entry.). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SNIFFER (Message failed SNIFFER: 63.). Action=HOLD. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed WEIGHT10 (Weight of 32 reaches or exceeds the limit of 10.). Action=BOUNCE. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed OSRELAY (This entry was last confirmed open on 1/4/2003). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed DSBL (http://dsbl.org/listing.php?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed NJABL (relay tested -- 1007947419). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [804f].). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 202.105.130.36 with no reverse DNS entry.). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SNIFFER (Message failed SNIFFER: 63.). Action=HOLD. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed WEIGHT10 (Weight of 32 reaches or exceeds the limit of 10.). Action=BOUNCE. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed OSRELAY (This entry was last confirmed open on 1/4/2003). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed DSBL (http://dsbl.org/listing.php?202.105.130.36). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed NJABL (relay tested -- 1007947419). Action=WARN. 01/22/2003 09:56:35 Qafa31fcd00869f47 Msg failed BADHEADERS (This E-mail was sent from a broken mail cli