Re: [Declude.JunkMail] IP block
One option here would be to use a line HOPHIGH 2 in your \IMail\Declude\global.cfg file, which would scan the first two hops, which would also cause the 222.126.26.96 IP to be scanned. Hold on, maybe I have misunderstood the hophigh feature all this time. Do you mean to say that by using hophigh 2 I test all ip-numers in the first *and* in the second hop? Correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IP block
Below is the header I caught with an IMAIL rule but it should be caught with a Declude rule (I think) I have all email coming from 222.0.0.0/8 being deleted and this one was notthe first IP 63.238.52.97 is my first layer of filtering that is in house... Received: from theoracle.apid.com [63.238.52.97] by ethixs.com with ESMTP (SMTPD32-7.11) id AABA26F50386; Sun, 28 Nov 2004 14:44:58 -0500Received: by theoracle.apid.com (Postfix, from userid 777)id 8AB2724FFB; Sun, 28 Nov 2004 13:46:39 -0600 (CST)Received: from adsl-68-251-177-107.dsl.ipltin.ameritech.net (adsl-68-251-177-107.dsl.ipltin.ameritech.net [68.251.177.107])by theoracle.apid.com (Postfix) with SMTP id 10A9F24FB4;Sun, 28 Nov 2004 13:46:36 -0600 (CST)Received: from reprehensible.mail.shawcable.net (222.126.26.96)by 63.238.52.89; Sun, 28 Nov 2004 18:30:24 -0800To: [EMAIL PROTECTED]From: corey piazza [EMAIL PROTECTED]Reply-To: [EMAIL PROTECTED]Subject: August RxDate: Sun, 28 Nov 2004 18:30:24 -0800Message-ID: [EMAIL PROTECTED]MIME-Version: 1.0 Content-Type: text/html;Content-Transfer-Encoding: 7bitX-Priority: 3X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 X-Filtered-By: SublimeMail (http://sublimemail.com)X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"X-Declude-Sender: [EMAIL PROTECTED] [68.251.177.107]X-Declude-Spoolname: D2aba26f503861af3.SMDX-Note: Total Spam Weight Of This Email Is 6.X-RCPT-TO: [EMAIL PROTECTED]Status: UX-IMail-Rule: S~Rx:[EMAIL PROTECTED] Data- RxX-UIDL: 327837050 Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet"
Re: [Declude.JunkMail] IP block
Below is the header I caught with an IMAIL rule but it should be caught with a Declude rule (I think) I have all email coming from 222.0.0.0/8 being deleted and this one was notthe first IP 63.238.52.97 is my first layer of filtering that is in house... The problem is that: Received: from theoracle.apid.com [63.238.52.97] by ethixs.com with ESMTP (SMTPD32-7.11) id AABA26F50386; Sun, 28 Nov 2004 14:44:58 -0500 Received: by theoracle.apid.com (Postfix, from userid 777) id 8AB2724FFB; Sun, 28 Nov 2004 13:46:39 -0600 (CST) Received: from adsl-68-251-177-107.dsl.ipltin.ameritech.net (adsl-68-251-177-107.dsl.ipltin.ameritech.net [68.251.177.107]) by theoracle.apid.com (Postfix) with SMTP id 10A9F24FB4; Sun, 28 Nov 2004 13:46:36 -0600 (CST) Received: from reprehensible.mail.shawcable.net (222.126.26.96)by 63.238.52.89; Sun, 28 Nov 2004 18:30:24 -0800 This E-mail actually came from 68.251.177.107. That IP *may* have received it from 222.126.26.96, but unless you can trust that IP, you have to assume that it really came from 68.251.177.107. One option here would be to use a line HOPHIGH 2 in your \IMail\Declude\global.cfg file, which would scan the first two hops, which would also cause the 222.126.26.96 IP to be scanned. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ip block
Noticed here a little while ago a spammer that was basically trying a dictionary attack on our imail server. If I IP blacklist this sender in declude he can still do his dictionary attack right ? That is correct. Declude won't see his IP until an E-mail actually arrives (and even then, would only be able to block the E-mail that got through). So only way to make sure he doesn't tie up my server resources is to add him to Imail Kill list ? That is correct. FYI ip is 62.254.178.50 You are lucky that they are only using one IP. G -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .