RE: [Declude.JunkMail] Blacklisted again
If you need help Monday morning with Hijack, I will be here as I am sure others will. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Friday, September 17, 2004 4:07 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blacklisted again I will be installing HiJack on Monday morningplease let me know what I need to do to get it running...Scott may want to answer this if you are there...thanxs a bunch...this has been a nigthmare..I have turned of Declude JunkMail just so my server can catch up..we are monitoring who is connecting to the server...so we can block them.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Richard Farris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 12:54 PM Subject: Re: [Declude.JunkMail] Blacklisted again I emailed them and asked why they didnt sent anything to abusetheir email is not in there...thanxs anyway.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 9:28 AM Subject: RE: [Declude.JunkMail] Blacklisted again When you get listed on spamcop they usually send a notice to your abuse contacts with full headers. You should be able to identify the source IP address from those headers and then use that IP to check you mail logs. Once you match up the spam with headers with the log files you should quickly see what the problem is. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Wednesday, September 15, 2004 8:16 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Blacklisted again I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklisted again
I will be installing HiJack on Monday morningplease let me know what I need to do to get it running...Scott may want to answer this if you are there...thanxs a bunch...this has been a nigthmare..I have turned of Declude JunkMail just so my server can catch up..we are monitoring who is connecting to the server...so we can block them.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Richard Farris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 12:54 PM Subject: Re: [Declude.JunkMail] Blacklisted again I emailed them and asked why they didnt sent anything to abusetheir email is not in there...thanxs anyway.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 9:28 AM Subject: RE: [Declude.JunkMail] Blacklisted again When you get listed on spamcop they usually send a notice to your abuse contacts with full headers. You should be able to identify the source IP address from those headers and then use that IP to check you mail logs. Once you match up the spam with headers with the log files you should quickly see what the problem is. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Wednesday, September 15, 2004 8:16 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Blacklisted again I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklisted again
Hook the server up to a hub and then hook another computer to the hub.. Next, get a network sniffer (Linux machine and ethereal works great) and sniff to see what information is being passed.. Run it for about 30 seconds and you should have enough information to begin working with.. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard FarrisSent: Wednesday, September 15, 2004 10:16 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Blacklisted again I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet"
Re: [Declude.JunkMail] Blacklisted again
Good suggestion and if you're not familiar with linux and don't have time to learn right now just get the windows version. You'll need to install winpcap first and then ethereal. You can get them both here: http://www.ethereal.com/distribution/win32/They work great. Larry Craddock - Original Message - From: Jeff Maze To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 6:44 AM Subject: RE: [Declude.JunkMail] Blacklisted again Hook the server up to a hub and then hook another computer to the hub.. Next, get a network sniffer (Linux machine and ethereal works great) and sniff to see what information is being passed.. Run it for about 30 seconds and you should have enough information to begin working with..
Re: [Declude.JunkMail] Blacklisted again
Thanks for the info..I will send this to my guys
that are working on it...
Richard FarrisEthixs Online1.270.247.
Office1.800.548.3877 Tech Support"Crossroads to a Cleaner
Internet"
- Original Message -
From:
Larry
Craddock
To: [EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 7:11
AM
Subject: Re: [Declude.JunkMail]
Blacklisted again
Good suggestion and if you're not familiar with
linux and don't have time to learn right now just get the windows version.
You'll need to install winpcap first and then ethereal. You can get them both
here: http://www.ethereal.com/distribution/win32/They
work great.
Larry Craddock
- Original Message -
From:
Jeff Maze
To: [EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 6:44
AM
Subject: RE: [Declude.JunkMail]
Blacklisted again
Hook the server up to a hub and then hook another
computer to the hub.. Next, get a network sniffer (Linux machine and
ethereal works great) and sniff to see what information is being
passed.. Run it for about 30 seconds and you should have enough
information to begin working
with..
RE: [Declude.JunkMail] Blacklisted again
When you get listed on spamcop they usually send a notice to your abuse contacts with full headers. You should be able to identify the source IP address from those headers and then use that IP to check you mail logs. Once you match up the spam with headers with the log files you should quickly see what the problem is. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Wednesday, September 15, 2004 8:16 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Blacklisted again I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklisted again
I emailed them and asked why they didnt sent anything to abusetheir email is not in there...thanxs anyway.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 16, 2004 9:28 AM Subject: RE: [Declude.JunkMail] Blacklisted again When you get listed on spamcop they usually send a notice to your abuse contacts with full headers. You should be able to identify the source IP address from those headers and then use that IP to check you mail logs. Once you match up the spam with headers with the log files you should quickly see what the problem is. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Wednesday, September 15, 2004 8:16 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Blacklisted again I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklisted again
Why can't you make everyone authenticate? Mike At 09:15 PM 9/15/2004, you wrote: I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet
Re: [Declude.JunkMail] Blacklisted again
Authentication aside perhaps you could turn off the queue manager for a few minutes, copy the spool directory, turn queue manager back on, and analyze thefiles in the spool to see what your users are sending out. Darin. - Original Message - From: Richard Farris To: [EMAIL PROTECTED] Sent: Wednesday, September 15, 2004 10:15 PM Subject: [Declude.JunkMail] Blacklisted again I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet"
Re: [Declude.JunkMail] Blacklisted again
Richard, You have asked this question several times before and if you review the answers, you have received just about every possible explanation as an answer. I would recommend STRONGLY that you research your IMail logs, and don't stop looking until you can nail down exactly where this is coming from and what Mail From information is being passed. Scott has given you information from a spam sample that should be easy enough to track back to a log file so as to expose this information. To do anything else would be to just simply guess, and apparently the past several guesses have been wrong so I recommend that you stop guessing, at least until it becomes more of an educated guess. Note that the actual IP source of the E-mail is not important because the spam hijackers have armies of zombies that they can use to bounce spam off of your server. The real problem is identifying how they are sending the E-mail, and the Mail From that they are sending under, which is exposed in your IMail logs, is the most obvious first place to start. When you find an example of the spam being sent, you might try posting all of the log entries for that E-mail to the list and asking for the best solution to fixing the problem or where to go from there. Matt Richard Farris wrote: I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
