RE: [Declude.JunkMail] More and more email getting past Declude
Title: RE: [Declude.JunkMail] More and more email getting past Declude Theyve cleaned up their acts. I am seeing a lot of stuff come straight through with a single hit. It ALMOST seems like if mail fails a few tests, its legit ! Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greg Foulks Sent: Tuesday, September 02, 2003 9:21 AM To: Declude JunkMail (E-mail) Subject: [Declude.JunkMail] More and more email getting past Declude Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. Greg Foulks NewFound Technologies, Inc. [EMAIL PROTECTED] http://www.nfti.com 614.318.5036
Re: [Declude.JunkMail] More and more email getting past Declude
Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. The two most common reasons for this are [1] A setup issue (a gateway/backup that Declude doesn't know about, bad DNS server, etc.), or [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). If you can post the full headers (including Received: headers; no need for the message body), I can probably provide some pointers for how to improve spam detection. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
They're not getting past everything - we show a rejection rate of greater than 75% almost consistently... not to say that the problem isn't getting worse though. http://www.sortmonster.com/MessageSniffer/Performance/FlowRates.jsp We have seen a significant and apparently consistent rise in the rate of new spam since about a week ago - conciding with the closure of Osirusoft... probably largely a matter of more reports rather than simply more spam - but significant none the less. http://www.sortmonster.com/MessageSniffer/Performance/ChangeRates.jsp _M -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 9:21 AM To: Declude JunkMail (E-mail) Subject: [Declude.JunkMail] More and more email getting past Declude Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. Greg Foulks NewFound Technologies, Inc. [EMAIL PROTECTED] http://www.nfti.com 614.318.5036 attachment: winmail.dat
RE: [Declude.JunkMail] More and more email getting past Declude
Scott, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. Also I am not the only one receiving more spam.. All of my users are as well... Anyway here is a piece of spam recently received (I've already blacklisted the sender) but it seems as soon as I blacklist a sender a new one is created. Received: from p.advertisingbymail.com [64.119.218.212] by mail.nfti.com (SMTPD32-6.06) id A91816D01A4; Tue, 02 Sep 2003 08:12:08 -0400 To: [EMAIL PROTECTED] Date: Tue, 2 Sep 2003 04:20:23 -0800 Message-ID: [EMAIL PROTECTED] From: Weight Solution [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Lose 10lbs in 1 Week X-MimeOLE: Prodigy Compatibility V 4.5c810f26 or later Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Declude-Sender: [EMAIL PROTECTED] [64.119.218.212] X-Declude-Spoolname: D89181a4.SMD X-Note: This E-mail was scanned by NFTISERV's Declude JunkMail for spam. X-Spam-Tests-Failed: None X-Weight: 0 X-Note: This E-mail was sent from p.advertisingbymail.com ([64.119.218.212]). X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 359866453 Status: U Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] More and more email getting past Declude Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. The two most common reasons for this are [1] A setup issue (a gateway/backup that Declude doesn't know about, bad DNS server, etc.), or [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). If you can post the full headers (including Received: headers; no need for the message body), I can probably provide some pointers for how to improve spam detection. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
The following ipblacklist entry with a high enough weight to reject will kill their stuff: 64.119.218.192/27 advertisingbymail.com George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Foulks Sent: Tuesday, September 02, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More and more email getting past Declude Scott, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. Also I am not the only one receiving more spam.. All of my users are as well... Anyway here is a piece of spam recently received (I've already blacklisted the sender) but it seems as soon as I blacklist a sender a new one is created. Received: from p.advertisingbymail.com [64.119.218.212] by mail.nfti.com (SMTPD32-6.06) id A91816D01A4; Tue, 02 Sep 2003 08:12:08 -0400 To: [EMAIL PROTECTED] Date: Tue, 2 Sep 2003 04:20:23 -0800 Message-ID: [EMAIL PROTECTED] From: Weight Solution [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Lose 10lbs in 1 Week X-MimeOLE: Prodigy Compatibility V 4.5c810f26 or later Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Declude-Sender: [EMAIL PROTECTED] [64.119.218.212] X-Declude-Spoolname: D89181a4.SMD X-Note: This E-mail was scanned by NFTISERV's Declude JunkMail for spam. X-Spam-Tests-Failed: None X-Weight: 0 X-Note: This E-mail was sent from p.advertisingbymail.com ([64.119.218.212]). X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 359866453 Status: U Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] More and more email getting past Declude Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. The two most common reasons for this are [1] A setup issue (a gateway/backup that Declude doesn't know about, bad DNS server, etc.), or [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). If you can post the full headers (including Received: headers; no need for the message body), I can probably provide some pointers for how to improve spam detection. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- -- -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
Greg, After checking my ipblacklist, I have the entire Class C blocked due to multiple spammers. The entry is: 64.119.218.0/24 Assorted SPAM George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Foulks Sent: Tuesday, September 02, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More and more email getting past Declude Scott, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. Also I am not the only one receiving more spam.. All of my users are as well... Anyway here is a piece of spam recently received (I've already blacklisted the sender) but it seems as soon as I blacklist a sender a new one is created. Received: from p.advertisingbymail.com [64.119.218.212] by mail.nfti.com (SMTPD32-6.06) id A91816D01A4; Tue, 02 Sep 2003 08:12:08 -0400 To: [EMAIL PROTECTED] Date: Tue, 2 Sep 2003 04:20:23 -0800 Message-ID: [EMAIL PROTECTED] From: Weight Solution [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Lose 10lbs in 1 Week X-MimeOLE: Prodigy Compatibility V 4.5c810f26 or later Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Declude-Sender: [EMAIL PROTECTED] [64.119.218.212] X-Declude-Spoolname: D89181a4.SMD X-Note: This E-mail was scanned by NFTISERV's Declude JunkMail for spam. X-Spam-Tests-Failed: None X-Weight: 0 X-Note: This E-mail was sent from p.advertisingbymail.com ([64.119.218.212]). X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 359866453 Status: U Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] More and more email getting past Declude Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. The two most common reasons for this are [1] A setup issue (a gateway/backup that Declude doesn't know about, bad DNS server, etc.), or [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). If you can post the full headers (including Received: headers; no need for the message body), I can probably provide some pointers for how to improve spam detection. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- -- -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
I doubt it's a setup issue because I'm using the same setup that I've used for a year now. Also I am not the only one receiving more spam.. All of my users are as well... So in the past year, you haven't added/removed any gateways or backup mailservers, haven't changed IPs for DNS servers, haven't had a DNS server changed to be authoritative only, etc.? Note that a configuration change that causes problems will usually be noticeable by all users of the server. Received: from p.advertisingbymail.com [64.119.218.212] by mail.nfti.com (SMTPD32-6.06) id A91816D01A4; Tue, 02 Sep 2003 08:12:08 -0400 Given that this is sent from an IP that has a reverse DNS entry that matches the HELO/EHLO, and that it has an obvious domain name (advertisingbymail.com), by first guess is that it is: [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). In this case, you'll need to do some work to block this type of E-mail. In this case, you may want to try a filter that blocks all E-mail with advertisingbymail.com in the reverse DNS entry. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
Scott, Correct I have not added/removed any gateways or backup mailservers, changed any IP's for DNS or changed a DNS responsibility. What I'm seeing in spam lately is that it looks more legit than in the past. Usually a piece of spam will fail at least one of our tests. like a RFC problem, a bad reverse, etc... It just seems like that recently the spam we've been getting is clean. Which makes it hard for declude to block it when it passes all of the rules. Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More and more email getting past Declude I doubt it's a setup issue because I'm using the same setup that I've used for a year now. Also I am not the only one receiving more spam.. All of my users are as well... So in the past year, you haven't added/removed any gateways or backup mailservers, haven't changed IPs for DNS servers, haven't had a DNS server changed to be authoritative only, etc.? Note that a configuration change that causes problems will usually be noticeable by all users of the server. Received: from p.advertisingbymail.com [64.119.218.212] by mail.nfti.com (SMTPD32-6.06) id A91816D01A4; Tue, 02 Sep 2003 08:12:08 -0400 Given that this is sent from an IP that has a reverse DNS entry that matches the HELO/EHLO, and that it has an obvious domain name (advertisingbymail.com), by first guess is that it is: [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). In this case, you'll need to do some work to block this type of E-mail. In this case, you may want to try a filter that blocks all E-mail with advertisingbymail.com in the reverse DNS entry. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
Greg, Did you add any replacements for OSIRUSOFT? Or just comment them out? Karen -Original Message- From: Greg Foulks Correct I have not added/removed any gateways or backup mailservers, changed any IP's for DNS or changed a DNS responsibility. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
Greg, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. This probably goes without saying but you have removed the osirusoft.com tests and replaced them with something appropriate? I have email accounts that I monitor that get Huge amounts of spam. We were seeing some spam that would pass the DNS based tests and for that reason we added SpamCheck. Now Nothing get through. And we have fewer FPs. Todd Hunter Progressive Systems At 10:16 AM 9/2/2003 -0400, you wrote: Scott, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. Also I am not the only one receiving more spam.. All of my users are as well... Anyway here is a piece of spam recently received (I've already blacklisted the sender) but it seems as soon as I blacklist a sender a new one is created. Received: from p.advertisingbymail.com [64.119.218.212] by mail.nfti.com (SMTPD32-6.06) id A91816D01A4; Tue, 02 Sep 2003 08:12:08 -0400 To: [EMAIL PROTECTED] Date: Tue, 2 Sep 2003 04:20:23 -0800 Message-ID: [EMAIL PROTECTED] From: Weight Solution [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Lose 10lbs in 1 Week X-MimeOLE: Prodigy Compatibility V 4.5c810f26 or later Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Declude-Sender: [EMAIL PROTECTED] [64.119.218.212] X-Declude-Spoolname: D89181a4.SMD X-Note: This E-mail was scanned by NFTISERV's Declude JunkMail for spam. X-Spam-Tests-Failed: None X-Weight: 0 X-Note: This E-mail was sent from p.advertisingbymail.com ([64.119.218.212]). X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 359866453 Status: U Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] More and more email getting past Declude Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. The two most common reasons for this are [1] A setup issue (a gateway/backup that Declude doesn't know about, bad DNS server, etc.), or [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). If you can post the full headers (including Received: headers; no need for the message body), I can probably provide some pointers for how to improve spam detection. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
I have not replaced any of the asirusfot.com tests but have added a few others. Here is my current configuration DSBLip4r list.dsbl.org * 30 0 MONKEYFORMMAIL ip4rformmail.relays.monkeys.com * 30 0 MONKEYPROXIES ip4rproxies.relays.monkeys.com * 30 0 NJABL ip4r dnsbl.njabl.org 127.0.0.2 10 0 VOX ip4r vox.schpider.com 127.0.0.2 30 0 BLITZEDALL ip4r opm.blitzed.org * 20 0 EASYNET-DNSBL ip4rblackholes.easynet.nl 127.0.0.2 60 0 EASYNET-PROXIES ip4rproxies.blackholes.easynet.nl * 20 0 IPWHOIS ip4ripwhois.rfc-ignorant.org127.0.0.6 5 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 7 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 7 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 7 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 7 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 7 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 7 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 3 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 7 0 SPAMBAG ip4rblacklist.spambag.org 127.0.0.2 10 0 UCEBip4rblackholes.uceb.org * 20 0 ORDBip4r relays.ordb.org * 10 0 OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com127.0.0.8 9 0 OSLIST ip4rrelays.osirusoft.com127.0.0.7 9 0 OSRELAY ip4rrelays.osirusoft.com127.0.0.2 9 0 OSSMART ip4rrelays.osirusoft.com127.0.0.5 9 0 OSSOFT ip4rrelays.osirusoft.com127.0.0.6 9 0 OSSRC ip4rrelays.osirusoft.com127.0.0.4 9 0 SPAMCOP ip4r bl.spamcop.net127.0.0.2 10 0 NJABL ip4r dnsbl.njabl.org127.0.0.2 10 0 FABELSOURCESip4r spamsources.fabel.dk 127.0.0.2 10 0 FIVETEN-SPAMip4r blackholes.five-ten-sg.com 127.0.0.2 10 0 FIVETEN-BULKip4r blackholes.five-ten-sg.com 127.0.0.4 10 0 FIVETEN-MULTISTAGE ip4r blackholes.five-ten-sg.com 127..0.0.5 10 0 FIVETEN-SPAMSUPPORT ip4r blackholes.five-ten-sg.com 127.0.0.7 10 0 FIVETEN-MISCip4r blackholes.five-ten-sg.com 127.0.0.9 10 0 FIVETEN-SINGLESTAGE ip4r blackholes.five-ten-sg.com 127.0.0.6 25 0 FIVETEN-FREEip4r blackholes.five-ten-sg.com 127.0.0.12 10 0 INTERSILip4r blackholes.intersil.net127.0.0.2 10 0 SPAMHAUSip4r sbl.spamhaus.org 127...0.0.2 55 0 CBL ip4r cbl.abuseat.org127.0..0.2 45 0 DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 4 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 NOPOSTMASTERrhsbl postmaster.rfc-ignorant.org 127.0.0.3 4 0 SECURITYSAGErhsbl blackhole.securitysage.com * 20 0 SORBS-BADCONF rhsbldnsbl.sorbs.net127.0.0.11 3 0 SORBS-NOMAILrhsbldnsbl.sorbs.net127.0.0.12 1 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 45 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 55 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Todd Hunter Sent: Tuesday, September 02, 2003 12:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More and more email getting past Declude Greg, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. This probably goes without saying but you have removed the osirusoft.com tests and replaced them with something appropriate? I have email accounts that I monitor that get Huge amounts of spam. We were seeing some spam that would pass the DNS based tests and for that reason we added SpamCheck. Now Nothing get through. And we have fewer FPs. Todd Hunter Progressive Systems At 10:16 AM 9/2/2003 -0400
RE: [Declude.JunkMail] More and more email getting past Declude
It just seems like that recently the spam we've been getting is clean. Which makes it hard for declude to block it when it passes all of the rules. That's because companies that feel that they are legitimate E-mailers (ones that technically *do* have your permission to send the mail!) are the ones that are very likely to have everything in order. Their mail isn't likely to have header problems, DNS problems, anti-filter devices, etc. For this type of spam, the best answer is often a content filtering program (such as Message Sniffer or Alligate) that can work in conjunction with Declude, which is better able to catch this type of spam. But, note that there's a fine line here in determining what is spam and what is not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More and more email getting past Declude
127.0.0.12 1 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 45 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 55 0 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Todd Hunter Sent: Tuesday, September 02, 2003 12:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More and more email getting past Declude Greg, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. This probably goes without saying but you have removed the osirusoft.com tests and replaced them with something appropriate? I have email accounts that I monitor that get Huge amounts of spam. We were seeing some spam that would pass the DNS based tests and for that reason we added SpamCheck. Now Nothing get through. And we have fewer FPs. Todd Hunter Progressive Systems At 10:16 AM 9/2/2003 -0400, you wrote: Scott, I doubt it's a setup issue because I'm using the same setup that I've used for a year now. Also I am not the only one receiving more spam.. All of my users are as well... Anyway here is a piece of spam recently received (I've already blacklisted the sender) but it seems as soon as I blacklist a sender a new one is created. Received: from p.advertisingbymail.com [64.119.218.212] by mail.nfti.com (SMTPD32-6.06) id A91816D01A4; Tue, 02 Sep 2003 08:12:08 -0400 To: [EMAIL PROTECTED] Date: Tue, 2 Sep 2003 04:20:23 -0800 Message-ID: [EMAIL PROTECTED] From: Weight Solution [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Lose 10lbs in 1 Week X-MimeOLE: Prodigy Compatibility V 4.5c810f26 or later Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Declude-Sender: [EMAIL PROTECTED] [64.119.218.212] X-Declude-Spoolname: D89181a4.SMD X-Note: This E-mail was scanned by NFTISERV's Declude JunkMail for spam. X-Spam-Tests-Failed: None X-Weight: 0 X-Note: This E-mail was sent from p.advertisingbymail.com ([64.119.218.212]). X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 359866453 Status: U Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 9:53 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] More and more email getting past Declude Is it just me or have spammers found other ways to get past scanners? I've been getting slammed lately with more and more spam that is getting past declude without a single hit. The two most common reasons for this are [1] A setup issue (a gateway/backup that Declude doesn't know about, bad DNS server, etc.), or [2] quasi-legitimate E-mail (for example, E-mail that you get after giving your E-mail address to a company but forgetting to uncheck the box that says It's OK to give my E-mail address to your affiliates or whatever). If you can post the full headers (including Received: headers; no need for the message body), I can probably provide some pointers for how to improve spam detection. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- - -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- --- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came