I have a problem with two customers where the user whitelist is allowing
other spam through, or at least I think it is. I've put the whitelist
statement at the top of the username.junkmail filter, formatted as
such...
Snip--
#
WHITELISTFILE C:\IMail\Declude\kendra.com\walleye-whitelist.txt
I've put the whitelist statement at the top of the username.junkmail
filter, formatted as
such...
WHITELISTFILE C:\IMail\Declude\kendra.com\walleye-whitelist.txt
That's good.
It's passing everything in the whitelist file without putting it through
Declude, but other Spam is passing too
The file contents are...
.freelotto.com
@freelotto.com
@bounce.freelotto.com
[EMAIL PROTECTED]
The log file shows this when it happens..
01/19/2003 00:02:54 Q5bac124 OSSOFT:5 OSSRC:5 SNIFFER:10 LOCALHEADERS:40
BODYCHECKS:40 . Total weight = 100
01/19/2003 00:02:54 Q5bac124 Msg failed OSSOFT
Title: Message
Hi;
I know this
subject was discussed but I can not find it in the archives.
We are seeing more
and more SPAM that have IP address as return address. I just can't think
of a legitimate email that would do that.
=
X-RBL-Warning: IPNOTINMX:
I sent over the files contents and a log snippet. I was testing with 6
customers, now 5 of them are reporting spam they received that was well
within the weight range that should have been caught. Instead, they are
all ignoring the message weight.
Kendra Customer Support
The log file shows this when it happens..
01/19/2003 00:02:54 Q5bac124 OSSOFT:5 OSSRC:5 SNIFFER:10 LOCALHEADERS:40
BODYCHECKS:40 . Total weight = 100
01/19/2003 00:02:54 Q5bac124 Msg failed OSSOFT
(http://spamhaus.org/SBL/sbl.lasso?query=SBL4908). Action=IGNORE.
01/19/2003 00:02:54 Q5bac124
We are seeing more and more SPAM that have IP address as return
address. I just can't think of a legitimate email that would do that.
Actually, what is happening here:
X-Declude-Sender: [12.4.218.17]
is that the spammer is using a null return address. In this case, the
return address
I'll give it a shot, I had to shut off whitelisting for 5 of the
customers since the spam surge was too much for them to bear. One has
agreed to leave it open for now. Whats odd is that it's not affecting
anyone else.
Thanks...
Kendra Customer Support
http://www.kendra.com/support
[EMAIL
Title: Nachricht
Hi
Kami,
This
are all the X-Declude-Sender lines from over 5000 hold messages on our system
without an "@" inside
X-Declude-Sender: C:\`Bulk [68.15.65.94]X-Declude-Sender:
[216.127.33.23]X-Declude-Sender:
[68.35.200.107]X-Declude-Sender:
It's reading the correct .junkmail file...
01/19/2003 10:34:43 Qefc1142 Using [incoming] CFG file
C:\IMAIL\Declude\kendra.com\walleye.junkmail.
01/19/2003 10:34:43 Qefc1142 Msg failed BADHEADERS (This E-mail was sent
from a broken mail client [804e].). Action=IGNORE.
01/19/2003 10:34:43
Kami,
I believe this can be nailed with:
MAILFROM 0 CONTAINS
But Scott is correct, this should be used only as a weighted test as it will trigger
on every non delivery report and then some.
Markus,
I would like to expand my search to include some of the types you identified. Any
idea
It's reading the correct .junkmail file...
This turns out to be an issue with the WHITELISTFILE option -- there is a
new interim release at http://www.declude.com/release/166i/declude.exe that
takes care of this.
-Scott
---
[This E-mail was scanned for viruses by
Are the gathered in any case from the SMTP-Data or are they created
from declude if there was no value?
IMail requires that *something* be sent as the MAIL FROM: data, but it
could potentially be sent as either or . In either case, Declude
will treat it as .
Hi;
Is it a viable solution to filter the header for:
From:
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry
Sent: Sunday, January 19, 2003 2:09 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Return address IP
Scott,
So you are saying that
From: dtcLISA [212.19.66.109] looks the same as
From: [212.19.66.109]
and both are caught by:
MAILFROM 0 CONTAINS
?
Thanks
Dan
On Sunday, January 19, 2003 11:09, R. Scott Perry [EMAIL PROTECTED] wrote:
Are the gathered in any case from the
I would like to expand my search to include some of the types
you identified. Any idea how to nail these with a content filter?:
X-Declude-Sender: dtcLISA [212.19.66.109]
X-Declude-Sender: FREE [61.194.11.2]
The problem is that there are not very much messages without a valid
sender
Is it a viable solution to filter the header for:
From:
No -- a spammer would probably send an E-mail with a return address (MAIL
FROM) of , but have a header like From: Youwill berich
[EMAIL PROTECTED].
You could filter with something like:
MAILFROM2 CONTAINS
So you are saying that
From: dtcLISA [212.19.66.109] looks the same as
From: [212.19.66.109]
and both are caught by:
MAILFROM 0 CONTAINS
No. The will only be used if the return address is or , it
will not be used under any other conditions.
Note that the dtcLISA one will get
Did the trick, thanks...
Kendra Customer Support
http://www.kendra.com/support
[EMAIL PROTECTED]
425-397-7911
This Email was scanned for viruses
Junk Email filtered ISP
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R.
Scott Perry
Sent: Sunday,
Cool, so all the bases are covered! I also use MAILFROM. :)
Dan
On Sunday, January 19, 2003 11:50, R. Scott Perry [EMAIL PROTECTED] wrote:
So you are saying that
From: dtcLISA [212.19.66.109] looks the same as
From: [212.19.66.109]
and both are caught by:
MAILFROM 0 CONTAINS
Is there a variation of the below Redirect that can be used for a
domain (not user) config or can the below be used with a wildcard,
i.e. REDIRECT *@* c:\IMail\Declude\$default$.JunkMail
instead of
REDIRECT [EMAIL PROTECTED] c:\IMail\Declude\$default$.JunkMail
No -- the REDIRECT command will
The only way I can think of to currently block an e-mail address with an IP
after the @ symbol would be something like:
MAILFROM0 CONTAINS@1
MAILFROM0 CONTAINS@2
However, this would also flag e-mail addresses like:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
01/19/2003 13:34:23 Q19db14e From:
[EMAIL PROTECTED] To: [EMAIL PROTECTED]
It's throwing the Email address into the spambox instead of whitelisting it...
The problem here is a limitation of the per-user whitelisting. Currently,
it will only match exact E-mail addresses ([EMAIL PROTECTED]),
Discussion being continued off-list unless anyone else is interested..
- Original Message -
From: Keith Johnson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, January 19, 2003 2:10 PM
Subject: RE: [Declude.JunkMail] Need Some Advise
When we first got Declude's JunkMail, we spent
I am very interested in this topic. We are an ISP/web host and just recently
implemented Junkmail. It would be great if you could keep this on list.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of J Porter
Sent: Sunday, January 19, 2003 6:08 PM
To:
How about this...
MAILFROM 0 ENDSWITH 0
MAILFROM 0 ENDSWITH 1
MAILFROM 0 ENDSWITH 2
...etc
-Original Message-
From: Bill Landry
Sent: Sun, 19 Jan 2003 13:15:57 -0800
Subject: RE: [Declude.JunkMail] Return address IP
The only way I can think of to currently block an e-mail address
Is there (or will there be) a similar BLACKLISTFILE feature?
Bill
-Original Message-
From: R. Scott Perry
Sent: Fri, 17 Jan 2003 15:24:34 -0500
Subject: RE: [Declude.JunkMail] Declude JunkMail v1.66 (beta) released
Just to ask the obvious but to be sure...
Now the whitelist is a
Good idea, Bill, I hadn't even thought of using ENDSWITH.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bill B.
Sent: Sunday, January 19, 2003 4:15 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Return address IP
How about this...
28 matches
Mail list logo
