Re: [Declude.JunkMail] Black List Questions.

More on SORBS-SPAM... Turns out that they charge a "fine" if you want to be removed from their list. They aren't trying to get rich from the practice, but it doesn't work as intended because fines of this sort don't act as a deterrent for configuring your machine improperly and allowing it to

Re: [Declude.JunkMail] Black List Questions.

I haven't yet configured them because I have been testing other configurations, but when I do, I will add all of them except for SORBS-BLOCK (because it's not a test for spam IMO). SORBS-SPAM had a report earlier this week of blocking at least one large ISP (Cox), so don't rely on it too heavil

RE: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false positives positives

It is known that AOL, Hotmail and Yahoo will often fail NOABUSE, NOPOSTMASTER and REVDNS, as they are not setup nor do they care. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

[Declude.JunkMail] ATTACH Method and file formats

Hi -- We're having an issue with the ATTACH method and are wondering if anyone else has solved it. Attach wants to create an .eml, which can be opened by Outlook Express but not Outlook. For users who use Outlook, we have changed the spamattach.eml file to create a .htm instead of a

RE: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false positives

The from address has probable been forged. You may want to look at the SPAMDOMAINS test which is designed to catch emails of large ISP not sent from their mail servers.     Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Paul H

RE: [Declude.JunkMail] WEIGHT

If I have: CATCHALLMAILS SUBJECT [Weight=%WEIGHT%] WEIGHT10SUBJECT (SUSPECTED SPAM) In the something.junkmail file will both be appended or will CATCHALLMAILS only show up? Only one will be appended (I believe it is the last one listed in the global.cfg file that will b

RE: [Declude.JunkMail] Black List Questions.

Which of the SORBS tests are you using? There seems to be about 10 of them. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Matthew Bramble > Sent: Thursday, September 04, 2003 11:35 AM > To: [EM

RE: [Declude.JunkMail] WEIGHT

It was commented out of the global.cfg. Another question: If I have: CATCHALLMAILS SUBJECT [Weight=%WEIGHT%] WEIGHT10SUBJECT (SUSPECTED SPAM) In the something.junkmail file will both be appended or will CATCHALLMAILS only show up? -Original Message- From: [

Re: [Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false positives

It's just you :) The From address is often forged.  The address that matters the most is the server from which the E-mail came, which is listed in the top of the headers, i.e. Received: from declude.com [24.107.232.14] by igaia.com with ESMTP (SMTPD32-7.13) id A78F250118; Thu, 04 Sep 2003 15

RE: [Declude.JunkMail] consultant/help wanted

I kind of have mixed feelings about a post like this. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Jeremy Marquardt > Sent: Thursday, Septe

[Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false positives

Has anyone found that AOL, Hotmail, and Yahoo.com addresses have been failing on the following tests:  helobogus, nopostmaster, noabuse, revdns These e-mails usually fail these four tests, and thus trigger my Weight10 rule.  I performed a reverse DNS lookup on several of the IP addresses and foun

[Declude.JunkMail] consultant/help wanted

Help Wanted.  Seeking an experienced individual knowledgeable with IMail = and Declude JunkMail, who would like some extra money consulting with my = firm on the side.  We are looking to fine tune/tweak Declude JunkMail to = further reduce SPAM on our corporate email server. Jeremy Marquardt [EMAI

RE: [Declude.JunkMail] REVDNS and HELOBOGUS

Thanks for your reply. I was surprised to learn of your success rate with admins. Though I'd never made any attempts to notify admins, I would have expected a lower response rate figuring that most admins that have problems today, are ignorant of how to fix them. Do you find yourself having to t

RE: [Declude.JunkMail] Using Declude to block Sobig Virus

I agree with Scott but I took it a step further. I setup a SOBIG filter and forwarded the so big email to a special account. I then looked at the connecting ip and added that to my trap. I then tracked down the owner of the ip and notified a host on their network had the virus. What will not be blo

[Declude.JunkMail] Creating a country filter

I've found a lot of foreign mail servers associated with spam and missing many of the lists, so I'm looking to create a filter for it.  Since there are about 250 country codes that I would want to score on, it seems more prudent to do the test the other way around and only add points if an E-ma

[Declude.JunkMail] Using Declude to block Sobig Virus

Hi James , I am running also a large ISP mail servers , here is what i posted 2 month ago. I am using SMTP AUTH for all servers.Virus and Harvesters dont use SMTP AUTH so i prevent DOS attack to my mail servers from infected computers using this method. If you are using a firewall this can help.

[Declude.JunkMail] Adult content filters

JunkMail gurus, I'm considering implementing an adult content filter, and considering the high number of false positives based on simple filtering of words like "a s s", the f-bomb, etc I'm a little stymied as what to do - if anything. What are other's experiences out there with adult content fil

Re: [Declude.JunkMail] Using Declude to block Sobig Virus

If I am using Declude as a gateway and block the offending IP, will I not also have to block the IP in the "real" mail server as well? Doug IMail actually hands off the mail to Declude after running it's filters. The recommendation apparently will reject the messages based on IP during the

Re: [Declude.JunkMail] Black List Questions.

SORBS and FIVETEN seem to be the most popular replacements. FIVETEN is overzealous though, so score low. Matt Chuck Schick wrote: Since Osirusoft has gone away I am looking at replacing it with other Blacklists. Here are some I am considering - BLARS Reynolds SORBS Anyone else using these and

RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude

Markus: I would be interested in your mini-howto list. Send it to [EMAIL PROTECTED] Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler > Sent: Thursday, September 04, 2003 2:38 AM > To:

Re: Re: [Declude.JunkMail] Using Declude to block Sobig Virus

If I am using Declude as a gateway and block the offending IP, will I not also have to block the IP in the "real" mail server as well? Doug >Because the IMail SMTP Control Access file will prevent the connection from >even >occurring, which will save on bandwidth (about 100K per virus blocked).

Re: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude

coool! thanks a lot - Original Message - From: "Markus Gufler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 04, 2003 1:38 AM Subject: RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude > We are working to publish

[Declude.JunkMail] Black List Questions.

Since Osirusoft has gone away I am looking at replacing it with other Blacklists. Here are some I am considering - BLARS Reynolds SORBS Anyone else using these and what is your opinion on these? Also since each of these have multiple lists, which do you use? Thanks for the help. Chuck Schick

RE: [Declude.JunkMail] Challenge - Response software

At 09:12 AM 9/4/2003, John Tolmachoff \(Lists\) wrote: > So, just a general question, does it appear to anyone else that the > challenge/response software at the consumer level, contributes to the level > of spam anyone is receiving? It is not really SPAM. (Well, sort of.) Actually, a lot of it is

Re: [Declude.JunkMail] Challenge - Response software

We've got a customer using some sort of challenge response software that's causing massive amounts of stored mail on his hard drive. C/R software is a nasty thing. Fortunately, someone claims to have a patent on it, and is going after companies using it. FWIW, one of the main companies using C

RE: [Declude.JunkMail] Using Declude to block Sobig Virus

Simply state you are blocked because your computer is infected with a virus. Once your computer is cleaned, we will unblock. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- >

Re: [Declude.JunkMail] Using Declude to block Sobig Virus

> The best way is to go through the viruses that are received, sort them by > IP, and use IMail's SMTP Control Access file to block the worst offenders. Why not use the Declude BLACKLIST feature? Because the IMail SMTP Control Access file will prevent the connection from even occurring, which wil

RE: [Declude.JunkMail] Challenge - Response software

> So, just a general question, does it appear to anyone else that the > challenge/response software at the consumer level, contributes to the level > of spam anyone is receiving? It is not really SPAM. (Well, sort of.) It is the software trying to send a message to the from address for validation

RE: [Declude.JunkMail] Using Declude to block Sobig Virus

Simply because my goal is to block it before Declude or my server has a chance to process it. James R. Skivers Network Administrator Web One Inc. [EMAIL PROTECTED] http://astra1.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Star Sent: Thursday,

RE: [Declude.JunkMail] Using Declude to block Sobig Virus

Title: Message Thanks, that sounds doable. We have almost the exact same setup, I’ll give that a try and throw that on our BMX box.   James R. Skivers Network Administrator Web One Inc. [EMAIL PROTECTED] http://astra1.com -Original Message- From: [EMAIL PROTECTED] [mailt

RE: [Declude.JunkMail] Using Declude to block Sobig Virus

Yeah I was thinking about using our Cisco and throwing in an access list to deny SMTP from the source IP, only problem with that is we're a large ISP and would be blocking mainly our own users who have received the virus via hotmail or yahoo accounts. (Tier 1 call volume go *boom*) ^_^ James R. Sk

Re: [Declude.JunkMail] Using Declude to block Sobig Virus

> >I need some suggestions on how to block the Sobig virus from even being > >processed by Declude. The amount of processes are so high it is causing > >extreme latency and causing SMTP to not respond as well as time out. ANY > >help is highly appreciated. > > The best way is to go through the viru

RE: [Declude.JunkMail] Using Declude to block Sobig Virus

Title: Message     The one thing I've been doing since the "invasion" began was use our secondary mail server to block the IP's of infected machines.  Most of the infected messages seem to come through this machine first.  We're running Sendmail (with webmin interface; a lot easier to admin

[Declude.JunkMail] Challenge - Response software

We've got a customer using some sort of challenge response software that's causing massive amounts of stored mail on his hard drive. Originally the mail was being help in our queue and I told him he'd have to get rid of the software or store the mail on his computer. Now that he's switched to

RE: [Declude.JunkMail] scrambled url in source of e-mail

Title: Message For one thing this is a great way to filter spam. There is no good reason to encode part of a url, or for that matter to encode "normal" characters. So, anything with %30%37.biz is _ALMOST_ certain to be spam. We have been testing a number of rules like this already with great

RE: [Declude.JunkMail] Using Declude to block Sobig Virus

You would need to block it before Imail receives it. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James R. Skivers Sent: Thursday, September 04, 2003 8:19 AM To: [E

Re: [Declude.JunkMail] Using Declude to block Sobig Virus

I need some suggestions on how to block the Sobig virus from even being processed by Declude. The amount of processes are so high it is causing extreme latency and causing SMTP to not respond as well as time out. ANY help is highly appreciated. The best way is to go through the viruses that are

[Declude.JunkMail] Using Declude to block Sobig Virus

Title: Message I need some suggestions on how to block the Sobig virus from even being processed by Declude. The amount of processes are so high it is causing extreme latency and causing SMTP to not respond as well as time out. ANY help is highly appreciated.   Regards,   James R. Sk

RE: [Declude.JunkMail] scrambled url in source of e-mail

Title: Message Harry,   A filter line of:   BODY CONTAINS 0 %3982%30%37.biz   will handle it just fine.  I usually leave the www out of the filter to make it a shorter comparison.   George -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ha

RE: [Declude.JunkMail] scrambled url in source of e-mail

Title: Message Hi; In our filter files we have made a rule of taking the first five codes and it works fine.   some examples from our filter file.   BODY 20 CONTAINS %32%31%31%2E%32BODY 30 CONTAINS %41%6f%4c.comBODY 20 CONTAINS %45%78t%52%61%48BODY

RE: [Declude.JunkMail] scrambled url in source of e-mail

Sam Spade is your friend. 09/04/03 09:42:35 dns http://www.%3982%30%37.biz URL http://www.%3982%30%37.biz is http://www.98207.biz Canonical name: www.98207.biz Addresses: 219.93.225.157 http://www.samspade.org/ssw/ Fritz Frederick P. Squib, Jr. Network Operations Citizens Telephone Company of

[Declude.JunkMail] scrambled url in source of e-mail

Title: Message How does one deal with scrambles source in the e-mail.   For example I find the following address: www.%3982%30%37.biz   I like to us the address in my filter file but am not sure if the scrambled form will work as I assume there must be a translation going on when this code g

RE: [Declude.JunkMail] Declude failing openrelay test

Title: Message Mark, If you can, can you post a portion of the relay test results or describe which test failed (remove your IP if necessary).    Keith -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark SmithSent: Thursday, September

RE: [Declude.JunkMail] Declude failing openrelay test

Title: Message I just have "Relay for Addresses" I include my local Internal DMZ's subnet so I can relay off of various ASP scripts, etc. All of my users must authenticate in order to relay.   -Original Message-From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith

RE: [Declude.JunkMail] Placing Weight in Header

Title: Message Duuuh.. Why didn't I think of that. FWIW, if you just put Weight: %WEIGHT% in the header then you might be breaking RFC's. There should be an X- before your "Weight" line which will denote a comment line. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAI

RE: [Declude.JunkMail] Declude failing openrelay test

Mishi, I am running 8.02 and 7.15HF2 with "Relay for Addresses" and Declude JM Pro 1.75i and I just ran the test and produced perfect results on both machines. It only reported 'Unknown User' and 'Not a local gateway', which is great. What relay setting are you running and version of

Re: [Declude.JunkMail] Declude failing openrelay test

I am using the test for open relay at http://www.abuse.net/cgi-bin/relaytest on a machine running imail with declude and it is reporting the machine as openrelay. However the same test will report as no relay on a machine running imail without declude. H

Re: [Declude.JunkMail] Placing Weight in Header

Is there any way to place the total weight in the SMTP header? Something like: X-DECLUDE-WEIGHT: yyy Yes. You can add a line: XINHEADER X-Declude-Weight: %WEIGHT% to the \IMail\Declude\global.cfg file. -Scott --- Declude JunkMail: The ad

[Declude.JunkMail] division of incoming spam per mailbox

Hi all, Some days ago I've configured declude junkmail to write a special X-Note in the header of every incoming mail: X-Note: Sent to %ALLRECIPS% Now I've written a vb-script, that searches in the junkmail hold folder for D.*SMD files, and extracts the recipient-addresses from this head

RE: [Declude.JunkMail] Placing Weight in Header

Title: Message we use , in our global.cfg file,   XINHEADER Weight: %WEIGHT%   so you could out in yours:   XINHEADER X-DECLDUE-WEIGHT: %WEIGHT%   Sincerely,Randy ArmbrechtGlobal Web Solutions®, Inc.804-346-5300 ext. 1877-800-GLOBAL (4562) ext. 1http://globalweb.net       -Origina

[Declude.JunkMail] Placing Weight in Header

Title: Message Is there any way to place the total weight in the SMTP header? Something like:   X-DECLUDE-WEIGHT: yyy

Re: [Declude.JunkMail] Declude failing openrelay test

I am using the test for open relay at http://www.abuse.net/cgi-bin/relaytest on a machine running imail with declude and it is reporting the machine as openrelay. However the same test will report as no relay on a machine running imail without declude. Has any one run into this situation? I

RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude

We are working to publish some install informations on www.spamchk.com In the meantime I will send you a mini-howto offlist. Markus > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Webmaster Oilfield Directory > Sent: Thursday, September 04, 2