Can you send me a sample config file so i can get an idea of how to set it
up. i'm running the default setup and not sure how good it is :)
thanks
sheldon
- Original Message -
From: Todd - Smart Mail [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 6:05 PM
We are working to publish some install informations on www.spamchk.com
In the meantime I will send you a mini-howto offlist.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Webmaster Oilfield Directory
Sent: Thursday, September 04, 2003
I am using the test for open relay at http://www.abuse.net/cgi-bin/relaytest
on a machine running imail with declude and it is reporting the machine as openrelay.
However the same test will report as no relay on a machine running imail
without declude. Has any one run into this situation?
Title: Message
we use
, in our global.cfg file,
XINHEADERWeight: %WEIGHT%
so you
could out in yours:
XINHEADERX-DECLDUE-WEIGHT:%WEIGHT%
Sincerely,Randy ArmbrechtGlobal Web Solutions,
Inc.804-346-5300 ext. 1877-800-GLOBAL (4562) ext. 1http://globalweb.net
-Original
Hi all,
Some days ago I've configured declude junkmail to write a special X-Note
in the header of every incoming mail:
X-Note: Sent to %ALLRECIPS%
Now I've written a vb-script, that searches in the junkmail hold folder
for D.*SMD files, and extracts the recipient-addresses from this
Is there any way to place the total weight in the SMTP header?
Something like:
X-DECLUDE-WEIGHT: yyy
Yes. You can add a line:
XINHEADER X-Declude-Weight: %WEIGHT%
to the \IMail\Declude\global.cfg file.
-Scott
---
Declude JunkMail: The
I am using the test for open relay at
http://www.abuse.net/cgi-bin/relaytesthttp://www.abuse.net/cgi-bin/relaytest
on a machine running imail with declude and it is reporting the machine as
openrelay. However the same test will report as no relay on a machine
running imail without declude.
Mishi,
I am running 8.02 and 7.15HF2 with Relay for Addresses and Declude JM Pro
1.75i and I just ran the test and produced perfect results on both machines. It only
reported 'Unknown User' and 'Not a local gateway', which is great. What relay setting
are you running and version of
Title: Message
Duuuh.. Why didn't I think of that.
FWIW,
if you just put Weight: %WEIGHT% in the header then you might be breaking
RFC's.
There
should be an X- before your "Weight"linewhich will denote a comment
line.
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL
Title: Message
I
just have "Relay for Addresses"
I
include my local Internal DMZ's subnet so I can relay off of various ASP
scripts, etc.
All
of my users must authenticate in order to relay.
-Original Message-From: Keith Johnson
[mailto:[EMAIL PROTECTED] On Behalf Of Keith
Title: Message
Mark,
If you can, can you post a portion of the
relaytest results or describe which test failed (remove your IP if
necessary).
Keith
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Mark SmithSent: Thursday, September 04,
Title: Message
How
does one deal with scrambles source in the e-mail.
For
example I find the following address: www.%3982%30%37.biz
I like
to us the address in my filter file but am not sure if the scrambled form will
work as I assume there must be a translation going on when this code
Sam Spade is your friend.
09/04/03 09:42:35 dns http://www.%3982%30%37.biz
URL http://www.%3982%30%37.biz is http://www.98207.biz
Canonical name: www.98207.biz
Addresses:
219.93.225.157
http://www.samspade.org/ssw/
Fritz
Frederick P. Squib, Jr.
Network Operations
Citizens Telephone Company
Title: Message
Hi;
In our filter
files we have made a rule of taking the first five codes and it works
fine.
some examples from
our filter file.
BODY 20
CONTAINS %32%31%31%2E%32BODY
30 CONTAINS
%41%6f%4c.comBODY 20
CONTAINS
%45%78t%52%61%48BODY 20
CONTAINS
%69%6C%56e%52it%61BODY 20
Title: Message
Harry,
A
filter line of:
BODY
CONTAINS 0 %3982%30%37.biz
will
handle it just fine. I usually leave the www out of the filter to make it
a shorter comparison.
George
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Harry
Title: Message
I need some suggestions on how to block
the Sobig virus from even being processed by Declude. The amount
of processes are so high it is causing extreme latency and causing SMTP
to not respond as well as time out. ANY help is highly appreciated.
Regards,
James R.
I need some suggestions on how to block the Sobig virus from even being
processed by Declude. The amount of processes are so high it is causing
extreme latency and causing SMTP to not respond as well as time out. ANY
help is highly appreciated.
The best way is to go through the viruses that
You would need to block it before Imail receives it.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James R. Skivers
Sent: Thursday, September 04, 2003 8:19 AM
To:
Title: Message
For one thing this is a great way to filter spam. There is no good reason
to encode part of a url, or for that matter to encode "normal" characters. So,
anything with %30%37.biz is _ALMOST_ certain to be spam. We have been testing a
number of rules like this already with great
We've got a customer using some sort of challenge response software that's
causing massive amounts of stored mail on his hard drive. Originally the
mail was being help in our queue and I told him he'd have to get rid of the
software or store the mail on his computer. Now that he's switched to
Title: Message
The one thing I've been doing since the "invasion"
began was use our secondary mail server to block the IP's of infected
machines. Most of the infected messages seem to come through this machine
first. We're running Sendmail (with webmin interface; a lot easier to
admin a
Yeah I was thinking about using our Cisco and throwing in an access list
to deny SMTP from the source IP, only problem with that is we're a large
ISP and would be blocking mainly our own users who have received the
virus via hotmail or yahoo accounts. (Tier 1 call volume go *boom*) ^_^
James R.
Title: Message
Thanks, that sounds doable. We have almost
the exact same setup, Ill give that a try and
throw that on our BMX box.
James R. Skivers
Network Administrator
Web One Inc.
[EMAIL PROTECTED]
http://astra1.com
-Original Message-
From:
[EMAIL PROTECTED]
Simply because my goal is to block it before Declude or my server has a
chance to process it.
James R. Skivers
Network Administrator
Web One Inc.
[EMAIL PROTECTED]
http://astra1.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Star
Sent: Thursday,
So, just a general question, does it appear to anyone else that the
challenge/response software at the consumer level, contributes to the
level
of spam anyone is receiving?
It is not really SPAM. (Well, sort of.)
It is the software trying to send a message to the from address for
validation.
The best way is to go through the viruses that are received, sort them by
IP, and use IMail's SMTP Control Access file to block the worst offenders.
Why not use the Declude BLACKLIST feature?
Because the IMail SMTP Control Access file will prevent the connection from
even occurring, which will
Simply state you are blocked because your computer is infected with a virus.
Once your computer is cleaned, we will unblock.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
We've got a customer using some sort of challenge response software that's
causing massive amounts of stored mail on his hard drive.
C/R software is a nasty thing. Fortunately, someone claims to have a
patent on it, and is going after companies using it.
FWIW, one of the main companies using
At 09:12 AM 9/4/2003, John Tolmachoff \(Lists\) wrote:
So, just a general question, does it appear to anyone else that the
challenge/response software at the consumer level, contributes to the
level
of spam anyone is receiving?
It is not really SPAM. (Well, sort of.)
Actually, a lot of it is
Since Osirusoft has gone away I am looking at replacing it with other
Blacklists. Here are some I am considering -
BLARS
Reynolds
SORBS
Anyone else using these and what is your opinion on these?
Also since each of these have multiple lists, which do you use?
Thanks for the help.
Chuck Schick
coool! thanks a lot
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, September 04, 2003 1:38 AM
Subject: RE: [Declude.JunkMail]Review of Spamchk - was More and more email
getting past Declude
We are working to publish some
If I am using Declude as a gateway and block the offending IP, will I not also have to
block the IP in the real mail server as well?
Doug
Because the IMail SMTP Control Access file will prevent the connection from even
occurring, which will save on bandwidth (about 100K per virus blocked). It
Markus:
I would be interested in your mini-howto list. Send it to [EMAIL PROTECTED]
Chuck Schick
Warp 8, Inc.
303-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler
Sent: Thursday, September 04, 2003 2:38 AM
To:
SORBS and FIVETEN seem to be the most popular replacements. FIVETEN is
overzealous though, so score low.
Matt
Chuck Schick wrote:
Since Osirusoft has gone away I am looking at replacing it with other
Blacklists. Here are some I am considering -
BLARS
Reynolds
SORBS
Anyone else using these
JunkMail gurus,
I'm considering implementing an adult content filter, and considering the
high number of false positives based on simple filtering of words like a s
s, the f-bomb, etc I'm a little stymied as what to do - if anything.
What are other's experiences out there with adult content
If I am using Declude as a gateway and block the offending IP, will I not also have to block the IP in the real mail server as well?
Doug
IMail actually hands off the mail to Declude after running it's
filters. The recommendation apparently will reject the messages based
on IP during the
Hi James ,
I am running also a large ISP mail servers , here is what i posted 2 month
ago.
I am using SMTP AUTH for all servers.Virus and Harvesters dont use SMTP AUTH
so i prevent DOS attack to my mail servers from infected computers using
this method.
If you are using a firewall this can help.
I've found a lot of foreign mail servers associated with spam and
missing many of the lists, so I'm looking to create a filter for it.
Since there are about 250 country codes that I would want to score on,
it seems more prudent to do the test the other way around and only add
points if an
I agree with Scott but I took it a step further. I setup a SOBIG filter and
forwarded the so big email to a special account. I then looked at the
connecting ip and added that to my trap. I then tracked down the owner of
the ip and notified a host on their network had the virus. What will not be
Thanks for your reply. I was surprised to learn of your success rate with
admins. Though I'd never made any attempts to notify admins, I would have
expected a lower response rate figuring that most admins that have problems
today, are ignorant of how to fix them. Do you find yourself having to
Help Wanted. Seeking an experienced individual knowledgeable with IMail
=
and Declude JunkMail, who would like some extra money consulting with my
=
firm on the side. We are looking to fine tune/tweak Declude JunkMail to
=
further reduce SPAM on our corporate email server.
Jeremy Marquardt
Has anyone found that AOL, Hotmail,
and Yahoo.com addresses have been failing on the following tests: helobogus,
nopostmaster, noabuse, revdns
These e-mails usually fail these four
tests, and thus trigger my Weight10 rule. I performed a reverse DNS
lookup on several of the IP addresses and found
I kind of have mixed feelings about a post like this.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Jeremy Marquardt
Sent: Thursday,
It's just you :)
The From address is often forged. The address that matters the most is
the server from which the E-mail came, which is listed in the top of
the headers, i.e.
Received: from declude.com [24.107.232.14] by igaia.com with ESMTP
(SMTPD32-7.13) id A78F250118; Thu, 04 Sep 2003
It was commented out of the global.cfg. Another question:
If I have:
CATCHALLMAILS SUBJECT [Weight=%WEIGHT%]
WEIGHT10SUBJECT (SUSPECTED SPAM)
In the something.junkmail file will both be appended or will CATCHALLMAILS
only show up?
-Original Message-
From:
Which of the SORBS tests are you using?
There seems to be about 10 of them.
Chuck Schick
Warp 8, Inc.
303-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
Matthew Bramble
Sent: Thursday, September 04, 2003 11:35 AM
To: [EMAIL
If I have:
CATCHALLMAILS SUBJECT [Weight=%WEIGHT%]
WEIGHT10SUBJECT (SUSPECTED SPAM)
In the something.junkmail file will both be appended or will CATCHALLMAILS
only show up?
Only one will be appended (I believe it is the last one listed in the
global.cfg file that will
The
from address has probable been forged. You may want to look at the SPAMDOMAINS
test which is designed to catch emails of large ISP not sent from their mail
servers.
Kevin
Bilbee
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Paul
Hi --
We're having an issue with the ATTACH method and are wondering if anyone else
has solved it. Attach wants to create an .eml, which can be opened by Outlook Express
but not Outlook. For users who use Outlook, we have changed the spamattach.eml file
to create a .htm instead of a
It is known that AOL, Hotmail and Yahoo will often fail NOABUSE,
NOPOSTMASTER and REVDNS, as they are not setup nor do they care.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
I haven't yet configured them because I have been testing other
configurations, but when I do, I will add all of them except for
SORBS-BLOCK (because it's not a test for spam IMO).
SORBS-SPAM had a report earlier this week of blocking at least one large
ISP (Cox), so don't rely on it too
More on SORBS-SPAM...
Turns out that they charge a fine if you want to be removed from their
list. They aren't trying to get rich from the practice, but it doesn't
work as intended because fines of this sort don't act as a deterrent for
configuring your machine improperly and allowing it to
52 matches
Mail list logo
