Dave Doherty wrote:
Matt, I went through a lot of the same arguments with my StarPower
customers. Once they understand that security and spam control requires that
they use StarPower's SMTP service, they are very cooperative and happy to
make the adjustments. We are fanatical about customer servic
David and Matt-
Congratulations, David, on finding and implementing the best way to deal
this issue. I own a hosting company in the DC area, and StarPower here is
doing the same thing that you are. Now if only we could get Verizon,
Comcast, RR and the others to follow suit, things could be a lot b
While I generally agree with port 25 blocking as an interim mechanism to
stem the tide of spam, especially from dynamic IPs, more and more is coming
from trojan viruses that get installed on poorly protected PCs. All we need
right now is to add an economic incentive to the worm/virus threat, which
$5.00 per month for anti-spam per domain name
$5.00 per month for anti-virus per domain name
up to 50 email accounts
Sincerely,
William J. Baumbach II [EMAIL PROTECTED]
9975 Pennsylvania Ave. Manassas, Va. 20110-2028
Ph: 703-367-7900 ext:1708 Fax: 703-691-0946
---
Dynamic IP's is exactly where it should be done, that's where most of the
spam comes from. As far as serving your customers goes it's easy enough to
open a hole for a customer with a legitimate reason to use a remote mail
server. Any action is going to be a pain for someone, that's the reason spam
Just a little follow-up. The problem is that Topica, the bulk-mail
sender, operates thousands of smaller lists and apparently has a problem
with their members sending out spam. I've seen several of these
companies, including Microsoft's own service, have these issues.
I don't think it is wise
Does it always return the text '(Private IP)' for internal addresses?
Yes, it does.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerab
What to do? This looks very suspicious and it causes me grave concern
about the quality of Bonded Sender. Check out the following headers:
X-MailPure: BONDEDSENDER: Listed in query.bondedsender.org
X-MailPure: FIVETEN-SPAM: Listed in blackholes.five-ten-sg.com
Are you scanning multiple IPs? I
Has anyone considered the trouble this causes to remote mail hosts?
First this has caused many calls from my fairly small customer base
whenever someone starts all of a sudden blocking port 25. Secondly, it
limits my capabilities as I can no longer handle their outgoing E-mail.
Third, this c
What to do? This looks very suspicious and it causes me grave concern
about the quality of Bonded Sender. Check out the following headers:
X-MailPure:
X-MailPure: BONDEDSENDER: Listed in query.bondedsender.org
X-MailPure: FIVETEN-SPAM
oPPs!
I think the %REVDNS% was getting timeout because both the box and imails dns
settings were still set to the ip of the box (durning install and testing
phase) for the primary. Modified them to point to the dns server. It was the
only thing having dns issues to my knowledge (users weren't comp
so if I have in global.cfg:
PHRASESCAN external nonzero "D:\Imail\mail_ameripride_org\phrscan.exe
%REVDNS%" 10 0
it will give me:
phrscan (Private IP) c:\IMail\spool\D1234567.SMD
phrscan (timeout) c:\IMail\spool\D1234567.SMD
depending on internal emails vs external emails
Correct.
or does %REVDNS
so if I have in global.cfg:
PHRASESCAN external nonzero "D:\Imail\mail_ameripride_org\phrscan.exe
%REVDNS%" 10 0
it will give me:
phrscan (Private IP) c:\IMail\spool\D1234567.SMD
phrscan (timeout) c:\IMail\spool\D1234567.SMD
depending on internal emails vs external emails
or does %REVDNS% actual
> We have a number of mail customers that must send there outbound
> mail through the ISPs SMTP server. Now we rely on them to keep the
> SMTP server up and running, relaying in a timely manner, not adding
> footers to the email and providing customer service for outbound
> SMTP issues.
If I have a text file which is going to be used with the SPAMDOMAINS test
does it cause any technical issues or performance issues to have blank lines
in the file like below, e.g. ...
Blanks lines are fine in the spamdomains.txt file.
-Scott
---
Hello, All,
If I have a text file which is going to be used with the SPAMDOMAINS test
does it cause any technical issues or performance issues to have blank lines
in the file like below, e.g. ...
-
# This is my spam domains file...
.nb.ca
.qc.ca
.com.au
.net.au
.co.uk
.sch.uk
-
Thanks, Much!
D
Scott, this is just an "inquiring minds" kind of question:
Using [outgoing] CFG file global.cfg.
Msg failed WOT-WL (WOT Reduction). Action=WARN.
Using [outgoing] CFG file global.cfg.
Msg failed WOT-WL ( WOT Reduction). Action=WARN.
Just wondering why this "ipfile" entry outputs to the logs and he
I was wondering what people's feelings were on blacklisting based on the
sending computers connection type (of course based on IP range)? I have
heard on other threads that some just assume that if a message came from a
server that has an IP within a range of IPs that is listed as being cable,
DS
I certainly DO NOT want the ISPs to block outbound port 25!!
We have a number of mail customers that must send there outbound mail
through the ISPs SMTP server. Now we rely on them to keep the SMTP
server up and running, relaying in a timely manner, not adding footers
to the email and providing c
Scott, this is just an "inquiring minds" kind of question:
Using [outgoing] CFG file global.cfg.
Msg failed WOT-WL (WOT Reduction). Action=WARN.
Using [outgoing] CFG file global.cfg.
Msg failed WOT-WL ( WOT Reduction). Action=WARN.
Just wondering why this "ipfile" entry outputs to the logs and h
I was wondering what people's feelings were on blacklisting based on the
sending computers connection type (of course based on IP range)? I have
heard on other threads that some just assume that if a message came from a
server that has an IP within a range of IPs that is listed as being cable,
DSL
I was thinking of something much simpler...
Verifying that the IP appears in a MX record
Verifying that Reverse DNS is set
Basically the RFC ignorant stuff...
Of course your network would have to deal with traffic before shunning it. :(
I like your idea much better.
Burzin
At 01:10 PM 12/12/
I do not have that line anywhere in the Global.cfg.
The problem turns out to be that the deHTMLizing code would not remove the
line break if it occurred in the middle of an HTML tag. This will be
changed for the next release.
-Scott
---
Declud
Nope..
I do not have that line anywhere in the Global.cfg.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, December 12, 2003 2:38 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Line break (= sign)
T
That's base64 encoding, which Declude JunkMail doesn't attempt to
decode. However, you should be able to block it based on the encoded text.
Are you using "DECODE OFF" (in which case base64 decoding and the
de-HTMLizing will not be done)?
-Scott
At 02:25 PM 12/12/200
Scott:
You stated a while
back that now Declude appends lines together before
filtering.
The following
line:
Doctor's
office. http://www.activerx.b=iz">Start
placing your order for meds
here=
The equal signs
are causing issues with our filters. I have the
filter:
activerx.b=i
if I'm passing a variable as a parameter would it be equal to program-name
%variable% c:\IMail\spool\D1234567.SMD or program-name
c:\IMail\spool\D1234567.SMD %variable%
I need the recieving order of the "parameter list"
The variables will appear before the spool file name. The spool file name
If ISPs would block outbound port 25 that would go a long way towards
keeping spam. Right now most of our spam is coming from cable and DSL IPs.
We block outbound port 25 except from our mail servers and a couple of
customers who have a legitimate reason to use another mail server. If so we
open a
Previously posted on Imail site:
> When does declude junkmail add it's xheaders? Do it add
as it conducts it's test(s)? can I conduct a test (if exists) on a previously
added header?
Maybe I should explain it better
I wrote an external phrase test program. I'm trying to come up with a way
And they are the worst in the opposite direction. I got about 20 virus
"notifications" this morning from them - where they cleaned the message,
then they sent me the original message without the virus - which means, it
was an empty email and it still file my mailbox.
Even worse, their cover lette
on 12/12/03 12:49 PM, Bill Morgan wrote:
> We are having a problem sending e-mail to any user at rr.com. Our
> messages are refused as spam. I have checked all of the databases that
> they say they use and we are not listed in any of them. Over the last
> three weeks, I have sent several messag
Thanks for the clarification.
Burzin
At 11:09 AM 12/12/2003, you wrote:
It is a no-no to have the MS DNS service running on a Windows 2003 server
with Imail 8.0x-4 and using Imail Anti-Spam DNS tests. Otherwise, fine.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Mes
I agree with you. The statement was more general than it should have
been. Personally I think the ISP route
is one of the best places to begin active anti-spam measures at (Sorry
ISP admins). If legislatively, ISPs
can be forced to have customers adhere to strict RFC compliance and if
le
This is the info from the Imail log file:
20031211 125915 127.0.0.1 SMTP (075005D4) 220 ncmx03.mgw.rr.com
ESMTP Welcome to Road Runner. NO UCE *** FOR AUTHORIZED USE ONLY! ***
20031211 125915 127.0.0.1 SMTP (075005D4) >EHLO wamusa.com
20031211 125915 127.0.0.1 SMTP (075005D4)
> > Just a suggestion, and it wouldn't be too much work, why not just
> >distribute the "special" interim release in a password protected zip file
> >when someone needs a quick fix?
>
> We may well need to do that. Or perhaps just a random URL that isn't
> easily guessable.
Well, I've seen from
We are having a problem sending e-mail to any user at rr.com. Our
messages are refused as spam. I have checked all of the databases that
they say they use and we are not listed in any of them. Over the last
three weeks, I have sent several messages to [EMAIL PROTECTED]
(the address that they sa
>> We may well need to do that. Or perhaps just a random URL that isn't
easily guessable. <<
Yes Scott, I think that's necessary. The current method is pretty dangerous
- let's take a real case from the last beta.
If I remember I ultimately ended up having to use i18 to address various
issues be
Just a suggestion, and it wouldn't be too much work, why not just
distribute the "special" interim release in a password protected zip file
when someone needs a quick fix?
We may well need to do that. Or perhaps just a random URL that isn't
easily guessable.
Hi,
We are having a problem sending e-mail to any user at rr.com. Our
messages are refused as spam. I have checked all of the databases that
they say they use and we are not listed in any of them. Over the last
three weeks, I have sent several messages to [EMAIL PROTECTED]
(the address that the
It is a no-no to have the MS DNS service running on a Windows 2003 server
with Imail 8.0x-4 and using Imail Anti-Spam DNS tests. Otherwise, fine.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL
I've had BIND 4, 8 and 9 running on my IMail 6, 7 and
8, both master and slave, for years, with no problems ever. Well...no
problems relating to the interaction of IMail and DNS. :)
At 11:33 AM 12/12/2003, Burzin Sumariwalla wrote:
I thought it was a no-no to have
DNS running on your Imail server
The problem with criminal fines is nobody ever pays them. We have over 100
criminal fraud judgements against former and current spammers, and they all
carry fines. How are the fines collected? The judge reviews their personal
financial condition and establishes a monthly payment that they can a
Okay - thanks. Just wanted to make sure that you were aware that the bug
was not related to "WEIGHT..." tests only.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 93
Scott,
Just a suggestion, and it wouldn't be too much work, why not just
distribute the "special" interim release in a password protected zip file
when someone needs a quick fix?
General interim release to fix a known bug (for everyone running a beta)
would not be zipped.
Just my two cents.
Fri
> I thought it was a no-no to have DNS running on your Imail server. Is it?
Not at all. It's relatively lightweight (time tells for each envt, of
course); gives you a centralized cache that, at worst, fails along
with your mail server (as opposed to a remote DNS server, which is
more li
Not all. I initiated a recent posting on this topic and its fine as long as
the server can handle all requests made of it.
We're running SimpleDNS on our IMail server, others will choose Windows DNS
etc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bu
I thought it was a no-no to have DNS running on your Imail server. Is it?
At 09:50 AM 12/12/2003, you wrote:
This server will have Imail installed, Windows 2000 Server, Windows DNS,
Declude Junkmail Pro and Declude Virus Pro, Fprot.
--
Burzin Sumariwalla Phone: (314) 994-9411 x
Notice how the first test listed is "SORBS", which matches my last HIDETESTS
"SORBS" character by character?
That is part of the bug I was referring to. I had not noticed that you had
a generic SORBS test.
-Scott
---
Declude JunkMail: The advan
You can't fault people. With the last few betas it seemed as if the original
beta was quickly replaced with a follow-up interims release before the new
features really worked reliably. (A common scenario was "oh, yeah, we know
that's broken, go download the interims release".)
And that was part o
>> The HIDETESTS option requires an exact match. <<
Yes - I understand that... Let's try this one more time :
As per my original bug report, my Global.cfg contains the line:
HIDETESTS CATCHALLMAILS IPNOTINMX ... NJABL AHBL SORBS
^
My variabl
Scott:
You can't fault people. With the last few betas it seemed as if the original
beta was quickly replaced with a follow-up interims release before the new
features really worked reliably. (A common scenario was "oh, yeah, we know
that's broken, go download the interims release".)
I understan
If you want to stop this stuff, hit 'em in the pocketbook. These actions
are economically induced. This means fining them and shutting down the
routing of their network traffic. Easier said than done, I know...
Burzin
At 08:08 PM 12/11/2003, you wrote:
Obviously we all hate spam, but in
>> The installed.bin file isn't meant to be human-readable. <<
I know - you've claimed this in the past. Apparently, you are under the
believe that this file format is binary?
I remember me and other people reporting repeatedly that (fortunately) it is
definitely human-readable and has been for
>> The "WEIGHT10" shouldn't have been in there -- there is a bug with 1.77
<<
Okay, but what about SORBS, that appears even though it's included in the
HIDETESTS.
The HIDETESTS option requires an exact match.
-Scott
---
Declude JunkMail: The adva
"Given that we don't have a record of having given out a 1.77i2, it's
probably wrong."
The 1.77i folder has now the version 2. The following is the header from
our email.
This is exactly why there was such a big issue with interim releases last
month. We only have a record of giving out the URL
Hi Scott:
>> The "WEIGHT10" shouldn't have been in there -- there is a bug with 1.77
<<
Okay, but what about SORBS, that appears even though it's included in the
HIDETESTS.
>> Given that we don't have a record of having given out a 1.77i2, it's
probably wrong. <<
Huh? Where do you think I downl
"Given that we don't have a record of having given out a 1.77i2, it's
probably wrong."
Scott:
The 1.77i folder has now the version 2. The following is the header from
our email.
=
Sender: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
X
Based on my previous posting about the mail hanging, I believe that it is do
to my hardware. I was curious if the following specs would work as a
gateway server:
Xeon 2.8GHz
73Gb 15K Scsi
1GB Ram
This server will have Imail installed, Windows 2000 Server, Windows DNS,
Declude Junkmail Pro and D
My installed.bin says = 1.77i2.
The installed.bin file isn't meant to be human-readable. Given that we
don't have a record of having given out a 1.77i2, it's probably wrong.
What does "\IMail\Declude -diag" say?
HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT WEIGHT8 WEIGHT10
WEIGHTHDR NJAB
Title: Message
My installed.bin
says = 1.77i2.
My Global.cfg
contains a line:
HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT
WEIGHT8 WEIGHT10 WEIGHTHDR NJABL AHBL SORBS
My
$Default$.Junkmail contains a line:
WEIGHTHDR WARN X-RBL-Warning: Failed %TESTSFAILED%
[%WEIGHT%]
My .EML te
Is MAILFROM in a filterfile equivalent to an entry in a FROMFILE? Is
there an advantage to use one over the other?
Thanks!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
Is MAILFROM in a filterfile equivalent to an entry in a FROMFILE? Is
there an advantage to use one over the other?
The "fromfile" test type is nearly equivalent to MAILFROM CONTAINS in a
filter. However, there are some slight differences -- for example,
"[EMAIL PROTECTED]" in a fromfile would b
I'm not clear what happens if the "END" matches in a filter.
If an END line matches in a filter, processing of that filter will stop.
I know that the REST of the filter will not be processed. But let say, I
have reached a weight of 20 in my filter by the time I reach the "END"
statement - what
Title: Message
Yes, the HIDETESTS is for use with
%TESTSFAILED% variable.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Friday,
December 12, 2003 12:3
Title: Message
Hi
Scott:
>> The next release will allow for an option HIDETESTS in
the global.cfg file ..., which will prevent those tests from showing up in the
X-Spam-Tests-Failed: header. <<
hm - not sure that I know this
header.
In various config
files I use...
XINHEADER X-
Title: Message
Hi
Scott,
I'm not clear what
happens if the "END" matches in a filter.
I know that the REST
of the filter will not be processed. But let say, I have reached a weight
of 20 in my filter by the time I reach the "END" statement - what weight will be
added to the weight of
I have not seen a single hit from the web-o-trust IP4R database, so I am
wondering if they have populated it with any other than the test IP address.
Anyway, if anybody is interested, here are the IP addresses that can be
gathered by running the python script (that can be downloaded from the
web-o
67 matches
Mail list logo