Hi
all,
Maybe interesting
for german/european email admins:
Some hours ago
someone/something has started to send german messages trough the internet
containing politic statements.
At the first moment
it seems very difficult to filter out this type of messages comming from different
IPs
Hi,
Spammers are getting smart. This spam did not fail
any of the test we have in place using (near) default Declude tests. It scored 0
points.
Groetjes,
Bonno Bloksma
- Original Message -
From:
Markus Gufler
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004
Same here.
I've updated and simplyfied the initialy posted filters
several times in the last hours.
For best results please download the newest filter files
from http://www.zcom.it/decludeupdater/polit_filter.zip
I'm interested if this wave of spam mails is a global
phenomenon, or if they
Hi,
We are Dutch, based in the Netherlands and we have
a .nl domain name. So it's at least more then just .de domains that get spammed.
It looks like these mails are news reports which are sent to various
addresses.
Groetjes,
Bonno Bloksma
- Original Message -
From:
Markus
At the moment I can't
detect additional new subject lines for this type of
messages.
So the best filter
should be a simple subject filter file containing the following
lines
SUBJECT 0 CONTAINSASYLANTEN BEGRABSCHTEN DEUTSCHES
MAEDCHENSUBJECT 0 CONTAINSAuf Kosten der deutschen
Sorry, there are some new entries
SUBJECT 0 CONTAINSASYLANT QUAELTE TIERE BRUTAL ZU
TODESUBJECT 0 CONTAINSASYLANTEN BEGRABSCHTEN DEUTSCHES
MAEDCHENSUBJECT 0 CONTAINSAuf Kosten der deutschen Beitragszahler und
Rentner!SUBJECT 0 CONTAINSAugen auf! (So sieht es aus!)SUBJECT 0
Bonno Bloksma wrote:
Hi,
We are Dutch, based in the
Netherlands and we have a .nl domain name. So it's at least more then
just .de domains that get spammed. It looks like these mails are news
reports which are sent to various addresses.
Same here: Dutch based and .nl domain.
We are Italian, based in the north of Italy, .it domain,
but german speaking and most german customers.
So I wasn't sure if there is some "intelligent" delivery to
german recipients.
BTW: This messages comes from sober.G infected
systems.
Markus
From: [EMAIL PROTECTED]
I was looking at firewall logs and came across a
number of entries relating to exacttarget.com
Does anyone have any experiencs these people
??
Are they a legitimate organization, or should I be
blocking outgoing access ?
jeff
Hi,
I'm from Italy,
i receive such messages since past night as far as I can see it is spreading
with a pattern resembling a virus, messages arrived to postmaster, info and
similar mailboxes. I believe it is in effect the payload of a virus.
With the filter you sumbitted I see many messages still
Scott/Anyone,
What is the RFC that covers HELO BOGUS? I had wrote down RFC 821 4.3.
However, when looking at that sub heading it covers Sequencing of Commands
and Replies. So I am thinking I must be wrong, because the only thing that
I see relevant is the following lines
Note: all the
What is the RFC that covers HELO BOGUS? I had wrote down RFC 821 4.3.
However, when looking at that sub heading it covers Sequencing of Commands
and Replies. So I am thinking I must be wrong, because the only thing
that I see relevant is the following lines
Note: all the greeting type replies
I apparently am blocking some IP space from some of you folks
over seas and did not see the email that started this thread
orget the filters that were posted.
Please, can someone explain to people blocking certain IP addresses that
they may loose/miss certain information?
Rick, hopefully
Many Thanks!
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message -
From: Franco Celli [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 11:18 AM
Subject: Re: [Declude.JunkMail] COMBO-Filter solution for todays german
polite emails
Does anyone know if it is possible to change the SMTP greeting in Exchange
5.5? I've not had much luck looking online for an answer.
Thanks,
Jeffrey
Jeffrey Di GregorioCCNP MCSE
Systems Administrator
Pacific School of Religion
[EMAIL PROTECTED]
510-849-8283
-Original Message-
I think it's easyer for you to download them from the author
Markus Gufler:
http://www.zcom.it/decludeupdater/polit_filter.zip
Please forward him also the part he need's for the global.cfg file
POLIT-CONTENT filter C:\IMail\Declude\filter_polit_content.txt x 0 0
POLIT-QMAIL
Received: from ilima.ilhawaii.net [64.75.176.23] by mail.canspec.com
(SMTPD32-8.10) id A9F796E2008E; Wed, 09 Jun 2004 17:23:19 -0700
Received: (qmail 79808 invoked by uid 80); 10 Jun 2004 00:35:43 -
Date: 10 Jun 2004 00:35:43 -
Message-ID: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL
I think it's easyer for you to download them from the author
Markus Gufler:
http://www.zcom.it/decludeupdater/polit_filter.zip
Please forward him also the part he need's for the global.cfg file
POLIT-CONTENT filter C:\IMail\Declude\filter_polit_content.txt x 0 0
POLIT-QMAIL filter
I guess I'm spoiled...
My users and I are very happy with how well Declude Junkmail is controlling
the spam problem here at work.
My son isn't happy with his email account at home. In the past year, he's
send maybe 10 email messages and received about the same number of
legitimate messages, but
X-Spam-Tests-Failed: None [-3]
It got through because it didn't fail any spam tests. If it doesn't fail
any spam tests, it will not be caught. It came from a clean IP, and was
formatted properly, with no signs of it being spam. It is rare, but does
happen.
Hi,
Those of you reading German, here is the news report covering this outbreak
of nazi SPAM:
http://www.n-tv.de/5252882.html
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:
Thanks again,
Can you send me the headers from Markus's email so I can figure out whats
grabbing his email, over the years he has been a useful contributor here so
I would like to see his posts
thanks for your time
Rick Davidson
National Systems Manager
North American Title Group
-
-
- Original Message -
From: Brad Morgan [EMAIL PROTECTED]
Since all of you are familiar with Declude Junkmail, I'm hoping someone
will
be able to suggest some things for me to try. I have a Redhat Linux
firewall
at home, so solutions in that space are acceptable.
Check out some of
Title: Message
Is there a good and/or proper and/or
easy and/or acceptable way to allow forwarding to other than AOL without having
to go to each users configuration and remove the forwarding to AOL, of which
would be worthless as the use would just go back in and change it back?
he's a .info could that be it?
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 06/10/04 11:50AM
Thanks again,
Can you send me the headers from Markus's email so I can figure out whats
grabbing his email, over the years he has been a useful contributor here so
I would like
Sorry I can't post headers, I was reading the list in digest mode (no
headers) and followed the post through the web archive.
Franco Celli
- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 10, 2004 7:11 PM
Subject: Re:
Since no one has touched on this one...
exacttarget.com = Roving.com = Constant Contact
This is a bulk-mailer that is often used by smaller companies to send
to their lists of addresses. Unfortunately all such companies have
inherent problems with spam as customers will bring dirty lists in.
On Thursday, June 10, 2004, 12:32:23 PM, Brad wrote:
BM Since all of you are familiar with Declude Junkmail, I'm hoping someone will
BM be able to suggest some things for me to try. I have a Redhat Linux
BM firewall
BM at home, so solutions in that space are acceptable.
Message Sniffer runs on
I just moved my Imail spool directory to a different drive (which did help
with performance) and now everything in my Declude directory is gone. I did
not remove anything from there. What did I do wrong.
Jeff Kratka
TymeWyse Internet
P.O.Box 84 -
I just moved my Imail spool directory to a different drive (which did help
with performance) and now everything in my Declude directory is gone. I did
not remove anything from there. What did I do wrong.
That is odd. Are you saying that the \IMail\Declude\ directory no longer
has any files in
Yep, all of the files in the Declude directory were gone. I was able to
restore them from a back-up so it seems to work now. Sorry that I jumped the
gun, but that was just to weird. It's been mostly that type of day.
Jeff Kratka
TymeWyse Internet
Hopefully it's not because my email-address is an info domain. Over 2 years ago (march
2002) there was registered already over 80 info domains around the world. As I
know on the IPSwitch website you can't subscribe to the newsletter because .info is
not a valid top level domain
Looks like
Title: Message
Hi
Scott:
I figured out a way
(using Filters) on how to "conditionally" either "DELETE" or "ROUTETO". So I got
half of my project covered.
For my second
half... Since the RouteTo and CopyTo actions can only be combined with certain
other actions (e.g.,I can't do a COPYTO
I am wanting to block anything in the From line that says Sapphirex, so
I created a filter called mail_from and it contains the following:
MAILFROM10 CONTRAINS Sapphirex
But for some reason this was allowed through? I have a customer whom
gets about 100 of these a day from
Hi,
the MAILFROM was [EMAIL PROTECTED].
The header
From: Sapphirex Expeditors [EMAIL PROTECTED]
is NOT the mailfrom - it is the information that your mail client (e.g.,
Outlook, Eudora) displays as from.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1
I am wanting to block anything in the From line that says Sapphirex, so
I created a filter called mail_from and it contains the following:
MAILFROM10 CONTRAINS Sapphirex
But for some reason this was allowed through? I have a customer whom
gets about 100 of these a day from
You could also use:
HEADERS 10 CONTAINSsapphirex
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, June 10, 2004 6:10 PM
To:
Hi Scott:
COPYTO means Send a copy to (not make a copy of this E-mail and send
it to). It just adds an extra recipient.
Uuuu - now I get it. Makes sense.
Somehow I thought COPYTO also supported copying to a file - so I assumed
it was a true copy action.
Thanks for clearing this up.
I am sure this may just be a typo but you put CONTRAINS opposed to
CONTAINS?
Darrell
-
Check out http://www.invariantsystems.com for utilities for Declude and
Imail.
Kris McElroy writes:
I am wanting to block anything in the From line
39 matches
Mail list logo
