usually spam
messages doesn't contain forged mailfrom addresses. But theoretically it's
possible. Specially spam comming from compromised zombie computerscan
easily have real existing, forged mailfrom addresses.
The german politic
spam messages from yesterday are comming from such zombies
Hi,
We are seeing a lot of NDR's coming from ligit servers, with a spoofed user name, but
a correct domain name.
What would be the best way to deal with this ever growing problem.
Regard's,
Kevin
__
This email has been Processed
Markus
We are seeing 1 in 10 email's which are NDR's and are nothing to do with the
german-politic spam messages.
Look's like we have a new problem, which is growing quickly.
Scott I hope you can help on this one or anyone else...
Kevin
-- Original Message
We are seeing a lot of NDR's coming from ligit servers, with
a spoofed user name, but a correct domain name.
What would be the best way to deal with this ever growing problem.
Yipiieee :-)
I'm not the only one having this problem.
As I can see this are NDR's from current spam messages
We keep getting swamped with mail from:
American Specialties
First Advanced
Altantic Continuum
Pacific Alternative
Gamma Coalition
Alliance Advanced
American Loan Gateway
Crown Specialists
Crown Aggregate
United Coalition
Commonwealth Commercial
and so on all from the same source per that mail
agreed about the body but chances are that and end user is going to
base their filtering request on what they see in the body and in the
case of .cz the chances of something matching that other than an email
address or url are slim
This is concerning order number 213.97.czae.42
Daddy, i
We've been getting upwards of 30k messages a day which are NDR's with our
domain name, but with a randomly generated username. We found that although
our mail server is more then capable of handling the volume, it was creating
a lot of lag with POP3 accounts when the server was being hammered
Was there a HOWTO you found online to do this? Wouldn't mind attempting
this when I get a chance..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich
Sent: Friday, June 11, 2004 10:33 AM
To: [EMAIL PROTECTED]
Subject: Re: Possible Spam: RE:
I'm working on creating one, a version of what we have, it's started at
http://www.kendra.com/Support/PerUser_Gateway/index.htm, I'm trying to
finish it today.
Rich
- Original Message -
From: Jeff Maze [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 11, 2004 8:42 AM
Subject:
Great.. Thanks..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rich
Sent: Friday, June 11, 2004 10:50 AM
To: [EMAIL PROTECTED]
Subject: Re: Possible Spam: RE: [Declude.JunkMail] NDR's
I'm working on creating one, a version of what we have, it's
Why not just create a filter file that searches for those specific strings
you listed and use the delete action on them. Trying to gather IPs on those
types of spam runs is futile, they are probly using spam zombies and there
are probly 100s of thousands of those out there. You can even use Imail
Hi,
I think this is going to work
I need to backup IMail from the C Drive, reformat the server, create D
drive and then put IMail back on D Drive.
I figure the way to do this is
Old Server
Stop all IMail services
Backup IMail and all directories
Make new server
Install IMail on new server D
We've been getting upwards of 30k messages a day which are
NDR's with our domain name, but with a randomly generated
username. We found that although our mail server is more
then capable of handling the volume, it was creating a lot of
lag with POP3 accounts when the server was being
When you export the imail registry hive
Look at the resulting file...
If there are hard references to C:
Then run a search/replace all to update to D
If you use SQL for user databases then you'll have to write a small sql
script to update the mailbox path's for every mailbox. The physcal path
is
When you make a backup of Imail's user/domain settings, it might keep the
original drive paths so check it's reg file that is created in case you need
to do a find/replace
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Friday, June
heh i learned the hard way with specialist as well
dont forget that declude will honor the space at the end of a filtering
string, .czspace should have been used... learned the hard way on that to
:-)
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message
Title: Message
How would you change the _javascript_?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Friday, June 11, 2004
9:15 AM
To: [EMAIL PROTECTED]
Hi Markus,
I know what you mean, just like the list below
I have a customer, nst.ie, and this is what is happening to them.
Kevin
QD:\IMail\spool\Ddbdf01e626ff.SMD
Hkadmail.co.uk
WD:\Imail\kadmail_co_uk
E0,
S[EMAIL PROTECTED]
NRCPT TO: [EMAIL PROTECTED]
R[EMAIL PROTECTED]
NRCPT TO: [EMAIL
Title: Message
I don't have a script to give you aswe
haven'tenforced this yet, this is just a way that you could do
it.You would add a _javascript_ validation routine to the page
(attached to the form action) to parse the text field and present an error if
the email address ends in
Hi Markus!
Getting your messages now, for me the solution was as simple as allowing
email through with [declude in the subject, I don't like blocking by IP
unless its a legit email marketing company who doesn't change IP addresses
and with the nifty new remoteip 0 cidr filtering capability its
What log file are you looking at to see these NDR's?
I don't think I'm having this problem yet, but I want to make sure.
Thanks
Gene
Sent via the WebMail system at accram.com
---
[This E-mail was
looks to me that the spammer is just using a dictionary of user names and
sending to them by appending on the domain name in the hopes that they may
get a hit on another mailbox.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of declude
Would it be possible for declude to do DNS lookups on the urls in the body
of the email message and then run the IP address against an ipfile or a
filter file using remoteip? This would defeat the registering of tons of
domains that alot of times point back to the same web server. It is easy to
This was kind of suggested when the SURBL came out.
Do you use the SURBL code.
I don't know if anyone is interested but I've got a batch file that goes through last
month's logs (it works on log level high) and pulls out all matches for a Body URL
filter. It can help trim the deadwood.
I've
I downloaded the surbl code but have not implemented it yet cause of all the
monkey business associated with it, I am working on getting it going
thanks for that batch file!
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message -
From: Scott Fisher
If I use this option will it whitelist all incoming to a particular user or
is this for outgoing mail only?
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to
Tom,
Is there more in the registry than under
HKLM\Software\Ipswitch\.
Goran Jovanovic
The LAN Shoppe
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Tom Baker | Netsmith Inc
Sent: Friday, June 11, 2004 12:07
We are looking for a good dedicated web hosting company in France that
speaks English.
Any good recommendations out there?
Kevin Bilbee
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
That's all that you need
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Friday, June 11, 2004 4:21 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] OT IMail Backup/Restore
Tom,
Is there more in the registry than under
Starting to get some spoofed from email address and these addresses are in
the users address book. Because they are in the address book they are
whitelisted therefore delivered. So far the spoofed from email address used
are from the same domain. Is they anyway around this problem?
Thanks,
Mike
All the lines.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of serge
Sent: Friday, June 11, 2004 6:29 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] trivial question
but i had a tough week, so bare with me
if a mail
I believe it will get a total of the matched lines.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of serge
Sent: Friday, June 11, 2004 6:29 PM
To: [EMAIL PROTECTED]
but i had a tough week, so bare with me
if a mail matches different lines in a filter, it will get the total weight
of all matched lines, or the first matced line weight ?
TIA
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
33 matches
Mail list logo