Hi
I'm using Imail+Declude as a anti-spam+virus smtp-relay in front of my
exchange server. It seems to me that when I use the ATTACH options every
message gets a message-id [EMAIL PROTECTED]
I suspect that causes some strange issues at my exchange server - at least
when I use message tracking.
Here's the X-Declude-Sender in a spam message. It includes my domain name
and a ?:
X-Declude-Sender: [EMAIL PROTECTED]
[65.249.245.10]
How would one add weight if there's a ? in the X-Declude-Sender? I assume
this is a valid test to add weight.
[EMAIL PROTECTED]
---
[This E-mail was scanned
MAILFROM 10 CONTAINS ?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul Fuhrmeister
Sent: Wednesday, November 17, 2004 9:58 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] if there's a ? in the X-Declude-Sender
Here's the X-Declude-Sender in a
That's a bad assumption IMO. This is known as Variable Envelope Return
Path or VERP. It is used by many legitimate bulk mailers to properly
handle bounces for undeliverable messages so that they can automatically
remove bad addresses after so many failures. Some bulk mailers are of
course
Yeah, what Matt said.
Chipping in another 2 cents, the ?stderr. in particular I find in bulk
mail as opposed to spam mail, and they are more likely to have a a valid
opt-out routine that works like you expect it to work.
I believe that is a built-in feature with Postfix and SendMail.
Andrew 8)
We're seeing a 10-fold increase in zombie spam
today.
~90% of what slips through triggers either CMDSPACE
or SNIFFER, so we've upped both of those to hold weights.
Anyone else seeing this?
Darin.
Hello all,
I just received a complaint at our abuse@ address asking us to stop
spamming. The guy sent me the message in question as an attachment and
after reviewing the headers and digging into the logs I need some help
deciphering what is going on here.
Here are the headers for the spam in
Hi,
The mail supposedly took the following route:
- cousinssubs.com (mail.cousinssubs.com [216.43.194.27])
- YahooBB218116092015.bbtec.net (Postfix)([218.116.92.15])
- mx4.uniserve.ca ([216.113.192.45])
We can assume that the first receive header is legit:
Received: from mx4.uniserve.ca
Received: from mx4.uniserve.ca ([216.113.192.45]) by mail-host.uniserve.ca...
Received: from yahoobb218116092015.bbtec.net ([218.116.92.15]) by...
Received: from cousinssubs.com (mail.cousinssubs.com [216.43.194.27]) by...
The uniserve.ca references are the servers of the guy who complained. The
Thanks for your help Andy and Scott. I thought this looked strange.
- Andy
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, November 17, 2004 3:01 PM
To: [EMAIL PROTECTED]
Subject: Re:
On Wednesday, November 17, 2004, 3:22:00 PM, Darin wrote:
DC We're seeing a 10-fold increase in zombie spam today.
DC
DC ~90% of what slips through triggers either CMDSPACE or
DC SNIFFER, so we've upped both of those to hold weights.
DC
DC Anyone else seeing this?
We're seeing what could
I am planning on switching to IMail on the local backup server. To
use ldap2alias what would be the best way to name the virtual hosts
on the backup servers.
I recommend an OHN like
storeforward.school1.aea8.k12.ia.us
or similar, with the actual domain name as a host alias.
I'm wondering if someone familiar with the logging of IMail, Declude and
Sniffer and scripting could enlighten me on an issue that I am having.
I have a script that is run every hour on my server that takes the 4
logs generated by these processes, moves them to a temp folder on the
same
Katie,
You need Declude JunkMail Pro 1.81 for SKIPIFWEIGHT functionality. This
only works within custom filters. Both the RBL's and Sniffer require
very little in the way of resources, but some custom filters can be
large resource hogs and using SKIPIFWEIGHT to stop the processing of
filters
Matt,
It's possible its a locking issue. What specifically is the error message
it is returning?
I ran into similar issue with a log rotating script I wrote to move logs
around into WebTrends. I was trying to rotate a log file still being
downloaded and it would cause an issue.
When I
Katie,
SKIPIFWEIGHT only works in filter files and you will need the latest version
of Declude to use this feature. From my experience DNS based tests and
external tests are ran before the filter tests are ran. Most folks use the
SKIPIFWEIGHT test to bypass CPU consuming filter files if the
Where did you get the sleep.exe???
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of DLAnalyzer
Support
Sent: Wednesday, November 17, 2004 3:59 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Log file locking???
Matt,
Wait.exe is in the Windows 2000 Resource Kit.
Darin.
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 17, 2004 7:25 PM
Subject: RE: [Declude.JunkMail] Log file locking???
Where did you get the sleep.exe???
Kevin Bilbee
Thanks to both of you for the guidance.
Kevin, sleep.exe is from the Resource Kit.
I've coded up a script fragment that should handle this, but I would
appreciate some feedback on if this is the correct way to go. Obvious
declarations omitted:
' Disable error handling
On Error Resume Next
On Wednesday, November 17, 2004, 7:38:44 PM, Matt wrote:
M Thanks to both of you for the guidance.
M Kevin, sleep.exe is from the Resource Kit.
M I've coded up a script fragment that should handle this, but I
M would appreciate some feedback on if this is the correct way to
M go. Obvious
Yeah, what Pete said!
This is especially true with monster log files being moved around on the same
spindle(s).
And it's a great tip when you want to delete or update a file that is in use,
even if it's running. Rename it, and you're done. I've had to use this tip
many times when patching a
Sorry, I should have mentioned that. sleep.exe is from the Windows resource
kits.
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log
Parsers.
As mentioned earlier it does sound weird to shell
out to run sleep. That's mostly because there is no "sleep" function
VBScript. However, since you are using WScriptyou can take advantage
of the functionWScript.Sleep instead of shelling out. In the example
I posted earlier I was not using
Ok, it seems like I should change to WScript.Sleep 5000 and also
concern myself with renaming the file instead of moving it.
Do I need to be concerned about having this error detection and retrying
when renaming the file, or is this the type of operation that will
override the types of locks
24 matches
Mail list logo
