Kevin,
I am very well aware of what byte sequences constitute the end of a line.
However, if the problem were this simple it would have been fixed long ago.
Contrary to what some have said here, we have seen many instances where
IMail likewise appends its headers to the end of the message.
The problem I have is I have spam getting through that should have been
caught by these filters and I cannot figure out why. Lately we have had a
lot of spam passing the filters. Is there a time out in the dnsbl lookup
that it will pass the spam if the test cannot be run? This started about 2 -
3
Well, David. You've known about the problem for a very long time, and from
a customer perspective absolutely nothing has been done. No potential fix
release date. Nothing other than we're working on it. From your post to
the list, it doesn't even sound like we're working on it was true.
Unfortunately Andy you are incorrect we have seen numerous instances where
IMail likewise has put its headers at the end of the body.
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy
Schmidt
Sent: Wednesday, November 08, 2006
Darin,
I will not commit to a date of having a fix and then not reach that date. I
understand your frustration with this issue. The truth is we are currently
working on it, I think that your statement of being plain lazy to make an
effort is uncalled for. I have posted we are open to suggestions,
We're not asking Declude to fix IMail's problem, just do some intelligent
parsing and put the headers Declude adds with the rest of the header.
We'll work on Ipswitch to fix their issues.
Darin.
- Original Message -
From: David Barker [EMAIL PROTECTED]
To: declude.junkmail@declude.com
David,
I'm sorry you feel that way, but I will not apologize for my post. Frankly
I've had it with posts from Declude that seem to indicate no interest in
solving the problem, as David F-R's post seemed. I've tried to be as nice
as I could be through these past two years, but I've had enough of
Darin,
1. Personal attacks ie. you're just plain too lazy to make an effort to do
anything about it. on this list will not be tolerated I will remove you
from the list if you cannot keep to the issue.
2. I have posted how we are looking to resolve this and asked for any
helpful feedback, do not
Hi David:
Unfortunately Andy you are incorrect we have seen numerous instances
where IMail likewise has put its headers at the end of the body.
In that case, I agree. Once I encounter a message with Imail Headers
trailing the message, I will certainly open a report with Ipswitch.
Hi David:
The broken line terminators are not necessarily of the same type in a
given message. In addition, they are not necessarily adjacent to each other
(with leading whitespace or unprintable characters on a line). What may
appear obvious to the eye is often not at all what exists behind the
Hi David F,
David Franco-Rocha [ Declude ] wrote:
The broken line terminators are not necessarily of the same type in a
given message. In addition, they are not necessarily adjacent to each
other (with leading whitespace or unprintable characters on a
line).What may appear obvious to the
Hi Everyone -
I've been playing with some negative weighting, but it doesn't seem to be
working. I have the following in my global.cfg file (down towards the
bottom):
ALLOWLIST_MED filter D:\IMail\Declude\filters\allowlist_med.txt x -30 0
In my allowlist_med.txt file, I have the following
Hi. Any one have any good luck with any paid subscriptions? We have been hit
hard lately, and are willing to dish out some dough to get our stats back up.
Please advise. Thanks! -Chris
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to
MXrate seems relatively competent so far.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Chris Anton
Sent: Thursday, November 09, 2006 9:18 AM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Paid Subscription Black Lists
Hi. Any one
We have had great success with message sniffer (www.sortmonster.com)
Herb
Chris Anton wrote:
Hi. Any one have any good luck with any paid subscriptions? We have been hit
hard lately, and are willing to dish out some dough to get our stats back up.
Please advise. Thanks! -Chris
---
This
Message Sniffer
buy it. install it. love it.
John
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris
Anton
Sent: Thursday, November 09, 2006 11:18 AM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Paid Subscription Black Lists
Hi. Any
Todd,
Run you global.cfg on DEBUG see if the test is being called correctly.
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd
Richards
Sent: Thursday, November 09, 2006 11:54 AM
To: declude.junkmail@declude.com
Subject:
Agreed.
Message Sniffer is pretty good.
Lets not forget the excellent tool from invariant systems...
http://www.invariantsystems.com/invuribl/
Kindest Regards
Craig Edmonds
123 Marbella Internet
W: www.123marbella.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Message Sniffer and invURIBL are very worthwhile/
John T
eServices For You
Life is a succession of lessons which must be lived to be understood.
Ralph Waldo Emerson (1802-1882)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris
Anton
Sent:
Thanks for the tip, but unfortunately I am not using the Pro version of
Declude so I cannot create my own filters. Are others being slammed with
stock spam recently? Declude is blocking several hundred of them a day, but
many are still slipping through without failing any or very few tests. Is it
Hi David -
OK, it appears that it is running the test. Here is a snip of the log:
11/09/2006 13:14:20.937 q7df6083c3523.smd Doing filter file
D:\imail\Declude\Filters\FILTER-SPAM.txt.
11/09/2006 13:14:21.312 q7df6083c3523.smd Doing filter file
D:\imail\Declude\Filters\FILTER-GERMAN.txt.
Hi Karl,
Post a sample with full headers so we can see what the scofflaw is
sending you
-Nick
Karl Hentschel wrote:
Thanks for the tip, but unfortunately I am not using the Pro version of
Declude so I cannot create my own filters. Are others being slammed with
stock spam recently?
I know why the virus got past Declude but I would like to
know how to stop it in the future.
We have the AFTERJUNKMAIL directive on. So the message was
trapped as spam and then when the user re-queued the message it was delivered
to the users mailbox. Is there a way to get Declude to
OK sounds reasonable. Since you are the expert and I am trying to understand.
Have you ever seen a legitimate message with a no real end of headers, where
the two line terminators designating the end of headers are separated by more
than white space, tab or space characters?
Kevin
Where are you getting the MAILFROM address [EMAIL PROTECTED] ?
Do you have a header you can post that is addressed to
[EMAIL PROTECTED] ?
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd
Richards
Sent: Thursday, November 09,
OK, here is an update with the header of the particular message.
Todd
Received: from treetso101.mtc.ibsys.com [66.187.204.25] by mail.nnepa.com
with ESMTP
(SMTPD-8.22) id ACCC0340; Thu, 09 Nov 2006 12:00:44 -0600
Date: Thu, 9 Nov 2006 12:02:02 -0600 (CST)
From: KETV.com Newsroom [EMAIL
The actual MAILFROM is:
X-Declude-Sender: [EMAIL PROTECTED] [66.187.204.25]
Not
From: KETV.com Newsroom [EMAIL PROTECTED]
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd
Richards
Sent: Thursday, November 09, 2006 2:44 PM
Todd, do this from a command line:
C:\Tempnslookup 66.187.204.25
Server: Andrew's.obfuscated.dns.server
Address: 192.168.0.1
Name:treets100.ibsys.com
Address: 66.187.204.25
C:\Temp
That tells me that your REVDNS won't match, because their reverse DNS is
*not* the same as the HELO value
What about a brute force rule "I am appending a header more than x
characters from the beginning of a y length message so this cannot be a
correctly formatted message" and you have set the
"deletebadforematmail" switch to "Yes" so delete.
Herb
Kevin Bilbee wrote:
OK sounds reasonable.
Oh Geesss (head down, walking towards corner)...
Seeing that (now), what's the best practice?
MAILFROM [EMAIL PROTECTED]
Or
MAILFROM @mailer.ibsys.com
I would think the more specific, the better.
Thanks, David!
Todd
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
What are you adding to outgoing headers in the config? You won't see the
test in the headers unless you add a header that displays all of the tests
the message fails.
Darin.
- Original Message -
From: Todd Richards [EMAIL PROTECTED]
To: declude.junkmail@declude.com
Sent: Thursday,
Thanks Andrew. I'm starting to catch on. The good news is that everyone
else thinks I'm a miracle worker because of the drastic decrease in spam.
One of these days I'll break down and tell them the truth. So if you all
happen to start getting Thank You cards from people you don't know, that's
Kevin,
It's my understanding that newer versions of
Smartermail do not require the file to have the "X" prepended. When the
user requeues the message do you drop it into the smartermail spool or the
declude proc directory? In order for it to be rescanned by Declude you
need to drop it
No problem, Todd.
To answer your question in the other thread, yes, more specific is more
better. On the other hand, you also have to look at what you're really
trying to counterweight.
In this case, you could certainly counterweight both the REVDNS of their
mailserver, and the particular
I was afraid of that. It would
be great to be able to re-queue and only virus scan or better yet virus can all
message that do not get deleted by junkmail including held messages. Then if
HELD and VIRUS the hold as virus not as spam.
Kevin Bilbee
From: [EMAIL PROTECTED]
Here are a headers from a few of the messages, with our
email address removed, that we have been receiving. We have beenreceiving
tons of these from different domains, IP's..I have been using IMail
filters to catch some of them because Declude hasn't been doing a very good
job.
This one
Kevin,
Since messages that are being held are not going to be immediately
moved out of that folder (like actively being processed messages), why
don't you have your on-access virus scanner monitor the hold
directory. This way the messages will be scanned and deleted if
infected.
Dean
On
Andrew -
I learn a lot from people on this list, and you are no exception.
I looked to see why the email failed the FILTER-SPAM test, and it was
because of ad.doubleclick.net. I think that is common for some of the
more well-known news newsletters that I've seen failing. What I could do
is
Today I noticed that my daily.inc folder was gone and when I
ran freshclam it gave me a mirror is not synchronized error. Anyone else see
this?
Mark Reimer
IT System Admin
American CareSource
972-308-6887
---This E-mail came from the Declude.JunkMail mailing list.
So far - and I have been hammered as well is they all contain 2 "$$"
and end with @debora
I have a regex that hits these - [EMAIL PROTECTED]
-Nick
Karl Hentschel wrote:
Here are a headers from a
few of the messages, with our email address removed, that we have been
receiving. We
Hadn't really thought of selling it myself. Give me a few days to get my
Exchange box 100% functional, and we'll see. I'd need to make a few
changes since I hard coded log file locations and a few other things.
Karl Drugge
-Original Message-
From: Craig Edmonds
The @debora will change...
I get over a 1000 spam a day from this
spammer.
I don't think you'll be able to target his zombies
effectively with any IP4r list.
- Original Message -
From:
Nick
Hayer
To: declude.junkmail@declude.com
Sent: Thursday, November 09, 2006
Hi Scott
I know it will morph -but that is all I see for now . Do you have a
pattern that will persist for this spammer?
-Nick
Scott Fisher wrote:
The @debora will change...
I get over a 1000 spam a day from
this spammer.
I don't think you'll be able to
target his zombies
My daily.inc folder is missing from the
clam directory. Could anyone please help me?
Mark Reimer
IT System Admin
American CareSource
972-308-6887
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer
Sent: Thursday, November 09, 2006
4:53 PM
To:
Scott Fisher wrote:
I get over a 1000 spam a day from
this spammer.
If you don't have a pattern would you mind sending me off list a few of
the ones you do receive from different days? I do not recognize this
gut so I would like to see more of his product.
-Nick
Hi Mark,
I just sent you off list my \share\clamav dir zipped up...
-Nick
Mark Reimer wrote:
My daily.inc
folder is missing from the
clam directory. Could anyone please help me?
Mark
Reimer
IT System Admin
American CareSource
972-308-6887
I tend to have clamav update issues. For some
reason freshclam will start taking 100% cpu and just run on. This caused a
few queue backups all caughtearly thanks to QueueMon. I changed the
task to kill it after 5 minutes. When watching the server its not uncommon
to see clam sync issues
I've seen some messages with dozens of Kbytes of CC
and TO E-mail lists that would fail this test.
- Original Message -
From:
Herb Guenther
To: declude.junkmail@declude.com
Sent: Thursday, November 09, 2006 3:30
PM
Subject: Re: [Declude.JunkMail] End of
Hi Mike;
I'm sure that you are correct, but it would have to be both malformed
and have the large header. Right now there are hundreds of messages a
day slipping thru that are not being addressed at all. This MAY be a
way to get the vast majority of them without the apparent difficulty of
We've been running Clam for Windows and getting a lot of time-outs and
'unable to delete - file in use . . .. The C:\Temp folder fills up with
left over vir files. We also have synch problems for updates.
We took it out of production today, since it was keeping dual xeon
CPU's continuously at
50 matches
Mail list logo