there is a subdomain under URI called "com" and than create an "A"
record under "com" called "spammers".
When you query the zone it looks like this
spammers.com.uri..com
Hope this helps,
Darrell
--
--
Check out http://www.inva
would cost me about $300 a year to subscribe to this. This
stuff really adds up quick!
While invalument does charge the cost to use their list is significantly
less than what other lists charge once you are cutoff.
Darrell
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubs
e URI lists now (URIBL) is that all of the
providers are cutting off the free public access and moving to a pay
model. Chances are if invURIBL is not working well for you that you
access to the URI lists have been cut off for excessive DNS queries.
Darrell
--
Chec
r that
domain(s).
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
redbara...@qwest.net wrote:
I am usi
different nuggets of info on
how it works.
From what I remember is it specifically looks for mail hopping across
different regions like US->China->US, etc...
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, a
Has anyone ran across a way to have COPYFILE still work in cases where
the final action is DELETE/HOLD other than writing an external test?
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude
very rare since we restart he services on a weekly basis now.
However, what you describe with it happening multiple times per day
really sounds like a "killer message". Was there any messages in the
error folder?
Also, how much ram do you have in your box
Usually in situations like this you ran into a killer message. When
Declude restarts it will copy all of the files from the work directory
into the review directory. You can slowly copy those messages to track
down the killer message and than when you find the message submit it to
Declude for
They (Barracuda) ask that you register with them your DNS server that
you will be querying from. I suspect at some point if the volume gets
out of hand they may restrict the service to those who entered in their
DNS servers.
--
Check out http://www.invariantsys
"
uribl-logfile1017.txt | wc -l
2030
F:\Logs\invURIBL>grep -i "message body found in multi.surbl.org"
uribl-logfile1017.txt | wc -l
1328
Check your test points for URIBL.com. They have been know to block dns
serves that have high query rates since they now offer a da
.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Todd Richards wrote:
Hi everyone -
I moved my primary
can slowly copy the
messages from the review folder into the proc to find which is the
message that crashes Declude.
Darrell
Mark Strother wrote:
For the past few hours we’ve had a real problem with Declude crashing
and I can’t figure it out. We’re using SmarterMail 4.1 and Declude
4.1.14A
it's always more efficient to block at the ip
layer (looking at the packet's src ip) than at the application layer
(processing the message)
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude
.
Darrell
Mon Mariola - Rubén wrote:
Using DLAnalizer I could see that, the filter backscatter, detects
only 66% of messages incorrect. Of the remaining 33%, 10% are good
messages, especially automatic responses of Outlook.
Can anyone explain how I can improve the filter backscatter?
The
tested them at this time.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Cybercorp Computers -- Glen
> 1) If a mail server is configured without a reverse DNS pointer, is >
>enough to prevent email from reaching AOL, Yahoo, Hotmail, etc?
AOL indicates they will do this, on occasion I have seen this, but not
all the time.
> 2) Do you block email coming from mail servers with no reverse DNS?
N
Ferrell,
After you added that charset to the declude.cfg file did you restart the
decludeproc service?
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI
Michael,
Judging by that screen cap you are having a rough time to say the least.
I am sure you have exhausted a ton of options, but have you turned off
DEP for Declude? I have seen repeated crashes like that on a system
which did not exclude Declude under DEP.
Darrell
Dave,
From my experience I have had number of problems with spaces that would
cause my filter files not to trigger. I have since stopped using spaces
and started using tabs like below and it has stopped any of the issues I
had in the past.
SUBJECT0CONTAINScoupon
Darrell
Dave,
I noticed with the relevant lines from the filter posted below some of
the lines were indented more than the one line. Is it possible you have
extraneous whitespaces between contains and the text you want to filter on?
Dsrrell
--
Check out http://www.inv
In testing the format is actually
mmdd
and not
> DECADD Can use for 4 digit year on log file names in the
>format ddmm
per the release notes.
Darrell
--
Check out http://www.invariantsystems.com for utilities for D
I just checked and I am seeing this as well.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Adolfo
gular format of "dec.log" right now is "mmdd".
I was about to test it until I realized today is 0404 Might have to
wait until tomorrow to verify unless someone has already tried it.
Darrell
Colbeck, Andrew wrote:
David Barker said:
DEC ADD Added date, T
Jim,
While others may cringe regarding this, but some of the backscatter I
have had to deal with (excess of 500-1000 messages a minute at times) I
have had to put filters in place to delete null senders for periods of time.
Darrell
Jim Comerford wrote:
Over the last several weeks we have
://www.invariantsystems.com/dlanalyzer/reportsamples.htm
Release Notes: http://www.invariantsystems.com/download/current/readme.txt
Download:
http://www.invariantsystems.com/dlanalyzer/download.aspx
Any questions let me know,
Darrell
://www.invariantsystems.com/dlanalyzer/reportsamples.htm
Release Notes: http://www.invariantsystems.com/download/current/readme.txt
Download:
http://www.invariantsystems.com/dlanalyzer/download.aspx
Any questions let me know,
Darrell
Do you expect to receive russian messages (other than spam) if not than
you can filter by charset "koi8-r". Charset filtering is not CPU intensive.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and O
an automated tool to try and crack accounts/passwords.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers
how
many threads you are running.
Any thoughts on where to start ... I've rebooted, stopped services,
restarted services ... works fine for about 8 hrs then starts up all
over again
I would start with the IMAP4D issue.
Darrell
--
Check out http://www.invarian
t takes that into account and than deletes the null sender.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Scott,
Does the Barracuda system add any headers that we could trigger a filter
to hit will reduce the weight so we can prevent it from being captured?
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF
me we deal with
our system would be crippled with 1Gb of memory.
In general as long as your not experiencing backup's than your
configuration is working fine for you.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, m
200K+ messages per day.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
David Dodell wrote:
I am running a
automatically and email you the results.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Bonno Bloksma
Newer versions have additional features built in to help lessen the
processor load: skip weights, message sizes, max and min weights, etc.
These features can really make a difference if your server is seeing
performance impacts.
Darrell
Randy Armbrecht wrote:
That's the first th
In addition to what Pete suggests with Weightgate (which I also use on
some servers with older hardware). You will want to set inside your
invuribl.exe.config file values for max and min skipweights to skip any
unnecessary processing of messages.
Darrell
Randy,
None that I am aware of. It's processing fine on all of my servers.
Also, version 1.x is very old (several years). We are now on version 3.1.1.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, an
chives can be found
> at http://www.mail-archive.com.
Darrell
Rick Klinge wrote:
Uh.. no I’m not having a bad day. I have asked why I keep receiving
these messages when I have not clearly filed any tickets.. so apparently
there is something wrong on your end.
--thus.. please
Going by the headers is not the best method to evaluate this. Some
tests are hidden from the headers depending on your configuration.
Check your Declude logs and post those to the list for that message and
we will be better able to figure out what happened.
Darrell
John,
It's hard to say depending on how the message was whitelisted dictates
which tests are ran. I never seen an official list on what tests get
run based on the level of whitelisting but I believe user authenticated
skips all tests. Can anyone confirm that?
Da
any issues like DNS tests timing out etc.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
David Dodell
Personally, I do not do per user blacklists. However, as one off
requests we have done this. In general if we are blacklisting something
its typically a global blacklist. Which may not be ideal in all cases
in an ISP type environment.
Darrell
Dean Lawrence wrote:
Thanks Darrell,
That
aspect but from the resources it would require to run.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers
Scott,
The EU is like the internet - it's just a fad that will pass soon.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integr
complete debug
message log for the test message.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers
Your weight ranges are set fine. There is nothing wrong with the syntax
of those. To be certain you only have weight ranges defined once right?
Can you throw your logs into debug and send a test outbound message
through. We will be able to help you better seeing this output.
Darrell
.
OUTBOUNDSCANNINGSPAMOFF
INBOUNDSCANNINGSPAM ON
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers
From looking at this the st07.edmsa.net server is running MSSMTP and
sending it back to you. Are they using MSSMTP as a gateway to relay it
internally to themself's? If so in the settings do they have it set to
use a smarthost instead of use DNS to deliver?
Da
Craig,
I currently use MS SMTP as a gateway for several customers. Shoot me a
note off list and I can help you get going.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue
hat you could
have links to file with akamai.net in the URL.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Pa
FWIW - I pulled
CSMA-SBL ip4r sbl.csma.biz 127.0.0.2 5 0
earlier this week as it was timing out for us.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/SmarterMail/Declude Queue Monitoring
MP3 spam - the new kid on the block
Posted on 18 October 2007.
Spammers are back with a new trick, this time round sending messages
with MP3 attachments that contain the latest pump-and-dump stock scams.
One sample identified this morning by GFI, was a heavily distorted
30-second MP3 file. A
to send mail to anyone
since his server is on private ip. No ISP will route RFC1918 addresses
across the public internet. So it's doubtful its a NAT issue.
Kevin - are you able to telnet to their mailserver from any other
machines on your network?
telnet 204.107.47.187 25
Darrell
---
T
off all the DNS
caching that Imail does for the Queuemgr it causes a lot of problems.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG I
Kevin,
All you need to do is install the service and your already in caching
mode. Just limit the outsides ability to query it since you will need
to have recursion enabled and MSDNS does not allow you to set what ip
blocks can and can not query the dns service.
Any problems let me know and
Can you post a more detailed smtp log for the 6863023f5c41
transaction. This would help more. You can out any addresses etc
to prevent harvesting..
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, an
Herb,
There were a lot of posts on this late last week on the forum. Declude
is working on the fix.
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integratio
moved.
IP Address 204.14.91.21 was not found in the CBL.
Thanks
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Pa
You will need to contact Declude at this point. There is nothing we can
do to help you out since the key is showing as expired thus is will not
process messages.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard
Randy,
Is the decludeproc service started?
Also, in the declude folder to you have a diags text file?
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI
I would not think so - do you have any other entries in the file? Do
you show any hits on it during the day for the other entries?
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow
on that line.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
David Dodell wrote:
Ebay notifications
FYI - Seen this on another list (SA-Users). David you may want to add
this to the RBL list.
This may interest those playing with RBL checks in SA, we have released
spamrats.com as a free RBL service now.
http://www.spamrats.com
RATS-NoPtr and RATS-Dyna will be the most useful, RATS-Spam is st
we had to find alternated - and we were VERY thankful AVG was
included in Declude.
Marc's post (as I interpreted it) was to make sure you did not end up in
a licensing bind as many others...
This list is very friendly and helpful and we would like to keep it that
way.
Darrell
SJ.Stanait
What are your settings in your declude.cfg file. Are you still using
the same setting in that file from Version 3? Has your mail volume
increased?
Darrell
Kevin Stanford wrote:
Hi all,
Since upgrading to Declude Version 4 (from version 3) my processor has
really taken a hit (runs about 90
Looks right to me -
I use
WEIGHT-TAG-RVW1 COPYFILE X:\Review\
WEIGHT-TAG-RVW2 COPYFILE X:\Review\Low
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue
would only assign a
score of "1" from the SORBS-SPAM(ALL) test. If the last hop was listed
than we would have a score of "3" since both the (LAST) and (ALL) test
would hit.
Let me know if this is not clear,
Darrell
--
Check out http://www.
Why not just base it on a REVDNS test for .fedex.com and assign a large
negative weight?
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integr
Uwe,
It's always a battle. However, there are a lot of good resources on
this list that are willing to share and help. I am sure we can get you
to the point where you can breath a bit again...
Darrell
--
Check out http://www.invariantsystems.co
Same deal Ben, with the exception you do not have to add the directive
below to the global.cfg.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL/URI
l.cfg file.
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, and SmarterMail. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Imail Admin wrote:
Right now, we only use JM on a
For those using invURIBL with Declude we have released an update today.
For more information
http://www.invariantsystems.com/invuribl/
Any questions let me know,
Darrell
--
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, and
SJ,
Andrew posted a blurb from SANS a couple of days ago.
Pump and dump scams now in PDF
Published: 2007-06-20,
Last Updated: 2007-06-20 21:33:39 UTC
by Maarten Van Horenbeeck (Version: 1)
Apparently the groups behind what we know as pump and dump spam have
found a new way to bypass spam filte
Sharyn,
I would check out robocopy in the resource kit. I use it all the time
to do stuff like this.
Darrell
-
Check out http://www.invariantsystems.com for utilities for Declude,
Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring,
SURBL
Are you looking for a solution like the PGP plug in's for Outlook or
something else?
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude and
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
Still here, just quiet. Sometimes that's a good thing :)
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And Imail.
IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
>>I think the whole idea of whitelisting the address book should be an
>>option that can be turned on/off from the config file.
It is with the AUTOWHITELIST setting in the global.cfg.
Darrell
invURIBL - Int
It tends to list large chunks of blocks. Even thought it lists good chunks I
still use it, because I have a lot of counterweighting where if it fails
FIVETEN its not the end of the world.
Darrell
Check out http
is way the users who do want
spam filtering would use the default junkmail file for the domain. My
assumption is based off that most of your users would want antispam thus
keeping a limited amount of files you have to deal with.
Let me know if you have any questions
See - http://isc.sans.org/diary.html
Wondering if anyone has actually seen any of these?
419 death threat scam
Published: 2007-05-08,
Last Updated: 2007-05-08 18:49:23 UTC
by Swa Frantzen (Version: 1)
A new scam is circulating on the Internet:
There are a number of variation on the text, but it
Harry,
REVDNS timeout occurs when Declude does not get an answer from the DNS serer
indicating the reverse entry does not exist. Basically this means the REVDNS
could exist but Declude is not sure because it never received a response back
saying it did or did not exist.
Darrell
Mark,
You have a link for those?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers
firewall this
could lead to some trouble as well.
Darrell
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL
PROTECTED])
Sent: Friday, April 13, 2007 10:08 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Vulnerability in RPC on Windo
FYI - This looks pretty serious and will probably affect most of us.
This alert is to notify you that Microsoft has released Security Advisory
935964 - Vulnerability in RPC on Windows DNS Server Could Allow Remote Code
Execution - on 12 April 2007.
Summary:
Microsoft is investigating new pu
Have you ruled out higher than normal mail volume?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration
What version did you upgrade from?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers
got a
bad server
in their farm?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
- Original Message -
From
So what exactly does this mean? We send our false positives to Declude and
they send them to CommTouch?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue
Jeff,
I had the exact same thing happen. I sent them a list of refid's that were
false positives per the false positive reporting document and never received
a response back either.
Has anyone received a response back?
Da
BlankIs there really a space in the logs or is that just a formatting issue?
philippe @ malivsion.com
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And Imail.
IMail/Declude Overflow Queue
>> Even thought the thread count sounds high even at 500 threads being used in
>> Task >>Manager, we never hit 100% CPU.
I think this may be because the system is bogged down context switching amongst
all of the t
g all those external processes. I would suggest also looking into
setting WAITFORTHREADS and WAITBETWEENTHREADS. To help give a bit of a break
between external processes.
Darrell
Check out http://www.invariantsystems.co
What is your mail volume and how many threads do you have declude configured
for?
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And Imail.
IMail/Declude Overflow Queue Monitoring, SURBL/URI
Sniffer log for any errors.
After making sure there are no errors I would restart the Sniffer persistant
service and Declude and see if the issue is resolved. It's possible Sniffer
could be stepping on itself trying to weed through all those files.
Da
I know you mentioned that you have tried a reinstall - but have you tried an
uninstall and made sure after that the decludeproc and declude.exe files are
gone from the Imail directory? Once you know they are gone try to reinstall
again.
Darrell
experience when you see all the threads being used with very
little to no CPU usage it tends to be a DNS issue (i.e slow or not responding
DNS server).
Darrell
Check out http://www.invariantsystems.com for utilities for Declude
martermail. This needs to be in the global.cfg.
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and L
r end causing the dropped
connections).
Darrell
Check out http://www.invariantsystems.com for utilities for Declude And Imail.
IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Pa
I would be very careful with this. IANA just released (I believe in
October) 96/8, 97/8, 98/8, 99/8. With the all_list.dat not being updated
frequently I would tred very lightly in this area. Part of 96/8 has been
handed out.
Darrell
1 - 100 of 699 matches
Mail list logo