Serge,
According to the documented bitmasked result codes you have to use
something like
SCANFILE2 C:\PROGRA~1\FRISKS~1\F-PROT~1\fpscan.exe /report /verbose=2
VIRUSCODE2 1
VIRUSCODE2 2
VIRUSCODE2 3
VIRUSCODE2 5
VIRUSCODE2 6
VIRUSCODE2 7
VIRUSCODE2 9
VIRUSCODE2 10
VIRUSCODE2 11
VIRUSCODE2 13
VIRU
Or maybe even better:
create a text filter file containing all of your reliablest ip-blacklists.
RELIABLE-IP4R
~~
TESTSFAILED 0 CONTAINS CBL
TESTSFAILED 0 CONTAINS DSBL
TESTSFAILED 0 CONTAINS DSN
~~
and then use END statements like
TES
Following to the manual there is one action to add a line to the message
header: WARN
The HEADER-Action does not add it to the message header but to the head of
the body.
But the WARN-Action is limited as it does add a fixed line
X-RBL-Warning: (description)
What if I want to add a custom lin
> As such, I am starting to see from addresses ending in
> .rr.com coming from IPs that have Adelphia.net REVDNS records.
So
@rr.com .rr.
.rr.com .rr.
should become ?
Would it be an idea to ask for an enhanced spamdomains feature: Regex in the
second row?
Markus
---
This E-mail came fr
I've suggested it already years ago: would it be possible to have some
warning mechanism in order to detect long response times, timeouts or
connection problems (for whatever reason) not only in the debug loglevel?
Markus
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PRO
one time cost?
http://www.declude.com/site/purchaseleg.html talks
about several thousand dollars per year without precising how getwayed domains
are handled.
Markus
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
chrisSent: Thursday, October 12, 2006 4:11 PMTo:
declu
...and give a large part of our revenue to
Commtouch?
Provide a feasible way to justify the additional costs for
our existing customers and service contracts!
THEN we could talk about Commtouch.
BTW: even if it's hard work to maintain a reliable spam
filter it's not an impossible thing.
IMO you should never let a single test hold a messages.
The question is: what is a single test? Or Is invURIBL a single test?
invURIBL does multiple checks insinde and so it's practicaly a set of
URIBL-based tests that could add some points to the weighting system.
I would consider, to not block
Dave
I don't know your company and also if you do spam filtering only for your
own or if there are a lot of people behind your mailserver who should be
saved from spam, fraud, phishing & co.
I consider sniffer as one of the solid pillars in a fine-tuned and reliable
declude weighting system. Sni
Scott,
I can't remmeber exactly my suggestion (as said it was around two years ago)
but I've made a similar research as you in the logfiles in order to go sure
that the HH-SS / SH-SH ratio would be good enough to consider it a valuable
option for some points in the weighting system.
There are mo
> If email failed HELOBOGUS or NOREVDNS (or other specified
> tests) END otherwise compare the last 3 characters of the
> HELO with the last 3 characters of the REVDNS and if not
> match add say 1/5 or so of HOLD weight.
Hmm John, I consider it a good idea. As I can remember I suggested it
arro
Is "etc" a little one byte special ASCII-char who will
disable any blocking mechanism in declude junkmail?
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MattSent:
Saturday, July 15, 2006 12:26 AMTo:
declude.junkmail@declude.comSubject: Re: [Declud
This
pricing is just another way of saying "Go Away".
Suggestions?
Markus
---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
In the Virus-Manual they have listed beside %DATE% for use
in the eml-files also %EURDATE% and %ISODATE%
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran
JovanovicSent: Saturday, June 17, 2006 2:56 AMTo:
declude.junkmail@declude.comSubject: [Declud
utgoing,
which would then use actions contained in your Global.cfg
instead of a
JunkMail file, and I'm guessing that you don't have any actions
defined in your Global.cfg? Maybe that is the source of the bug.
I don't recall this ever happening with 2.x and before, s
your Global.cfg? Maybe that is the source of the bug.
I don't recall this ever happening with 2.x and before, so
maybe it's
a change of behavior in 3+.
Declude???
Matt
Markus Gufler wrote:
(reposting the same message without attachments)
Hi
Afte
;m guessing that you don't have any actions
defined in your Global.cfg? Maybe that is the source of the bug.
I don't recall this ever happening with 2.x and before, so
maybe it's
a change of behavior in 3+.
Declude???
Matt
Markus Gufler wrote:
hich would then use actions contained in your Global.cfg
instead of a
JunkMail file, and I'm guessing that you don't have any actions
defined in your Global.cfg? Maybe that is the source of the bug.
I don't recall this ever happening with 2.x and before, so
Interesting.
IMails SMTP logfiles says
06:05 16:31 SMTPD(40132ec6007227d9) [82.160.115.10] MAIL
FROM:
I'm not sure that this is exactly what's comming in durring
smtp-envelope but maybe it will fix the problem when we're able to set up a
imail rule that would block such type of mailfrom
Glenn,
"no tests run" seems the wrong thread title to me. As I can
see on my system all tests are running fine only the final action for a certain
type of messages appearing in the last 26 hours are confusing decludes hardcoded
logic and there is no way for us to solve this by change someth
ile, and I'm guessing that you don't have any actions
> > defined in your Global.cfg? Maybe that is the source of the bug.
> >
> > I don't recall this ever happening with 2.x and before, so
> maybe it's
> > a change of behavior in 3+.
> >
> &g
Sorry, I was offline
I have the following actions configured in both global.cfg
and $default$.junkmail
WEIGHT80 SUBJECT [SPAM: %WEIGHT%]
WEIGHT150 HOLD
And yes Matt you're right: There is definitively something
wrong when this message is threated as outgoing because comput.info is a lo
Hi
After reading this thread and have seen 3 spam messages in my inbox who has
final results-lines in the header with more then 200% of my hold weight I've
made some research: Exactly the same is happening here with Declude 3.1.0
and Imail 8.15 from 2006-06-04 20:00:00 GMT+1 on. I have the same ac
(reposting the same message without attachments)
Hi
After reading this thread and have seen 3 spam messages in my inbox who has
final results-lines in the header with more then 200% of my hold weight I've
made some research: Exactly the same is happening here with Declude 3.1.0
and Imail 8.15 fro
My favority is Superscan.
http://www.foundstone.com/ >
Ressources > Free Tools > Scanning Tools
The newest version is v4.
I still prefer v3 (scroll down in the
list)
it's free, 300kB, no install needed and working great.
ping, only, port scanning, ...
Markus
Von: [EMAI
It's offering some new features and last but not least it a
noticeable faster then v2.
Markus
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Nick
HayerGesendet: Montag, 22. Mai 2006 14:52An:
Declude.JunkMail@declude.comBetreff: Re: [Declude.JunkMail] Wha
Does anyone know "WhoisProtector"?
Making a whois-query for euro-autodeals.com the whole response is
~~
Registrant:
WhoisProtector Inc.
Domain Name:euro-autodeals.com
Domain servers in listed order:
a.dns.hos
> What is everyone else out there using?
Andy,
I've had similar problems with Sawmill v6.
v7 seems to be a complete rewrite and much more reliable and faster then the
previous version.
With a little bit of scripting I was also able to add new profiles
programatically from previous created tem
I imagine how I will install "Declude Security Suite 2006 - Service
Pack 3" and nearly everything is working as it should - including things
like thread-differentiated internal variables... :-)
Well: for me it's absolutley not important if it will be called "suite" or
yust "declude.exe". Centra
Personaly I wouldn't block or assign weights for
certain countries. (keep in mind that COUNTRY and COUNTRIES are not the
same)
But I've seen excellent results by assigning a relative
low wheigt for all IP-blacklists and add additional wheight only if the message
is not origininating from "
Sandy I thought the same and I'm sure many here too. But I preffered
ignoring this spam message and withut commenting with the hope to prevent an
unnecessary load to a list who's job is to provide support for declude
products and nothing else.
Markus
> -Original Message-
> From: [EMAIL
> What software / services do you guys use to watch your
> servers for up/down status?
HostMonitor
http://www.ks-soft.net/hostmon.eng/index.htm
cheap and reliable
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail
So for no problem, but how we tell Declude or DecludeProc that he should
connect to the service instead of executing the exe?
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Panda Consulting S.A. Luis Alberto Arango
> Sent: Wednesday, J
Title: Message
Hi Goran,
I write this because maybe Pete McNeil can clarify it
easily.
Does SNIFFER have something inside who can identify
CMDSPACE?
Only if it's not so it would be a good combo
filter.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of G
>From last week on I can see spam messages containing one single image. The
body is something like
The attached message is an image showing a slightly rotated text message.
Interesting: It has a total message size of arround 68 kbytes and so it's
maybe above certain threshoulds we've configure
My conclusion for this
day:
At the mid of december I decided to switch to declude
v3.
After several tests we discovered that a simply comment
after the license code like
CODE abcdefg
#mail.domain.com
wouldn't work anymore with v3. This would result in a
"invalid license code" m
SNIFFER-TRAVEL external 047 "C:\IMail\declude\sniffer\yourlicensecode.exe
yourverificationcode" 85 0SNIFFER-INSUR external 048 "C:\IMail\declude\sniffer\yourlicensecode.exe
yourverificationcode" 85 0SNIFFER-AV external 049 "C:\IMail\declude\sniffer\yourlicensecode.exe
yourverificationcode"
> Declude.cfg should be in your \Declude folder, is that where
> it is located ?
Hmm strange.
It was there and also in the "c:\program files\declude" folder where it was
after the initial installation.
Now I've deleted and recreated the declude.cfg file in the declude folder
and restarted the
> But after Darells suggestion I noticed another difference
> between both servers. SRV1 and SRV2 has configured two
> different DNS servers for lookups (even without DNSOVERERIDE)
>
> After disabling all DNS-based tests CPU usage seems going up
> to an average of 90% but only for certain peri
-Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
> Sent: Friday, January 13, 2006 10:56 AM
> To: Declude.JunkMail@declude.com
> Subject: RE: [Declude.JunkMail] Declude v3 CPU usage and
> processing speed
>
>
>
>
> I would try the DNSOVERRIDE x.x.x.x switch in your
> declude.cfg file. There is a post in the archive from
> Declude - Bill I beleive that explains more.
Can't find any message from "Bill"
Added DNSOVERRIDE without any result
Markus
---
[This E-mail was scanned for viruses by Declude EV
> 1. Set THREADS 200
Ok set to 200
> 2. Which virus scanner are you running ? and do you have
F-Prot and optionaly McAfee
> PRESCAN ON in your virus.cfg
Yes it was already set to ON
> 3. Try turning hyperthreading off.
Hmm the server is around 40 km away. As I know HAT is enabled/disabled
> I have worked with customers with similar Dual-Xeon CPU setup
> and have seen processing of 1000+ emails per minute.
We have two of this machines here. It has exactly the same config from the
screw who hold the server in the rack up to each dot in the junkmail config
file (except the license
> Ummm... Did anybody else get a piece of spam this morning with subject
> SPAMSPCE: that seems to have been relayed through Declude.com?
Yes.
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubsc
We've running W2k3 Server on a Dell PE1750 with 3GHz Dual-Xeon CPU and
SCSI-Raid system here.
Sometimes the proc folder is filling up with thousands of messages and
declude is processing it.
But it does process them way to slow.
While all 4 CPU-Usage graphs in the task manager has an average v
Title: Message
Matt
for this case I recommend using
TESTSFAILED END
CONTAINS SNIFFER-TRAVELTESTSFAILED END
CONTAINS SNIFFER-INSURTESTSFAILED END
CONTAINS SNIFFER-AVTESTSFAILED END
CONTAINS SNIFFER-MEDIATESTSFAILED END
CONTAINS SNIFFER-SWARETESTSFAILED END
CONTAINS SNIFFER-SNAKETESTSF
- but for random
incoming mail, there's some legit stuff coming in to us that
lacks a PTR record.
For us, the PTR record check is just one of the tests we run.
It is weighted heavily, but it is not decisive by itself.
-Dave Doherty
Skywaves, Inc.
- Original Message -
From: "Mark
;s some legit stuff coming in to us that
> lacks a PTR record.
>
> For us, the PTR record check is just one of the tests we run.
> It is weighted heavily, but it is not decisive by itself.
>
> -Dave Doherty
> Skywaves, Inc.
>
>
> - Original Message
I've tried it out and it seems running fine. But for our situation I need
something that is able to verify trough an external application and on the
recipients pop3-server in realtime if the mailbox is valid. So we've tested
Xwall and it seems running fine with more then 100k Messages/day.
At the
Another question: What's happened with messages in the review-folder? Whas
they delivered and why are they stored in this folder?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just sen
be seen immediately by the
> system, but the changes will not be reflected in the
> diags.txt file unless the service is restarted.
>
> David Franco-Rocha
> Declude Technical / Engineering
>
> - Original Message -
> From: "Markus Gufler" <[EMAIL PROTECTED]>
Question: what files in v3 are read once durring service startup and what
files are read for each message.
For example what happens if I update certain text filter files but do not
restart the decludeproc ?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
Thi
Martin,
How do you update Declude Junkmail without updating declude eva?
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin
> Sent: Wednesday, December 28, 2005 2:53 PM
> To: Declude.JunkMail@declude.com
> Subject: RE: [Declude
> A little holiday fun, video of the skit that begat the word
> spam to mean overwhelming junk:
>
> http://video.google.com/videoplay?docid=5627694446211716271
*gg*
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkM
"abend" in German means "evening".
good Abend! :-)
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T
(Lists)Sent: Wednesday, December 21, 2005 10:23 PMTo:
Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail]
Decludeproc abend
web-based forum: I have to go there each day and spend some
minutes to find out what's going on. My 24 hours each day are short enough that
I will do that one, two or some more days but then I will left the forum until I
have a new problem. And for shure not to see if someone maybe has a prob
I've seen now what type of message you mean.
It was already discussed in the last two weeks under the "cbl"-thread. Seems
that the spammer this time use a very simple way to send the spam with the
black borders. The body contains nothing else then
The message is always failing CMDSPACE and in
Try a text filter file like
BODY 20 BEGINSWITH -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dave
> Beckstrom
> Sent: Sunday, December 18, 2005 7:02 PM
> To: Declude.JunkMail@declude.com
> Subject: [Declude.JunkMail] Nasty Spammer
>
> I'm gettin
Title: Message
look at the "CBL Fw:news" -thread soe days
ago.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharyn
SchmidtSent: Thursday, December 15, 2005 6:07 PMTo:
Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Is anyone
sucessfull
Sandy,
I've tested the previous version and it seem's working great. The next step
will be testing it with several thousands of valid recipients.
Would it be an idea to develope it in this way that different virt.
IIS-SMTP-Services can use 5xxSink with different prescan.txt and
rcptlist.txt
So fo
e.JunkMail] REVDNS
>
> Spamdomains tests do not trigger on a REVDNS Timeout.
>
> - Original Message -
> From: "Markus Gufler" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, December 12, 2005 9:14 AM
> Subject: RE: [Declude.JunkMail] REVDNS
>
>
> > Than
ail@declude.com
> Subject: Re: [Declude.JunkMail] REVDNS
>
> REVDNS 10 IS (Timeout)
>
> - Original Message -
> From: "Markus Gufler" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, December 12, 2005 1:42 AM
> Subject: RE: [Declude.JunkMail] REVDNS
> I'm going to try
> REVDNS END CONTAINS (timeout)
Can you send a message from an IP who will timeout for REVDNS?
Declude support?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, jus
> I think it may be (timeout). I know Scott
> Fisher posted a filter the other day that had the exact text
> on what it is when rev dns times out.
It was a message from Scott Fisher on the "cbl"-thread and as I can see he
posted a line
TESTSFAILED 50 CONTAINS REVDNS-TIMEOUT
So it would be in
Do you have a list of valid recipients for this store and forward customer?
If yes search for Sanford Whiteman's posting this week with the subject
"ANN: Availability of 5xxSink 0.5.00, IIS SMTP event sink for text-file
recipient validation"
Markus
> -Original Message-
> From: [EMAIL PR
Maybe it's not realy important, but anyone know's Gtube, the EICAR-like Spam
test-mail?
http://spamassassin.apache.org/gtube/
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send a
This seems a great thing. It should also allow me to run gatewaying services
to a restricted number of recipients, or in other words: offer relaying
packages for 10, 20, 30, ... users.
How much users are realistic vor 5xxSink?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.de
> What's even funnier is by the time I am ready to get in bed,
> Europe is going to work.
mmmh, what? ... ...
Ah, hi guys, good morning from Europe!
We've around 12 inches of snow here over night. Where's the
snowshovel?
Maybe I will add BANEXT .snow to my con
> Will this feature be available in a future release?
Nick,
Darrel's InvURIBL is everything else then expensive and very usefull.
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just
> I was just thinking the same thing, that strictly going by
> file name would not be best.
Well at least it would be ressource friendly.
Some thoughts:
Count attached file names but
1)ignore extensions like gif, jpg, pdf, ...
or alternatively look only for known risky extensions like zip, e
Wow!
It's like 1995 - 2005 had never been.
:-|
ok, I must say I never worked with Declude Hijack. It's not
simply this what we need now?
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
AndrewSent: Thursday, November 17, 2005 6:41 PMTo:
Dec
As I can understand a feature like "max. logon try's
between x minutes" on the server would not prevent such hacking attempts because
they try to hack the login on a infected client.
Question: How will this work? Are passwords still so easy
to read as 10 years ago in Win95 or will the malwa
> Another way that you could deal with this specific Microsoft
> Office Outlook build is to create a filter that contains the
> following:
>
> HEADERS -8 CONTAINS Microsoft Office Outlook,
> Build 11.0.5510
...but keep in mind that some Spammers write in the headers exactly this
Nice to know!
Now it's time to set up the new mailserver ;-)
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> David Franco-Rocha [ Declude ]
> Sent: Friday, October 28, 2005 3:32 PM
> To: Declude.JunkMail@declude.com
> Subject: [Declude
> I want to use combo filtering with testsfailed to further
> punish emails that fail two or more of the reliable tests.
Travis,
I do a similar thing for a long time now and I'm very happy with the
following solution:
1.) create a new filter test COMBO-IP4R:
COMBO-IP4R filter C:\IMail\Declude
Hi Spamfighters,
This one I have a maybe little strange question. One of our customers (a
touristic office) has collected over years email-adresses of all their
customers. (I'v already checked: it was and is a clear opt-in checkbox on
the contact form)
Hovewer the number of email-adresses is a li
> ...
> 66.148.217.251 domain.com
> 70.60.133.251 domain.com
>
> will this mechanism rotate through both IPs or will it also
> just use whichever it hits first when reading from the top of
> the list down? Or is it just a bad idea in general to do
> this and we will just have to change the
Thank you!
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of David Barker
> Sent: Wednesday, September 28, 2005 12:08 AM
> To: Declude.JunkMail@declude.com
> Subject: RE: [Declude.JunkMail] Country Test Very odd Results
>
> Hey Guys,
>
> I
> We wrote two very quick custom utilites for a customer that
> may be of use to you. All are provided "as is" free of charge.
>
> SpamSize...
> ipHarvest ...
Darrell,
This are simple but great tools!
Specially the ipharvest-tool can be used in a monitoring system to alert
automaticaly on
David thank ou for the link.
Gary,
The all_list.dat file is a database of net-blocks (IP-ranges) that are
assigned to certain countries.
Declude looks at the delivery chain of messages in the mail header and can
construct the country-chain by comparing the IP-Adresses in the mail-header
with the d
I'm still on v1.82 but have a valid SA and my all_list.dat file is older
then 04/08/2005.
Where can I get the newest dat-file?
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
> Sent: Monday, September 19, 2005 5:29 PM
> To: Dec
Looking at the last 80.000 messages on our Mailserver SPFPASS has had a
positive result on 11%
Following the final weight after all spam tests 7 from this 11% was right.
The other 4% was a wrong result.
SPFFAIL will only catch around 1% of all processed messages. Nearly all of
the catched right a
> You will probably need to add the virtual host keys as
> well, but you certainly will be able to fake it out using
> the Registry alone. No IMail EXEs will be necessary to install.
Maybe not only virtal host keys but also one for each user mailbox.
Autowhite does a great job at my side
> Up to this point I have not
> seen a false positive from a legit mail server.
> Have others?
Yes.
Older version of Tobit Infocenter has failed CMDSPACE. I've send them some
informations about the effectiveness of the CMDSPACE test and as I know they
have changed their MTA in never release
> and threading is fun, you pretty much have everything in
> place to communicate back and forth between processes.
> allowing many instances of declude to talk to each other.
That's what I mean.
Maybe this will allow us also to have/create new functionality. For example
(I don't know if I'm t
What happens if you nslookup from the imail/declude server to your
configured Nameservers and querry something?
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown
> Sent: Wednesday, August 24, 2005 3:29 PM
> To: Declude.JunkMail@dec
I've running Imail 8.15 and the Declude 1.82 here and everything is running
fine.
Do you realy need Imail 8.2?
Declude as a multi-threaded service sound very promising.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Heimir Eidskrem
> I'd report it as an open redirector to google. Then collect a
> few samples and create a filter to attack it.
As I can see this link will work on all cTLD-google domains (google.li
google.it google.de google.fr ...) and also google.com
Maybe sniffer can do this bether then any normal text fil
Any idea how to catch this?
h t t p : / / w w w . g o o g l e . l i / u r l ? q =
http%3A%2F%2Fwww%2Ebestflirt%2Ebiz%2Fcms%2F%3Fgo%3Dtp&wid=ifni&q=8
Both invURIBL and SNIFFER hasn't catched it.
Markus
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-m
> Any dns experts on the list?
I'm not an expert but
> ...The server needs to do dns lookups for our clients,
That's not a problem as long as you allow outgoing DNS traffic on your
firewall (or in your case cisco router)
> and needs to be available to other internet DNS servers for
> infor
> Before rebooting my server I allways RENAME a dangerous file...
..maybe this will not work as long as the processes run and can't be stopped
in the task manager. But if possible I too rename the original malware file
and create a new one. (new empty textfile renamed to the previous filename)
Title: Message
Here's an example
~
@paypal.com
.paypal.citibank.com .ssmb.comfleet.com .bkb.comwellsfargo.com .norwest.com.ebay.com
.emailebay.com@ebay.com .ebay.com~
incomming emails has to
match mailfrom and revdns
The optional second column
is
Excellent list, Matt.
Some of this I've allready discovered durring my
tests.
Hopefully people at smartertools can read
this.
At the moment I hope they will address at least the most
important things. A wrong sorted send folder is nothing against something
that will bring us admins cri
Chuck,
Here some numbers from my side:
100k messages in the last 7 days
50.5% identified as legit, 49.5% as spam (viruses was filtered out before)
The best IP4R-based tests was
CBL (21%, 0.37%FP), SPAMCOP (21%, 0.47%FP) and XBL-DYNA (19%, 0.27%FP)
So they catch less then 50% of incoming spam wit
In the last hours a I can see some strange messages (see attached samples)
send from different servers and obviously forged mailfrom adresses.
Each message has as Subject and as Body "1" and an attached but empty file
named "1.txt"
The mailfrom-adress seems to be the first part of the recipients a
Matt,
I'm not sure if this will help you. As I understand you and other people go
to use the alternative port 587 just because more and more ISP's are
blocking outgoing SMTP-traffic on port 25.
I must say that in my region here I know only one ISP doing this and we've
resolved the problem by impl
The ?B? in the encoded string tells you that it's a base64 decoded message.
Googling for "decode base64" should help you.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
> Sent: Friday, July 08, 2005 4:55 PM
> To: Declude.Junk
It was a defacement and it's restored now.
Looks like PHPNuke and it's derivates has seriuos security problems.
Markus
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives
Thanks for reporting this. I've forwarded it to Wolfgang as I have no access
to this server. Hopefully it's only a defacement.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Heimir Eidskrem
> Sent: Tuesday, June 14, 2005 6:16 AM
> To:
> The "control panel for dummies" approach of Postini now lets
> us defer the tweaks back to the user. Too much spam getting
> through? Well, sir, please log in to your "Message Center"
> (Postini lingo for web control panel) and crank up your settings.
That's what we do for our customers and
1 - 100 of 614 matches
Mail list logo