Hi James ,
I am running also a large ISP mail servers , here is what i posted 2 month
ago.
I am using SMTP AUTH for all servers.Virus and Harvesters dont use SMTP AUTH
so i prevent DOS attack to my mail servers from infected computers using
this method.
If you are using a firewall this can help.
Here is the solution ,
If you are version 8.xx Imail.
Goto domain Outbound rules and add a rule.
If TO address contains [EMAIL PROTECTED] bounce
Thats all , the user when sending to local domain the mail will not be
processed by outbound rules.
Rifat Levis
- Original Message -
From
Very good News , this will prevent a lot of problems that we faced when
Easynet integrated SBL
We were having duplicates.
11 august ,have to change the conf file again.
Rifat Levis
- Original Message -
From: Rick Rountree [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday
DnsReport site is down i guess
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail
If you have some free time , have a look at the following site
www.try2hack.nl
9 level to pass. It's quite funny.
The first 4 level is Easy .
Regards
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
get 50 F.P or 150 F.P
Lets wait and see :)
Regards
Rifat Levis
- Original Message -
From: Joshua Levitsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 28, 2003 2:58 AM
Subject: Re: [Declude.JunkMail] New spamcop style RBL..
- Original Message -
From: Matt
I will appreciate , if anybody can post a msg
as soon as the new manuals are available.
I am cheking time to time ,after the realease of 1.75.
Would like to see the new tests such as SPAMDOMAINS in the
manual.
Regards
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus
Level Domain System of TR
Ask a NS query for domain
.tr
com.tr
edu.tr
You will see 144.122.199.90 etc
The reason i am using declude is to prevent to do things like that .
Regards
Rifat Levis
- Original Message -
From: Joshua Levitsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED
tests.
Andrew.
-Original Message-
From: Rifat Levis [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 5:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Declude using 50% cpu
I am running single P3 1.0 Ghz with 2 scsi HD
1st Drive OS
2nd Drive Imail.
Win2k , Sp4 , Imail 8.x
:347295673])
- Original Message -
From: Rifat Levis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 25, 2003 5:07 PM
Subject: Re: [Declude.JunkMail] Fw: - Resolution of Suspected AUP
Violation -(INFLOW:36688) ([SpamCop id:347295673])
ABOUT http://www.blackholes.us
As long
but not for
declude.
Regards
Rifat Levis
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 25, 2003 2:57 AM
Subject: RE: [Declude.JunkMail] Declude using 50% cpu
This server is slammed during buisness hours but it was making due with
dual 933
If you're listed by spamsites.relays.osirusoft.com please take this issue up
with spamsites.org
If you're listed by spews.relays.osirusoft.com please take this issue up
with spews.org
The data in relays.osirusoft.com is a composite of all other subzones.
Regards
Rifat levis
---
[This E-mail was scanned
http://www.globalremoval.com/
No comment .
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
interesting web pages ,
etc.
The final decision belong to Scott of course.
Regards
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED
It is seems like a intersting test , but it will do more harm to ISP ,
I am just thinking my case , having more than thousands domains.
If 1 of those domains start doing a spam , thousands of others will have
problems.
The isp mail servers also .
Adding a small weight can do the job :)
Rifat
of database to write the source ip .
May be it could be integrated to declude,
Dynamic change of CONFIG file will have really positive effect.
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing
a local mail address
for testing i guess .
Rifat Levis
- Original Message -
From: Glenn Brooks
To: [EMAIL PROTECTED]
Sent: Saturday, July 19, 2003 4:00 AM
Subject: [Declude.JunkMail] ORDB problem, slightly off
topic
We got listed on the ORDB database as a mail relay...everywhere I
Sender domain is same as mine .
Sender is my e-mail .
Which test or filter will fit best for this .
i have already 2 or 3 in mind but i wanted to have your ideas also.
Regards
Rifat levis
---BeginMessage
file which make very easy
everything.
example : The biggest spammer in my country sell a software and a cd with
10 millions mail address , the guys software open a connection
with HELO OMMO.NET
As soon as i found this unchanged field ,i added to my filter text.
Good Luck
Rifat Levis
atlas.net.tr invalid user
[EMAIL PROTECTED]
SMTPD (014200EE) [218.64.154.82] ERR atlas.net.tr invalid user
[EMAIL PROTECTED]
Regards
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list
for this kind of attachment ,
or
It is worth thinking on it to make a test ?
Just a thought.
Rifat Levis
smime.p7s
Description: S/MIME cryptographic signature
to the
list after the acquisition of a security company.
Regards
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
Yes ,exactly
Remove the smtp fixup and everything works fine
Better , remove the PIX firewall from your system , and add a real firewall
,
You will have much less problems.
Rifat
- Original Message -
From: Sanford Whiteman [EMAIL PROTECTED]
To: R. Scott Perry [EMAIL PROTECTED]
Sent:
I am lost...should the fix-up protocol be used or not? If not, how is it
turned off?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis
Sent: Thursday, June 26, 2003 11:41 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Cisco Pix firewall
10.10.10.1 myserver ip
Until now i didnt see any false positive
Did anyone see ?
Thanks
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
network , i will post it as soon as i have it
NOTE : Kami , already added in the country file a high weight for TR ,i
guess this because of those users.
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
MessageAndy ,
The key is to use Challenge/Response systems ONLY if the sender is
questionable, e.g., is an open relay, has no Reverse DNS, has a bogus
HELO, etc.
What about MAILFROM test
Do you delete mail failing the MAILFROM test ,
As i understood , people using Challenge/Response systems will
it on the
same server as IMail, or on a separate box?
Bill
-Original Message-
From: Rifat Levis
Sent: Mon, 16 Jun 2003 02:01:45 +0300
Subject: [Declude.JunkMail] DSN:Tarpitting and declude firewall integration
People intersted in tarpitting and Declude firewall integration can read
this.
I
.
You have a dynamic IP blocker. Tarpitting doesn't block, it slows the
attack down, consuming more of their resources, and making their connection
seem like it is stuck in a pit of tar (hence the name)
Jason
- Original Message -
From: Rifat Levis [EMAIL PROTECTED]
To: [EMAIL PROTECTED
attempt from this spamming IP's
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rifat Levis
Sent: Monday, June 16, 2003 2:52 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] DSN:Tarpitting and declude
firewall integration integration
it and then block it for 1 hour .
NOTE : I am sure that KAMI will be interested :)
Best Regards
Rifat Levis
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
DNS entries to fail the first time (if you ever see long
delays in reverse DNS lookups, that's because of this bug). You can
double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site.
I have too many timeout when cheking the first time REVDNS for non-existing
revdns .
Rifat
for hosting domains .
Rifat Levis
- Original Message -
From: Erminio Ballerini [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 4:02 PM
Subject: Re: [Declude.JunkMail] Hop, hophigh ipbypass
On 3 Jun 2003 at 8:14, R. Scott Perry wrote:
I think my reasoning
33 matches
Mail list logo