Milter-greylist

Hi,

I use uribl to score emails in SA. What I'd like to do is just drop any emails
that exist in URIBL_BLACK (the blacklist category of uribl).

I'm looking for a way to do this and am wondering if milter-greylist can do it?

I don't think it can because a message needs to be accepted first, scanned to
query the URI in it against multi.dnsbl.com and then perform an appropriate
action.

But I thought I'd ask anyway as maybe someone can recommend a solution to do this?

Thanks.

Michael.

On Thu, 15 Jan 2009, Michael Mansour wrote:

> 
> Hi,
> 
> I use uribl to score emails in SA. What I'd like to do is just drop any emails
> that exist in URIBL_BLACK (the blacklist category of uribl).
> 
> I'm looking for a way to do this and am wondering if milter-greylist can do it?
> 
> I don't think it can because a message needs to be accepted first, scanned to
> query the URI in it against multi.dnsbl.com and then perform an appropriate
> action.

You used the word drop.  Drop is easy.  REJECT is hard.

-Dan Mahoney

-- 

Pika Pika Pika!

-Pikachu, of Pokemon fame.

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Hi Dan,

> > Hi,
> > 
> > I use uribl to score emails in SA. What I'd like to do is just drop any emails
> > that exist in URIBL_BLACK (the blacklist category of uribl).
> > 
> > I'm looking for a way to do this and am wondering if milter-greylist can
do it?
> > 
> > I don't think it can because a message needs to be accepted first, scanned to
> > query the URI in it against multi.dnsbl.com and then perform an appropriate
> > action.
> 
> You used the word drop.  Drop is easy.  REJECT is hard.

Hmm.. ok, how would I just drop these emails? 

I'm currently looking in SpamAssassin but it's basically a message filter and
scorer, no drops. Checking SA 3rd party plugins also don't show any which drop.

Thanks.

Michael.

> -Dan Mahoney
> 
> --
> 
> Pika Pika Pika!
> 
> -Pikachu, of Pokemon fame.
> 
> --------Dan Mahoney--------
> Techie,  Sysadmin,  WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144   AIM: LarpGM
> Site:  http://www.gushi.org
> ---------------------------

On Thu, 15 Jan 2009, Michael Mansour wrote:

> 
> Hi Dan,
> 
> > > Hi,
> > >
> > > I use uribl to score emails in SA. What I'd like to do is just drop any emails
> > > that exist in URIBL_BLACK (the blacklist category of uribl).
> > >
> > > I'm looking for a way to do this and am wondering if milter-greylist can
> do it?
> > >
> > > I don't think it can because a message needs to be accepted first, scanned to
> > > query the URI in it against multi.dnsbl.com and then perform an appropriate
> > > action.
> >
> > You used the word drop. Drop is easy. REJECT is hard.
> 
> Hmm.. ok, how would I just drop these emails?
> 
> I'm currently looking in SpamAssassin but it's basically a message filter and
> scorer, no drops. Checking SA 3rd party plugins also don't show any which drop.

Yes, for that you use procmail, or whatever calls spamassassin can also be 
configured to -- for example, some of the spamasssassin-calling-milters 
can be configured to drop a message outright if it scores over, say 
20...which means you just adjust the scores you need, accordingly.

-Dan

-- 

"What are you looking at?"

"My brain!"

-DM/SK, 2AM


--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Michael Mansour <mic@...> wrote:

> I use uribl to score emails in SA. What I'd like to do is just drop any emails
> that exist in URIBL_BLACK (the blacklist category of uribl).
> 
> I'm looking for a way to do this and am wondering if milter-greylist can
> do it?

You are talking about content filtering, right? If the message body
contains http://www.evilmarket.com and evilmarket.com.somebl.com
exists, then reject?

That could be implemented, but the difficult part is to deal with the
numerous URL obfsucation scheme: in an HTML document, the URL could be
constructed dynamically at run time using javascript. I don't think it
is reasonable to embed a javascript engine in milter-greylist.

How does SpamAssassin do it, by the way?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Thu, Jan 15, 2009 at 11:49:16AM +1100, Michael Mansour wrote:
> Hi Dan,
> 
> > > Hi,
> > > 
> > > I use uribl to score emails in SA. What I'd like to do is just drop any emails
> > > that exist in URIBL_BLACK (the blacklist category of uribl).
> > > 
> > > I'm looking for a way to do this and am wondering if milter-greylist can
> do it?
> > > 
> > > I don't think it can because a message needs to be accepted first, scanned to
> > > query the URI in it against multi.dnsbl.com and then perform an appropriate
> > > action.
> > 
> > You used the word drop.  Drop is easy.  REJECT is hard.
> 
> Hmm.. ok, how would I just drop these emails? 
> 
> I'm currently looking in SpamAssassin but it's basically a message filter and
> scorer, no drops. Checking SA 3rd party plugins also don't show any which drop.

Add these lines to greylist.conf (milter-greylist >= 4.1.6):

   spamdsock unix "/path/to/spamd.sock"
   dacl blacklist spamd > 10 msg "Your message is considered spam."


and this line to local.cf:

   score URIBL_BLACK 1000


That will get you a REJECT after the data-stage. Which is better then
DISCARD (Claim successful delivery and silently discard the message.),
IMHO.



   Petar Bogdanovic

On Thu, Jan 15, 2009 at 05:53:45AM +0100, manu@... wrote:
> Michael Mansour <mic@...> wrote:
> 
> > I use uribl to score emails in SA. What I'd like to do is just drop any emails
> > that exist in URIBL_BLACK (the blacklist category of uribl).
> > 
> > I'm looking for a way to do this and am wondering if milter-greylist can
> > do it?
> 
> You are talking about content filtering, right? If the message body
> contains http://www.evilmarket.com and evilmarket.com.somebl.com
> exists, then reject?
> 
> That could be implemented, but the difficult part is to deal with the
> numerous URL obfsucation scheme: in an HTML document, the URL could be
> constructed dynamically at run time using javascript. I don't think it
> is reasonable to embed a javascript engine in milter-greylist.
> 
> How does SpamAssassin do it, by the way?

As far as I remember, an URI in the following form:

   www(.)herbalviagra(.)cc


will pass all URI-blacklist checks in SpamAssassin. OTOH, that kind of
obfuscation will make most E-Mail clients ignore the URI as well.. and
while clicking a link is easy, copy-and-edit-and-paste is definitely a
tough job. :)



   Petar Bogdanovic

Am Donnerstag Januar 15 2009 01:49 schrieb Michael Mansour:
> Hi Dan,
>
> > > Hi,
> > >
> > > I use uribl to score emails in SA. What I'd like to do is just drop
> > > any emails that exist in URIBL_BLACK (the blacklist category of
> > > uribl).
> > >
> > > I'm looking for a way to do this and am wondering if milter-greylist
> > > can
>
> do it?
>
> > > I don't think it can because a message needs to be accepted first,
> > > scanned to query the URI in it against multi.dnsbl.com and then
> > > perform an appropriate action.
> >
> > You used the word drop.  Drop is easy.  REJECT is hard.
>
> Hmm.. ok, how would I just drop these emails?
>
> I'm currently looking in SpamAssassin but it's basically a message filter
> and scorer, no drops. Checking SA 3rd party plugins also don't show any
> which drop.

perhaps you would like to check out MIMEdefang? (www.mimedefang.org)

Jürgen
-- 
Diese E-Mail wurde klimafreundlich
und atomstromfrei erzeugt:
http://www.atomausstieg-selber-machen.de/

On 15/01/2009 11:59, Juergen Kleff wrote:
> Am Donnerstag Januar 15 2009 01:49 schrieb Michael Mansour:
>    
>> Hi Dan,
>>
>>      
>>>> Hi,
>>>>
>>>> I use uribl to score emails in SA. What I'd like to do is just drop
>>>> any emails that exist in URIBL_BLACK (the blacklist category of
>>>> uribl).
>>>>
>>>> I'm looking for a way to do this and am wondering if milter-greylist
>>>> can
>>>>          
>> do it?
>>
>>      
>>>> I don't think it can because a message needs to be accepted first,
>>>> scanned to query the URI in it against multi.dnsbl.com and then
>>>> perform an appropriate action.
>>>>          
>>> You used the word drop.  Drop is easy.  REJECT is hard.
>>>        
>> Hmm.. ok, how would I just drop these emails?
>>
>> I'm currently looking in SpamAssassin but it's basically a message filter
>> and scorer, no drops. Checking SA 3rd party plugins also don't show any
>> which drop.
>>      
>
> perhaps you would like to check out MIMEdefang? (www.mimedefang.org)
>
> J\ufffdrgen
>    
Another option is MailScanner ( http://www.mailscanner.info ) which, 
lets you do clever things based on SA rules which have been hit (see 
"SpamAssassin Rule Actions" in MailScanner.conf).

Phil

Hi,

> Am Donnerstag Januar 15 2009 01:49 schrieb Michael Mansour:
> > Hi Dan,
> >
> > > > Hi,
> > > >
> > > > I use uribl to score emails in SA. What I'd like to do is just drop
> > > > any emails that exist in URIBL_BLACK (the blacklist category of
> > > > uribl).
> > > >
> > > > I'm looking for a way to do this and am wondering if milter-greylist
> > > > can
> >
> > do it?
> >
> > > > I don't think it can because a message needs to be accepted first,
> > > > scanned to query the URI in it against multi.dnsbl.com and then
> > > > perform an appropriate action.
> > >
> > > You used the word drop.  Drop is easy.  REJECT is hard.
> >
> > Hmm.. ok, how would I just drop these emails?
> >
> > I'm currently looking in SpamAssassin but it's basically a message filter
> > and scorer, no drops. Checking SA 3rd party plugins also don't show any
> > which drop.
> 
> perhaps you would like to check out MIMEdefang? (www.mimedefang.org)

Yeah I know about that but the thing I'm trying to avoid is accepting the
emails for processing altogether. When my servers get hammered with 10 or 20
spams a second, processing that trash only to delete it wastes valuable
resources. It's much better to handle it at the MTA and reject there, so as
not to even process the trash.

Through another list I was told to use milter-link, which does exactly what I
want and is currently running on a test server. It's looking good and is
working fine so far. I'll likely put it into production by the end of today.

I know milter-greylist can query IP blacklists (I use that already) but I
wonder if milter-greylist's dnsrbl function can query URI lists like:

multi.surbl.org
multi.uribl.org

?

If it can, then technically speaking, I don't need milter-link at all,
milter-greylist would be able to perform the same function.

Michael.

On Fri, Jan 16, 2009 at 10:15:25AM +1100, Michael Mansour wrote:
> Hi,
> 
> > Am Donnerstag Januar 15 2009 01:49 schrieb Michael Mansour:
> > > Hi Dan,
> > >
> > > > > Hi,
> > > > >
> > > > > I use uribl to score emails in SA. What I'd like to do is just drop
> > > > > any emails that exist in URIBL_BLACK (the blacklist category of
> > > > > uribl).
> > > > >
> > > > > I'm looking for a way to do this and am wondering if milter-greylist
> > > > > can
> > >
> > > do it?
> > >
> > > > > I don't think it can because a message needs to be accepted first,
> > > > > scanned to query the URI in it against multi.dnsbl.com and then
> > > > > perform an appropriate action.
> > > >
> > > > You used the word drop.  Drop is easy.  REJECT is hard.
> > >
> > > Hmm.. ok, how would I just drop these emails?
> > >
> > > I'm currently looking in SpamAssassin but it's basically a message filter
> > > and scorer, no drops. Checking SA 3rd party plugins also don't show any
> > > which drop.
> > 
> > perhaps you would like to check out MIMEdefang? (www.mimedefang.org)
> 
> Yeah I know about that but the thing I'm trying to avoid is accepting the
> emails for processing altogether. When my servers get hammered with 10 or 20
> spams a second, processing that trash only to delete it wastes valuable
> resources. It's much better to handle it at the MTA and reject there, so as
> not to even process the trash.

As long as you're doing checks against the message body, you are
processing the message. Just because the processing may take place
during the SMTP conversation, doesn't mean that it will claim less
resources.



   Petar Bogdanovic

Hi Petar,

> On Fri, Jan 16, 2009 at 10:15:25AM +1100, Michael Mansour wrote:
> > Hi,
> > 
> > > Am Donnerstag Januar 15 2009 01:49 schrieb Michael Mansour:
> > > > Hi Dan,
> > > >
> > > > > > Hi,
> > > > > >
> > > > > > I use uribl to score emails in SA. What I'd like to do is just drop
> > > > > > any emails that exist in URIBL_BLACK (the blacklist category of
> > > > > > uribl).
> > > > > >
> > > > > > I'm looking for a way to do this and am wondering if milter-greylist
> > > > > > can
> > > >
> > > > do it?
> > > >
> > > > > > I don't think it can because a message needs to be accepted first,
> > > > > > scanned to query the URI in it against multi.dnsbl.com and then
> > > > > > perform an appropriate action.
> > > > >
> > > > > You used the word drop.  Drop is easy.  REJECT is hard.
> > > >
> > > > Hmm.. ok, how would I just drop these emails?
> > > >
> > > > I'm currently looking in SpamAssassin but it's basically a message filter
> > > > and scorer, no drops. Checking SA 3rd party plugins also don't show any
> > > > which drop.
> > > 
> > > perhaps you would like to check out MIMEdefang? (www.mimedefang.org)
> > 
> > Yeah I know about that but the thing I'm trying to avoid is accepting the
> > emails for processing altogether. When my servers get hammered with 10 or 20
> > spams a second, processing that trash only to delete it wastes valuable
> > resources. It's much better to handle it at the MTA and reject there, so as
> > not to even process the trash.
> 
> As long as you're doing checks against the message body, you are
> processing the message. Just because the processing may take place
> during the SMTP conversation, doesn't mean that it will claim less
> resources.

Hmm.. yes you're right. It only comes down then to the processing at the MTA
being less than the processing done at the scanner. I use MailScanner which
logs into a DB, so in my case doing this part at the MTA saves processing and
mail logging down the road, but that may not be the case for others.

Thanks and regards,

Michael.

>    Petar Bogdanovic

Petar Bogdanovic <petar@...> wrote:

> As long as you're doing checks against the message body, you are
> processing the message. Just because the processing may take place
> during the SMTP conversation, doesn't mean that it will claim less
> resources.

MIMEdefang will really parse the message, and perhaps it creates
temporary files. That consumes much more ressources than just reading
the message in memory and looking for some patterns.

Implementing it in milter-greylist could have merits IMO. 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Michael Mansour <mic@...> wrote:

> I know milter-greylist can query IP blacklists (I use that already) but I
> wonder if milter-greylist's dnsrbl function can query URI lists like:
> 
> multi.surbl.org
> multi.uribl.org

We can tweak it to do so, this is the easy part.
The tricky part is to find the URI in the message. What are you going to
look at? Something like this?
://[-_a-zA-Z\.]+\.[a-zA-Z]+

We can collect all the URI while we look at the body, store them in a
chained list, and query a URIBL for each collected URI. I am willing to
implement that, provided someone answers the question above.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Quoting Michael Mansour <mic@...>:

> Hi Petar,
>
>> On Fri, Jan 16, 2009 at 10:15:25AM +1100, Michael Mansour wrote:
>> > Hi,
>> >
>> > > Am Donnerstag Januar 15 2009 01:49 schrieb Michael Mansour:
>> > > > Hi Dan,
>> > > >
>> > > > > > Hi,
>> > > > > >
>> > > > > > I use uribl to score emails in SA. What I'd like to do is  
>>  just drop
>> > > > > > any emails that exist in URIBL_BLACK (the blacklist category of
>> > > > > > uribl).
>> > > > > >
>> > > > > > I'm looking for a way to do this and am wondering if   
>> milter-greylist
>> > > > > > can
>> > > >
>> > > > do it?
>> > > >
>> > > > > > I don't think it can because a message needs to be accepted first,
>> > > > > > scanned to query the URI in it against multi.dnsbl.com and then
>> > > > > > perform an appropriate action.
>> > > > >
>> > > > > You used the word drop.  Drop is easy.  REJECT is hard.
>> > > >
>> > > > Hmm.. ok, how would I just drop these emails?
>> > > >
>> > > > I'm currently looking in SpamAssassin but it's basically a   
>> message filter
>> > > > and scorer, no drops. Checking SA 3rd party plugins also   
>> don't show any
>> > > > which drop.
>> > >
>> > > perhaps you would like to check out MIMEdefang? (www.mimedefang.org)
>> >
>> > Yeah I know about that but the thing I'm trying to avoid is accepting the
>> > emails for processing altogether. When my servers get hammered   
>> with 10 or 20
>> > spams a second, processing that trash only to delete it wastes valuable
>> > resources. It's much better to handle it at the MTA and reject   
>> there, so as
>> > not to even process the trash.
>>
>> As long as you're doing checks against the message body, you are
>> processing the message. Just because the processing may take place
>> during the SMTP conversation, doesn't mean that it will claim less
>> resources.
>
> Hmm.. yes you're right. It only comes down then to the processing at the MTA
> being less than the processing done at the scanner. I use MailScanner which
> logs into a DB, so in my case doing this part at the MTA saves processing and
> mail logging down the road, but that may not be the case for others.
>
> Thanks and regards,
>
> Michael.
>
>>    Petar Bogdanovic

Personally what I do is, Accept the message, filter it with spamass,  
add ip/score into database, do user filtering.

Then ever few min run a script to get stats based on ip for spam  
scores, viruses, and other stuff, and pick ip's that should be  
blacklisted.

Making the scripts to do this is not very hard, and you can either  
hard blacklist, or just blacklist it for an hour or so at a time.

I need to white-list an IP address, not a domain or email address. How 
is that done?

Thanks,
Rick

Am Freitag Januar 16 2009 16:51 schrieb Rick Knight:
> I need to white-list an IP address, not a domain or email address. How
> is that done?
>
> Thanks,
> Rick

check out the fine wiki :-) 
http://milter-greylist.wikidot.com/whitelisting-servers

Jürgen
-- 
Diese E-Mail wurde klimafreundlich
und atomstromfrei erzeugt:
http://www.atomausstieg-selber-machen.de/

Juergen Kleff wrote:
> Am Freitag Januar 16 2009 16:51 schrieb Rick Knight:
>   
>> I need to white-list an IP address, not a domain or email address. How
>> is that done?
>>
>> Thanks,
>> Rick
>>     
>
> check out the fine wiki :-) 
> http://milter-greylist.wikidot.com/whitelisting-servers
>
> J\ufffdrgen
>   
The fine wiki seems to be down.

Rick

On Fri, Jan 16, 2009 at 5:12 PM, Rick Knight <rick_knight@...> wrote:
> The fine wiki seems to be down.

Not from here. Check your cable. :-)

-- 
/peter

Rick Knight wrote on Fri, 16 Jan 2009 08:12:18 -0800:

> The fine wiki seems to be down.

No. In the future please do not hijack threads. If you send a question use 
the "new message" button, thanks.

Kai

-- 
Kai Sch\ufffdtzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

On Fri, 16 Jan 2009, Kai Schaetzl wrote:

> 
> Rick Knight wrote on Fri, 16 Jan 2009 08:12:18 -0800:
> 
> > The fine wiki seems to be down.
> 
> No. In the future please do not hijack threads. If you send a question use
> the "new message" button, thanks.

He was responding to a reply to his own question, and the only response he 
had gotten to that question was a wiki URL.  Calling this hijacking is a 
bit fierce.  I'd call it on-topic, even if just as a request for "hey can 
someone give me the answer here" (although he failed to state that).

-Dan

-- 

"I love you forever eternally."

-Connaian Expression

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------

Dan Mahoney, System Admin wrote:
>
> On Fri, 16 Jan 2009, Kai Schaetzl wrote:
>
> >
> > Rick Knight wrote on Fri, 16 Jan 2009 08:12:18 -0800:
> >
> > > The fine wiki seems to be down.
> >
> > No. In the future please do not hijack threads. If you send a 
> question use
> > the "new message" button, thanks.
>
> He was responding to a reply to his own question, and the only 
> response he
> had gotten to that question was a wiki URL. Calling this hijacking is a
> bit fierce. I'd call it on-topic, even if just as a request for "hey can
> someone give me the answer here" (although he failed to state that).
>
> -Dan
>
> -- 
>
> "I love you forever eternally."
>
> -Connaian Expression
>
> --------Dan Mahoney--------
> Techie, Sysadmin, WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144 AIM: LarpGM
> Site: http://www.gushi.org <http://www.gushi.org>
> ---------------------------
>
>  
Thanks Dan,

I was finally able to access the Milter-greylist wiki page and find the 
answer to my question, but I had to access my home PC remotely and then 
browse to the wiki. I can't access the wiki page from work even though I 
can access the rest of the Milter-greylist site, strange (no, I'm not 
being blocked by a web filter at work).

Rick

-------- Original Message  --------

Subject: Re: [milter-greylist] white-listing an IP address
From: Dan Mahoney, System Admin <danm@...>
To: milter-greylist@yahoogroups.com
Date: Fri 16 Jan 2009 12:37:07 PM EST

> On Fri, 16 Jan 2009, Kai Schaetzl wrote:
> He was responding to a reply to his own question, and the only response he 
> had gotten to that question was a wiki URL.  Calling this hijacking is a 
> bit fierce.  I'd call it on-topic, even if just as a request for "hey can 
> someone give me the answer here" (although he failed to state that).
> 
> -Dan
> 

The 'original' post was a reply to a post in a different thread however. If 
your mail client supports threading and you use that view then it will display 
this thread under the one for 'blacklisting from uribl'.


Ryan Moore
----------
Perigee.net Corporation
704-849-8355 (sales)
704-849-8017 (tech)
www.perigee.net

On Fri, 16 Jan 2009, Ryan Moore wrote:

> 
> -------- Original Message --------
> Subject: Re: [milter-greylist] white-listing an IP address
> From: Dan Mahoney, System Admin <danm@...>
> To: milter-greylist@yahoogroups.com
> Date: Fri 16 Jan 2009 12:37:07 PM EST
> 
> > On Fri, 16 Jan 2009, Kai Schaetzl wrote:
> > He was responding to a reply to his own question, and the only response he
> > had gotten to that question was a wiki URL. Calling this hijacking is a
> > bit fierce. I'd call it on-topic, even if just as a request for "hey can
> > someone give me the answer here" (although he failed to state that).
> >
> > -Dan
> >
> 
> The 'original' post was a reply to a post in a different thread however. If
> your mail client supports threading and you use that view then it will display
> this thread under the one for 'blacklisting from uribl'.

That, I was not aware of.  I'll give up alpine when they pry it from my 
cold, dead, fingers.

-Dan Mahoney

On Fri, Jan 16, 2009 at 7:42 PM, Rick Knight <rick_knight@...> wrote:
> I was finally able to access the Milter-greylist wiki page and find the
> answer to my question, but I had to access my home PC remotely and then
> browse to the wiki. I can't access the wiki page from work even though I
> can access the rest of the Milter-greylist site, strange (no, I'm not
> being blocked by a web filter at work).

Those are two separate sites/domains. Must be something at your work
because besides you being able to access the wiki from home you're the
only one reporting a problem at that time. I was editing a page on the
wiki at that exact time so I know it worked.

-- 
/peter

System Admin Dan Mahoney wrote on Fri, 16 Jan 2009 12:37:07 -0500 (EST):

> He was responding to a reply to his own question

yeah, and that "own question" was a hijack. ;-) Therefore my simple 
request to use "new message" when you send a new message ...

Kai

-- 
Kai Sch\ufffdtzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Kai Schaetzl wrote:
>
> System Admin Dan Mahoney wrote on Fri, 16 Jan 2009 12:37:07 -0500 (EST):
>
> > He was responding to a reply to his own question
>
> yeah, and that "own question" was a hijack. ;-) Therefore my simple
> request to use "new message" when you send a new message ...
>
> Kai
>
> -- 
> Kai Sch\ufffdtzl, Berlin, Germany
> Get your web at Conactive Internet Services: http://www.conactive.com 
> <http://www.conactive.com>
>
>  
Sorry Kai, I don't use a threaded view and didn't realize my message 
would show up in the same thread. Won't do it again.
 
Rick

On Sat, Jan 17, 2009 at 12:31:18PM +0100, Kai Schaetzl wrote:
> System Admin Dan Mahoney wrote on Fri, 16 Jan 2009 12:37:07 -0500 (EST):
> 
> > He was responding to a reply to his own question
> 
> yeah, and that "own question" was a hijack. ;-) Therefore my simple 
> request to use "new message" when you send a new message ...

Breaking hijacked threads costs me one keystroke, while trying to read
and identify [1]polluted subject lines on my mobile phone is a PITA.



   Petar Bogdanovic



[1] http://www.mailscanner.info/MailScanner.conf.index.html#Disarmed%20Modify%20Subject