[Declude.JunkMail] Using non filtered domains
When we set up a alias in a non-filtered domain to deliver mail to a filtered domain, is that mail filtered when it's transfered to the non-filtered box? I've got a customer that wants freelotto.com delivered and the only way I can set that up for him and him alone would be to transfer the mail through one of our domains that isn't filtered. -- Rich Griebel [EMAIL PROTECTED] http://www.kendra.com Scanned for Viruses using Declude and F-Prot --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Using non filtered domains
I may be wrong, but I believe Imail during the receipt of the message configures the Q files with who the message is for. This means that Imail will see a message to [EMAIL PROTECTED], see that configured as an alias for [EMAIL PROTECTED], and place in the Q file [EMAIL PROTECTED] as the recipient. Declude will then scan based on the configuration for [EMAIL PROTECTED] The nobody alias is treated differently I believe. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Rich Sent: Saturday, January 04, 2003 8:40 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Using non filtered domains When we set up a alias in a non-filtered domain to deliver mail to a filtered domain, is that mail filtered when it's transfered to the non-filtered box? I've got a customer that wants freelotto.com delivered and the only way I can set that up for him and him alone would be to transfer the mail through one of our domains that isn't filtered. -- Rich Griebel [EMAIL PROTECTED] http://www.kendra.com Scanned for Viruses using Declude and F-Prot --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] External test question
Yesterday, we processed 2430 messages. About 39% of those were identified as spam. Out of that, about 50 were false positives. 2 questions: A.) With identified as spam you mean they reached the hold value? B.) With 2430 processed msgs you mean inbound + outbound? In this case 39% is a very high value if you've not some spammers as client that create outgoing spam. My statement is based on the values of our actual report. (see attached pdf ) We calculate the spam ratio only on incoming msgs because our 100% smtp-auth-clients doesn't send spam. I think it's not possible to indicate precise values that have general validity for every server. This especially during the christmas/new year-days. I would only say that the most of all messages - I hope always 50% - will never reach the hold value because they aren't spam. I tought that it is not too much work to implement this option. Scott already answered that is not so. Both you and we doesn't need this option but for example if the isp where I worked before ( 5 msgs/day) want to implement an antispam-module he will ask for it. Another note: 2430 msgs/day 39% = 947 msgs hold msgs 50 fp's = around 5% We've begun to record our fp's/day a week ago as you can see in the report. There we're from 0 to 4 (=2,8%) fp's/day. Most of them caused by SpamChk because our test criterias are in developement. Probably this value will increase on both your and our side in the next days when people returned from holidays begin to send real msgs. I think it can be very dangerous for the helpdesk if the customers understand that fp's can occur. They will call to ask if there is a fp even if there is something wrong on your system/internet access and he can't retrieve any mail. Markus spam_report.PDF Description: Adobe PDF document
RE: [Declude.JunkMail] DNSREPORT/DNSSTUFF: DNS Lookup is Broken?
Andy, here is a query by DNS Expert: (NO SOA Record) Query: grepel.de. Query type: Any record Recursive query: YesAuthoritative answer: Yes Query time: 291 ms. Server name: n/a Answer: grepel.de. 86400 A 192.67.198.4 grepel.de. 86400 MX 10 mailin.webmailer.de. Authority: de. 86400 NS dns.denic.de. de. 86400 NS dns2.de.net. de. 86400 NS sss-at.denic.de. de. 86400 NS sss-de1.de.net. de. 86400 NS sss-jp.denic.de. de. 86400 NS sss-nl.denic.de. de. 86400 NS sss-uk.de.net. de. 86400 NS sss-us1.de.net. de. 86400 NS sss-us2.denic.de. de. 86400 NS auth03.ns.de.uu.net. de. 86400 NS sunic.sunet.se. Additional: dns.denic.de. 86400 A 194.246.96.79 sss-at.denic.de.86400 A 193.171.255.34 sss-jp.denic.de.86400 A 210.81.13.179 sss-nl.denic.de.86400 A 193.0.0.237 sss-us2.denic.de. 86400 A 167.216.196.131 auth03.ns.de.uu.net.86400 A 192.76.144.16 Query: grepel.de. Query type: SOA record Recursive query: YesAuthoritative answer: Yes Query time: 270 ms. Server name: n/a No records were found. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Andy Schmidt Sent: Friday, January 03, 2003 1:35 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DNSREPORT/DNSSTUFF: DNS Lookup is Broken? Importance: High Hi Scott, sorry - that reply just makes no sense: a) When a DNS server returns a SOA record in response to a query, it means that the queried resource doesn't exist. No - in this case it means I specifically INSTRUCTED NSLOOKUP to return the SOA as my sample showed: set type=soa b) If you go to http://www.dnsstuff.com/tools/lookup.ch?name=www3.grepel.detype=A Why would I do that? Why www3? Where you do get that name from? c) My question was specific to: http://www.dnsstuff.com/tools/dnstime.ch?name=grepel.detype=SOA http://www.dnsreport.com/tools/dnsreport.ch?domain=grepel.de I expect BOTH of these to look for the SOA records, not for some imaginary www3 records. Why else does DNSSTUFF let me specify name=grepel.detype=SOA ? d) But, since I'm a good sport, I also tried to look up www3.grepel.de: D:\nslookup server m.root-servers.net. Default Server: m.root-servers.net Address: 202.12.27.33 www3.grepel.de. Server: m.root-servers.net Address: 202.12.27.33 Name:www3.grepel.de Served by: - AUTH03.NS.DE.UU.NET 192.76.144.16 de - DNS.DENIC.de 194.246.96.79 de - SUNIC.SUNET.SE 192.36.125.2 de - SSS-AT.DENIC.de 193.171.255.34 de - SSS-NL.DENIC.de 193.0.0.237 de - SSS-DE1.DE.NET 193.159.170.187 de - SSS-UK.DE.NET 62.53.3.68 de - DNS2.DE.NET 194.246.96.49 de - SSS-JP.DENIC.de 210.81.13.179 de - SSS-US1.DE.NET 206.65.170.100 de server dns.denic.de. Default Server: dns.denic.de Address: 194.246.96.79 set type=a www3.grepel.de. Server: dns.denic.de Address: 194.246.96.79 So again I ask - why can NSLOOKUP find the www3.grepel.de - but DNSSTUFF can't? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Friday, January 03, 2003 04:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DNSREPORT/DNSSTUFF: DNS Lookup is Broken? http://www.dnsreport.com/tools/dnsreport.ch?domain=grepel.de results in: [ERROR: The root servers say that the domain grepel.de does not have any NS records (although they may have some other information on that zone). I can not do a DNS report on a hostname (such as mail.example.com) or a domain name that does not have its own zone.] http://www.dnsstuff.com/tools/dnstime.ch?name=grepel.detype=SOA results in: Searching for SOA record for grepel.de at m.root-servers.net: Got referral to DNS.DENIC.de. [took 241 ms] Searching for SOA record for grepel.de at DNS.DENIC.de.: Reports no SOA records (NODATA type 2). 187ms. Answer: Does not exist. The problem is with grepel.de. If you go to http://www.dnsstuff.com/tools/lookup.ch?name=www3.grepel.detype=A , you'll see that the parent (root) servers for .de say that www3.grepel.de doesn't exist -- without ever sending you to NS records for
Re: [Declude.JunkMail] External test question
Saturday, January 4, 2003 you wrote: MG A.) With identified as spam you mean they reached the hold value? MG B.) With 2430 processed msgs you mean inbound + outbound? MG In this case 39% is a very high value if you've not some spammers MG as client that create outgoing spam. 39% is about what we saw a year ago. Some days we're as high as 80% held. Our False Positives are usually under 4% of held. We manually inspect. Our stats for last 7 days (incoming only) (both messages and spam have been down since 12/24 - I guess everyone has taken a bit of a vacation) DateFpFp% Held Total Held% == == = = == 12/28/2002 5 0.94% 534841 63.50% 12/29/2002 6 1.39% 432755 57.22% 12/30/2002 13 2.23% 583 1,474 39.55% 12/31/2002 10 1.74% 575 1,393 41.28% 01/01/2003 7 1.59% 441796 55.40% 01/02/2003 25 4.10% 610 1,546 39.46% 01/03/2003 16 3.02% 530 1,492 35.52% Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] External test question
A.) With identified as spam you mean they reached the hold value? Those stats I posted where actually from the NoXMail report. Any message failing NoXMail is weighted with 20 and we hold at 20. B.) With 2430 processed msgs you mean inbound + outbound? Includes inbound and outbound. There were 119 outbound. In this case 39% is a very high value if you've not some spammers as client that create outgoing spam Do not the nature of some of our client users, they get a lot of spam. (Surfing the web, inserting their e-mail address, responding to requests to opt-out. Stuff like that that spammers use to harvest addresses.) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] External test question
According to recently collected Message Sniffer logs, on average more than 70% of incoming email is spam. We have an extremely low reported false positive rate. _M ]-Original Message- ]From: [EMAIL PROTECTED] ][mailto:[EMAIL PROTECTED]]On Behalf Of Smart Business ]Lists ]Sent: Saturday, January 04, 2003 4:40 PM ]To: Markus Gufler ]Subject: Re: [Declude.JunkMail] External test question ] ] ]Saturday, January 4, 2003 you wrote: ]MG A.) With identified as spam you mean they reached the hold value? ]MG B.) With 2430 processed msgs you mean inbound + outbound? ]MG In this case 39% is a very high value if you've not some spammers ]MG as client that create outgoing spam. ] ]39% is about what we saw a year ago. Some days we're as high as 80% ]held. Our False Positives are usually under 4% of held. We manually ]inspect. ] ]Our stats for last 7 days (incoming only) ](both messages and spam have been down since 12/24 - ]I guess everyone has taken a bit of a vacation) ] ]DateFpFp% Held Total Held% ]== == = = == ]12/28/2002 5 0.94% 534841 63.50% ]12/29/2002 6 1.39% 432755 57.22% ]12/30/2002 13 2.23% 583 1,474 39.55% ]12/31/2002 10 1.74% 575 1,393 41.28% ]01/01/2003 7 1.59% 441796 55.40% ]01/02/2003 25 4.10% 610 1,546 39.46% ]01/03/2003 16 3.02% 530 1,492 35.52% ] ] ]Terry Fritts ] ]--- ][This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.