[Declude.JunkMail] Can someone help me get this blocked?
These of e-mails have been flooding my hold folder. Im running Declude pro. I have a delete weight of 40 and a hold weight of 30. All this spam has been right between. Is there something I can add to either bump up this weight by about 7 or is there something unique in here that I can filter upon that I dont see? It has been coming from random IPs and the sender has been salestoday(random crap)lycos. I was thinking of bouncing anything from lycos but this will result in many bounced messages that wont get delivered. And Im not sure I just want to delete anything from lycos. Any suggestions would be greatly appreciated. Marc Received: from lycos.com [200.131.216.16] by mail.prudentialrand.com (SMTPD32-7.13) id AD41C450058; Sat, 22 Feb 2003 16:36:01 -0500 Received: from 169.142.51.247 ([169.142.51.247]) by n1.groups.yahoo.com with QMQP; Sat, 22 Feb 2003 05:45:22 - Message-ID: [EMAIL PROTECTED] From: This information will help. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]ADV:Need help with Marketing your Web Site? Date: Sat, 22 Feb 2003 01:49:54 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_00V8_70Y81A1B.C1122G33 X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?200.131.216.16 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a040010f]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.131.216.16 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a040010f]. X-RBL-Warning: WEIGHT25: Weight of 33 reaches or exceeds the limit of 25. X-Declude-Sender: [EMAIL PROTECTED] [200.131.216.16] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, NOPOSTMASTER, BADHEADERS, BASE64, IPNOTINMX, REVDNS, ROUTING, WEIGHT10, WEIGHT20, WEIGHT15, WEIGHT25, WEIGHT30 --=_NextPart_000_00V8_70Y81A1B.C1122G33
RE: [Declude.JunkMail] Can someone help me get this blocked?
Title: Message Hi; Some of the lessons learned ... 1: BASE64: We have any email coming with BASE64 as HOLD - simply the weight is enough to put the emial on hold.- In your case this email would be a HOLD. We hardly see any legitimate email with BASE64. 2: We have a FROMFILTER list that includes all the free emails (except hotmail yahoo.com). These get an additional weight of 5. In your case this email coming from Lycos would have had an additional weight of 5. 3: You can simply add to your FROMFILE the beginning of that email address: salestoday e.g. HEADERS5 CONTAINS salestoday this will catch that text in the header. I wish we had wildcards in the FROM filter but we don't. For now searching the header with that name will do the same. In your case this would have definitely caught the mail since the salestoday can hardly be considered coming from a legit address. An additional weight of 10 to this text would solve your problem. With any of these additions you can easily elevate this email. One idea that has worked great for us is the separation of all filters in separate files. This way we have more freedom in changing weight and figuring out what is going on. e.g. FILTER-HEADERfilterd:\IMail\Declude\IMail_Filter_Header.txtx00FILTER-MAILFROMfilterd:\IMail\Declude\IMail_Filter_MailFrom.txtx00FILTER-BODYfilterd:\IMail\Declude\IMail_Filter_TextinBody.txtx00FILTER-SUBJECTfilterd:\IMail\Declude\IMail_Filter_TextinSubject.txtx00FILTER-BODYURLfilterd:\IMail\Declude\IMail_Filter_URLinBody.txtx00FILTER-BODYPHONEfilterd:\IMail\Declude\IMail_Filter_PhoneinBody.txtx00FILTER-IPINBODYfilterD:\IMail\Declude\IMail_Filter_IPinBody.txtx300 FILTER-BODY-BLACKLISTfilterd:\IMail\Declude\IMail_Filter_BlacklistinBody.txtx200FILTER-HEADER-BLACKLISTfilterd:\IMail\Declude\IMail_Filter_BlacklistinHeader.txtx200FILTER-BODY-FREEEMAILfilterd:\IMail\Declude\IMail_Filter_FreeeMailinBody.txtx50 We simply have a different file for each filter type. Hope this helps.. Regards, Kami -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc CatuognoSent: Sunday, February 23, 2003 11:26 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Can someone help me get this blocked? These of e-mails have been flooding my hold folder. Im running Declude pro. I have a delete weight of 40 and a hold weight of 30. All this spam has been right between. Is there something I can add to either bump up this weight by about 7 or is there something unique in here that I can filter upon that I dont see? It has been coming from random IPs and the sender has been salestoday(random crap)lycos. I was thinking of bouncing anything from lycos but this will result in many bounced messages that wont get delivered. And Im not sure I just want to delete anything from lycos. Any suggestions would be greatly appreciated. Marc Received: from lycos.com [200.131.216.16] by mail.prudentialrand.com (SMTPD32-7.13) id AD41C450058; Sat, 22 Feb 2003 16:36:01 -0500 Received: from 169.142.51.247 ([169.142.51.247]) by n1.groups.yahoo.com with QMQP; Sat, 22 Feb 2003 05:45:22 - Message-ID: [EMAIL PROTECTED] From: "This information will help." [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]ADV:Need help with Marketing your Web Site? Date: Sat, 22 Feb 2003 01:49:54 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_00V8_70Y81A1B.C1122G33" X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?200.131.216.16 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a040010f]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.131.216.16 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a040010f]. X-RBL-Warning: WEIGHT25: Weight of 33 reaches or exceeds the limit of 25. X-Declude-Sender: [EMAIL PROTECTED] [200.131.216.16] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, NOPOSTMASTER, BADHEADERS, BASE64, IPNOTINMX, REVDNS, ROUTING, WEIGHT10, WEIGHT20, WEIGHT15, WEIGHT25, WEIGHT30 --=_NextPart_000_00V8_70Y81A1B.C1122G33
RE: [Declude.JunkMail] Can someone help me get this blocked?
Title: Message Hi again... I just realized that I forgot to mention: MAILFROM 20 CONTAINSsalestoday in your filter file will also add a weight to the email. Regards, Kami -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc CatuognoSent: Sunday, February 23, 2003 11:26 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Can someone help me get this blocked? These of e-mails have been flooding my hold folder. Im running Declude pro. I have a delete weight of 40 and a hold weight of 30. All this spam has been right between. Is there something I can add to either bump up this weight by about 7 or is there something unique in here that I can filter upon that I dont see? It has been coming from random IPs and the sender has been salestoday(random crap)lycos. I was thinking of bouncing anything from lycos but this will result in many bounced messages that wont get delivered. And Im not sure I just want to delete anything from lycos. Any suggestions would be greatly appreciated. Marc Received: from lycos.com [200.131.216.16] by mail.prudentialrand.com (SMTPD32-7.13) id AD41C450058; Sat, 22 Feb 2003 16:36:01 -0500 Received: from 169.142.51.247 ([169.142.51.247]) by n1.groups.yahoo.com with QMQP; Sat, 22 Feb 2003 05:45:22 - Message-ID: [EMAIL PROTECTED] From: "This information will help." [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]ADV:Need help with Marketing your Web Site? Date: Sat, 22 Feb 2003 01:49:54 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_00V8_70Y81A1B.C1122G33" X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?200.131.216.16 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a040010f]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.131.216.16 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a040010f]. X-RBL-Warning: WEIGHT25: Weight of 33 reaches or exceeds the limit of 25. X-Declude-Sender: [EMAIL PROTECTED] [200.131.216.16] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, NOPOSTMASTER, BADHEADERS, BASE64, IPNOTINMX, REVDNS, ROUTING, WEIGHT10, WEIGHT20, WEIGHT15, WEIGHT25, WEIGHT30 --=_NextPart_000_00V8_70Y81A1B.C1122G33
RE: [Declude.JunkMail] Can someone help me get this blocked?
Title: Message Kami, Thanks. The e-mail was already being held and Ive upped the weight of the base 64 from 4 to 8. Ive also added a filter file with some of the test you have suggested. I think you have saved me from having to review about 100 e-mails a day from this jerk. Thanks for this solution and your quick reply on a Sunday! Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Sunday, February 23, 2003 12:04 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Can someone help me get this blocked? Hi again... I just realized that I forgot to mention: MAILFROM 20 CONTAINSsalestoday in your filter file will also add a weight to the email. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc Catuogno Sent: Sunday, February 23, 2003 11:26 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Can someone help me get this blocked? These of e-mails have been flooding my hold folder. Im running Declude pro. I have a delete weight of 40 and a hold weight of 30. All this spam has been right between. Is there something I can add to either bump up this weight by about 7 or is there something unique in here that I can filter upon that I dont see? It has been coming from random IPs and the sender has been salestoday(random crap)lycos. I was thinking of bouncing anything from lycos but this will result in many bounced messages that wont get delivered. And Im not sure I just want to delete anything from lycos. Any suggestions would be greatly appreciated. Marc Received: from lycos.com [200.131.216.16] by mail.prudentialrand.com (SMTPD32-7.13) id AD41C450058; Sat, 22 Feb 2003 16:36:01 -0500 Received: from 169.142.51.247 ([169.142.51.247]) by n1.groups.yahoo.com with QMQP; Sat, 22 Feb 2003 05:45:22 - Message-ID: [EMAIL PROTECTED] From: This information will help. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]ADV:Need help with Marketing your Web Site? Date: Sat, 22 Feb 2003 01:49:54 +0800 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_00V8_70Y81A1B.C1122G33 X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?200.131.216.16 X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a040010f]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.131.216.16 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a040010f]. X-RBL-Warning: WEIGHT25: Weight of 33 reaches or exceeds the limit of 25. X-Declude-Sender: [EMAIL PROTECTED] [200.131.216.16] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, NOPOSTMASTER, BADHEADERS, BASE64, IPNOTINMX, REVDNS, ROUTING, WEIGHT10, WEIGHT20, WEIGHT15, WEIGHT25, WEIGHT30 --=_NextPart_000_00V8_70Y81A1B.C1122G33
Re: [Declude.JunkMail] filter file not working?
This is what is in my filter file located in the root directory of the D drive: HEADERS10 CONTAINS salestoday ... This is the entry in the global.cfg file: FILTER fromfile D:\filter.txt x 4 0 If you change this line to: FILTER filter D:\filter.txt x 4 0 then it should work. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] filter file not working?
Scott, Thanks for the level of support you provide. I'm part of the way there, it fails the test - but I don't think it is getting the weight it should. It got the weight of 4 for failing the filter test and the weight of 3 from the first line in the filter file but not the weights from the rest of the tests: HEADERS10 CONTAINS salestoday MAILFROM 20 CONTAINSsalestoday BODY 3 CONTAINS To unsubscribe, click here HEADERS4 CONTAINS OPTIN BODY 4 CONTAINS unsubscribe me BODY 4 CONTAINS opt-in BODY 4 CONTAINS UNSUBSCRIBE in the subject line Shouldn't it have a weight of 19 and not 7 if the body of the e-mail was: To unsubscribe, click here unsubscribe me opt-in UNSUBSCRIBE in the subject line Headers from the test mail: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM]one mo time MIME-Version: 1.0 Message-ID: [EMAIL PROTECTED] X-Mailer: Atlas Mailer 2.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: FILTER: Message failed FILTER test (7) X-Declude-Sender: [EMAIL PROTECTED] [64.12.136.8] X-Declude-Spoolname: D249f07f600b44279.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOPOSTMASTER, IPNOTINMX, FILTER, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Sunday, February 23, 2003 2:22 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] filter file not working? This is what is in my filter file located in the root directory of the D drive: HEADERS10 CONTAINS salestoday ... This is the entry in the global.cfg file: FILTER fromfile D:\filter.txt x 4 0 If you change this line to: FILTER filter D:\filter.txt x 4 0 then it should work. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] filter file not working?
I'm part of the way there, it fails the test - but I don't think it is getting the weight it should. It got the weight of 4 for failing the filter test and the weight of 3 from the first line in the filter file but not the weights from the rest of the tests: HEADERS10 CONTAINS salestoday MAILFROM 20 CONTAINSsalestoday BODY 3 CONTAINS To unsubscribe, click here HEADERS4 CONTAINS OPTIN BODY 4 CONTAINS unsubscribe me BODY 4 CONTAINS opt-in BODY 4 CONTAINS UNSUBSCRIBE in the subject line Shouldn't it have a weight of 19 and not 7 ... Yes, it should. Are there any spaces/tabs at the end of the lines in the filter file (in which case Declude JunkMail would look for them in teh E-mail)? If that doesn't explain it, I would recommend using the debug mode, by changing the LOGLEVEL LOW line in the \IMail\Declude\global.cfg file to LOGLEVEL DEBUG, then send that test E-mail through again, and switch back to LOGLEVEL LOW. You can then E-mail me the log file, and I can check to see what is happening. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
