Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank
In absentia... http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.html This made a lot of sense before, and it was the only way to disable DUL tests for local users prior to IMail 8 and JunkMail ~1.76. Declude won't disable the tests for gatewayed domains, only where an address matches a local account. You can also work around this by using the dnsbl trick like so: DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 0 0 NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 0 0 NJABL-DYN-B dnsbl %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 SORBS-DYN dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 Note that I changed the names of the tests to exclude the strings DUL/DYNA/DUHL. This took me a long time to figure out, so the trick isn't that common, however I started using these strings to limit some non-DUL tests to just the last hop with higher scoring, and did impact my ability to block spam on local accounts, however it took me quite a while to notice that it was going on (several months). Matt Andy Schmidt wrote: Message Scott (in case you're not gone yet): At this moment, Declude will not apply scores from any dnsbl, ip4r or rhsbl tests if they have either DUL, DYNA or DUHL in the name AND the Mail From matches a local user. Does Declude REALLY trust the mail from and will bypass DUL/DYNA/DUHL test just by someone forging the mail from? Never heard about that "bug"/behavior before? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] DUL skipping was ISBLANK is blank
Title: Message Thanks - ouch. I'd say that's a bug in design. Since AUTH is supported in Imail 8 and since others may not allow local users to send through their Imail server (my outbound is going through IIS SMTP with SMTP AUTH), there should be AT LEAST a config option to turn this "spam me by faking sender" feature off! Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Saturday, May 15, 2004 01:49 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blankIn absentia... http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htmlThis made a lot of sense before, and it was the only way to disable DUL tests for local users prior to IMail 8 and JunkMail ~1.76. Declude won't disable the tests for gatewayed domains, only where an address matches a local account. You can also work around this by using the dnsbl trick like so:DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 0 0NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 0 0NJABL-DYN-B dnsbl %IP4R%.dynablock.njabl.org 127.0.0.3 0 0SORBS-DYN dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0Note that I changed the names of the tests to exclude the strings DUL/DYNA/DUHL. This took me a long time to figure out, so the trick isn't that common, however I started using these strings to limit some non-DUL tests to just the last hop with higher scoring, and did impact my ability to block spam on local accounts, however it took me quite a while to notice that it was going on (several months).MattAndy Schmidt wrote: Scott (in case you're not gone yet): At this moment, Declude will not apply scores from any dnsbl, ip4r or rhsbl tests if they have either DUL, DYNA or DUHL in the name AND the Mail From matches a local user. Does Declude REALLY trust the mail from and will bypass DUL/DYNA/DUHL test just by someone forging the mail from? Never heard about that "bug"/behavior before? Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank
Andy, It's only been a matter of months since a realistic work around was available for most users (using WHITELIST AUTH). To the best of my knowledge, I'm the only one of us that has said anything about it on this list (first time in March, but of course I could be wrong). Like I indicated though, there is a way to fix the problem using the dnsbl trick, and it works immediately. I would however like to see a switch given also, but this seems more like a convenience if you use DUL/DYNA/DUHL the way that they were meant to be used in the first place (which I was not), but still, it only means some extra lookups. Matt Andy Schmidt wrote: Message Thanks - ouch. I'd say that's a bug in design. Since AUTH is supported in Imail 8 and since others may not allow local users to send through their Imail server (my outbound is going through IIS SMTP with SMTP AUTH), there should be AT LEAST a config option to turn this "spam me by faking sender" feature off! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Saturday, May 15, 2004 01:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank In absentia... http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.html This made a lot of sense before, and it was the only way to disable DUL tests for local users prior to IMail 8 and JunkMail ~1.76. Declude won't disable the tests for gatewayed domains, only where an address matches a local account. You can also work around this by using the dnsbl trick like so: DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 0 0 NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 0 0 NJABL-DYN-B dnsbl %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 SORBS-DYN dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 Note that I changed the names of the tests to exclude the strings DUL/DYNA/DUHL. This took me a long time to figure out, so the trick isn't that common, however I started using these strings to limit some non-DUL tests to just the last hop with higher scoring, and did impact my ability to block spam on local accounts, however it took me quite a while to notice that it was going on (several months). Matt Andy Schmidt wrote: Scott (in case you're not gone yet): At this moment, Declude will not apply scores from any dnsbl, ip4r or rhsbl tests if they have either DUL, DYNA or DUHL in the name AND the Mail From matches a local user. Does Declude REALLY trust the mail from and will bypass DUL/DYNA/DUHL test just by someone forging the mail from? Never heard about that "bug"/behavior before? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.JunkMail] f-prot
Title: Message Can anyone tell me how f-prot compares to mcafee or symantec when it comes to keeping their database up with new viruses? That just seems pretty cheap but hey that's exactly what I'm looking for as long as it works well :) thanks, Larry Craddock
RE: [Declude.JunkMail] f-prot
Title: Message Larry: We have used it for years and are very happy with it. Of course since it is cheap I suggest you use the savings and add another scanner to your arsenal. 2 is always better than 1. We use AVG and FProt together. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry CraddockSent: Saturday, May 15, 2004 1:26 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] f-prot Can anyone tell me how f-prot compares to mcafee or symantec when it comes to keeping their database up with new viruses? That just seems pretty cheap but hey that's exactly what I'm looking for as long as it works well :) thanks, Larry Craddock
RE: [Declude.JunkMail] f-prot
Title: Message Just was curious, did you happen to notice how much extra overhead was added to the CPU when another virus scanner was added to the system. With only 8000-1 message a day for our server, it's not the newest nor fastest thing out there. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami RazvanSent: Saturday, May 15, 2004 1:31 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] f-prot Larry: We have used it for years and are very happy with it. Of course since it is cheap I suggest you use the savings and add another scanner to your arsenal. 2 is always better than 1. We use AVG and FProt together. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry CraddockSent: Saturday, May 15, 2004 1:26 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] f-prot Can anyone tell me how f-prot compares to mcafee or symantec when it comes to keeping their database up with new viruses? That just seems pretty cheap but hey that's exactly what I'm looking for as long as it works well :) thanks, Larry Craddock
Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank
This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either. Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt [EMAIL PROTECTED] wrote: M Andy, M It's only been a matter of months since a realistic work around M wasavailable for most users (using WHITELIST AUTH). To the best of M myknowledge, I'm the only one of us that has said anything about it M onthis list (first time in March, but of course I could be wrong). M LikeI indicated though, there is a way to fix the problem using the M dnsbltrick, and it works immediately. I would however like to see M a switchgiven also, but this seems more like a convenience if you M useDUL/DYNA/DUHL the way that they were meant to be used in the M firstplace (which I was not), but still, it only means some extra M lookups. M Matt M Andy Schmidt wrote: M Thanks - ouch. M M I'd say that's a bug in design. M M Since AUTH is supported in Imail 8 and sinceothers may not M allow local users to send through their Imail server (myoutbound is M going through IIS SMTP with SMTP AUTH), there should be ATLEAST a M config option to turn this spam me by faking sender featureoff! M Best Regards M Andy Schmidt M Phone: +1 201 934-3414 x20(Business) M Fax: +1 201 934-9206 M -Original Message- M M From:[EMAIL PROTECTED]:[EMAIL PROTECTED] M On Behalf Of Matt M Sent: Saturday, May 15, 2004 01:49 AM M To:[EMAIL PROTECTED] M Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M In absentia... M M http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.html M This made a lot of sense before, and it was the only way to M disable DULtests for local users prior to IMail 8 and JunkMail M ~1.76. Decludewon't disable the tests for gatewayed domains, only M where an addressmatches a local account. You can also work around M this by using thednsbl trick like so: M DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 0 0 M NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 0 0 M NJABL-DYN-B dnsbl %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 M SORBS-DYN dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 M Note that I changed the names of the tests to exclude the M stringsDUL/DYNA/DUHL. This took me a long time to figure out, so M the trickisn't that common, however I started using these strings M to limit somenon-DUL tests to just the last hop with higher M scoring, and did impactmy ability to block spam on local accounts, M however it took me quite awhile to notice that it was going on M (several months). M Matt M Andy Schmidt wrote: M Scott (in case you're not gone yet): M MAt this moment, Declude will not apply scoresfrom any M dnsbl, ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in M the name AND the Mail From matches a local user. M M Does Declude REALLY trust the mail from andwill bypass M DUL/DYNA/DUHL test just by someone forging the mail from? M M Never heard about that bug/behavior before? M Best Regards M Andy Schmidt M Phone: +1 201 934-3414 x20(Business) M Fax: +1 201 934-9206 M -- M = M MailPure custom filters for Declude JunkMail M Pro.http://www.mailpure.com/software/= Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail
Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank
Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' If you use 'Relay for Addresses.', you can easily list the same adresses in JunkMail. This is the equivalent of whitelist auth - Original Message - From: Don Brown [EMAIL PROTECTED] To: Matt [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, May 15, 2004 8:19 PM Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either. Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt [EMAIL PROTECTED] wrote: M Andy, M It's only been a matter of months since a realistic work around M wasavailable for most users (using WHITELIST AUTH). To the best of M myknowledge, I'm the only one of us that has said anything about it M onthis list (first time in March, but of course I could be wrong). M LikeI indicated though, there is a way to fix the problem using the M dnsbltrick, and it works immediately. I would however like to see M a switchgiven also, but this seems more like a convenience if you M useDUL/DYNA/DUHL the way that they were meant to be used in the M firstplace (which I was not), but still, it only means some extra M lookups. M Matt M Andy Schmidt wrote: M Thanks - ouch. M M I'd say that's a bug in design. M M Since AUTH is supported in Imail 8 and sinceothers may not M allow local users to send through their Imail server (myoutbound is M going through IIS SMTP with SMTP AUTH), there should be ATLEAST a M config option to turn this spam me by faking sender featureoff! M Best Regards M Andy Schmidt M Phone: +1 201 934-3414 x20(Business) M Fax: +1 201 934-9206 M -Original Message- M M From:[EMAIL PROTECTED]:[EMAIL PROTECTED] e.com] M On Behalf Of Matt M Sent: Saturday, May 15, 2004 01:49 AM M To:[EMAIL PROTECTED] M Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M In absentia... M M http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.html M This made a lot of sense before, and it was the only way to M disable DULtests for local users prior to IMail 8 and JunkMail M ~1.76. Decludewon't disable the tests for gatewayed domains, only M where an addressmatches a local account. You can also work around M this by using thednsbl trick like so: M DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 0 0 M NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 0 0 M NJABL-DYN-B dnsbl %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 M SORBS-DYN dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 M Note that I changed the names of the tests to exclude the M stringsDUL/DYNA/DUHL. This took me a long time to figure out, so M the trickisn't that common, however I started using these strings M to limit somenon-DUL tests to just the last hop with higher M scoring, and did impactmy ability to block spam on local accounts, M however it took me quite awhile to notice that it was going on M (several months). M Matt M Andy Schmidt wrote: M Scott (in case you're not gone yet): M MAt this moment, Declude will not apply scoresfrom any M dnsbl, ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in M the name AND the Mail From matches a local user. M M Does Declude REALLY trust the mail from andwill bypass M DUL/DYNA/DUHL test just by someone forging the mail from? M M Never heard about that bug/behavior before? M Best Regards M Andy Schmidt M Phone: +1 201 934-3414 x20(Business) M Fax: +1 201 934-9206 M -- M = M MailPure
RE: [Declude.JunkMail] DUL skipping was ISBLANK is blank
So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. Only if you are not using Imail 8 with AUTH and only if you are using Imail for outbound mail relaying. Neither is true in my case. It should be an option. Those who need to bypass the DYNA tests on the first hop should be able to - those who don't need to should not lose those tests! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Saturday, May 15, 2004 04:19 PM To: Matt Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either. Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt [EMAIL PROTECTED] wrote: M Andy, M It's only been a matter of months since a realistic work around M wasavailable for most users (using WHITELIST AUTH). To the best of M myknowledge, I'm the only one of us that has said anything about it M onthis list (first time in March, but of course I could be wrong). M LikeI indicated though, there is a way to fix the problem using the M dnsbltrick, and it works immediately. I would however like to see a M switchgiven also, but this seems more like a convenience if you M useDUL/DYNA/DUHL the way that they were meant to be used in the M firstplace (which I was not), but still, it only means some extra M lookups. M Matt M Andy Schmidt wrote: M Thanks - ouch. M M I'd say that's a bug in design. M M Since AUTH is supported in Imail 8 and sinceothers may not allow M local users to send through their Imail server (myoutbound is going M through IIS SMTP with SMTP AUTH), there should be ATLEAST a config M option to turn this spam me by faking sender featureoff! M Best Regards M Andy Schmidt M Phone: +1 201 934-3414 x20(Business) M Fax: +1 201 934-9206 M -Original Message- M M From:[EMAIL PROTECTED]:Declude.JunkMail-owner M @declude.com] M On Behalf Of Matt M Sent: Saturday, May 15, 2004 01:49 AM M To:[EMAIL PROTECTED] M Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M In absentia... M M http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm M l M This made a lot of sense before, and it was the only way to disable M DULtests for local users prior to IMail 8 and JunkMail ~1.76. M Decludewon't disable the tests for gatewayed domains, only where an M addressmatches a local account. You can also work around this by M using thednsbl trick like so: M DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 M 0 0 NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org M 127.0.0.3 0 0 NJABL-DYN-B dnsbl M %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 SORBS-DYN M dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 M Note that I changed the names of the tests to exclude the M stringsDUL/DYNA/DUHL. This took me a long time to figure out, so the M trickisn't that common, however I started using these strings to M limit somenon-DUL tests to just the last hop with higher scoring, and M did impactmy ability to block spam on local accounts, however it took M me quite awhile to notice that it was going on (several months). M Matt M Andy Schmidt wrote: M Scott (in case you're not gone yet): M MAt this moment, Declude will not apply scoresfrom any dnsbl, M ip4r or rhsbl tests if they
RE: [Declude.JunkMail] f-prot
Title: Message Seems to be pretty good. we have been using it for about 6 months now. We also use NAV CE for the rest of the machine and just exclude the spool dir along with the mailboxes. Rick B -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami RazvanSent: Saturday, May 15, 2004 10:31 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] f-prot Larry: We have used it for years and are very happy with it. Of course since it is cheap I suggest you use the savings and add another scanner to your arsenal. 2 is always better than 1. We use AVG and FProt together. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry CraddockSent: Saturday, May 15, 2004 1:26 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] f-prot Can anyone tell me how f-prot compares to mcafee or symantec when it comes to keeping their database up with new viruses? That just seems pretty cheap but hey that's exactly what I'm looking for as long as it works well :) thanks, Larry Craddock
RE: [Declude.JunkMail] DUL skipping was ISBLANK is blank
Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. NO - removing DUL/DYNA/DUHL is NOT an option. Because MUCH of the private emails originate from some address that is on that list - but only on the FIRST hope. Thus, the DUL/DYNA/DUHL skip tests on the FIRST hop! They can't be omitted - otherwise we'd block most private mail relayed through other providers SMTP servers. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Saturday, May 15, 2004 04:19 PM To: Matt Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either. Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt [EMAIL PROTECTED] wrote: M Andy, M It's only been a matter of months since a realistic work around M wasavailable for most users (using WHITELIST AUTH). To the best of M myknowledge, I'm the only one of us that has said anything about it M onthis list (first time in March, but of course I could be wrong). M LikeI indicated though, there is a way to fix the problem using the M dnsbltrick, and it works immediately. I would however like to see a M switchgiven also, but this seems more like a convenience if you M useDUL/DYNA/DUHL the way that they were meant to be used in the M firstplace (which I was not), but still, it only means some extra M lookups. M Matt M Andy Schmidt wrote: M Thanks - ouch. M M I'd say that's a bug in design. M M Since AUTH is supported in Imail 8 and sinceothers may not allow M local users to send through their Imail server (myoutbound is going M through IIS SMTP with SMTP AUTH), there should be ATLEAST a config M option to turn this spam me by faking sender featureoff! M Best Regards M Andy Schmidt M Phone: +1 201 934-3414 x20(Business) M Fax: +1 201 934-9206 M -Original Message- M M From:[EMAIL PROTECTED]:Declude.JunkMail-owner M @declude.com] M On Behalf Of Matt M Sent: Saturday, May 15, 2004 01:49 AM M To:[EMAIL PROTECTED] M Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M In absentia... M M http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm M l M This made a lot of sense before, and it was the only way to disable M DULtests for local users prior to IMail 8 and JunkMail ~1.76. M Decludewon't disable the tests for gatewayed domains, only where an M addressmatches a local account. You can also work around this by M using thednsbl trick like so: M DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 M 0 0 NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org M 127.0.0.3 0 0 NJABL-DYN-B dnsbl M %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 SORBS-DYN M dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 M Note that I changed the names of the tests to exclude the M stringsDUL/DYNA/DUHL. This took me a long time to figure out, so the M trickisn't that common, however I started using these strings to M limit somenon-DUL tests to just the last hop with higher scoring, and M did impactmy ability to block spam on local accounts, however it took M me quite awhile to notice that it was going on (several months). M Matt M Andy Schmidt wrote: M Scott (in case you're not gone yet): M MAt this moment, Declude will not apply scoresfrom any dnsbl, M
Re: [Declude.JunkMail] f-prot
I did some benchmarking a few months ago and F-Prot was faster than everything else, and in many cases 4 times faster or more. You need to make sure that you use the 32-bit executable fpcmd.exe otherwise you will take a performance hit from the 16-bit operation of F-Prot.exe. Matt Jeff Maze wrote: Message Just was curious, did you happen to notice how much extra overhead was added to the CPU when another virus scanner was added to the system. With only 8000-1 message a day for our server, it's not the newest nor fastest thing out there. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan Sent: Saturday, May 15, 2004 1:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] f-prot Larry: We have used it for years and are very happy with it. Of course since it is cheap I suggest you use the savings and add another scanner to your arsenal. 2 is always better than 1. We use AVG and FProt together. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Larry Craddock Sent: Saturday, May 15, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] f-prot Can anyone tell me how f-prot compares to mcafee or symantec when it comes to keeping their database up with new viruses? That just seems pretty cheap but hey that's exactly what I'm looking for as long as it works well :) thanks, Larry Craddock -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank
Andy, I think there might be some confusion here. If you change the test names and use the %IP4R%/dnsbl trick, it will always test the first hop regardless of what the Mail From is, unless of course you are whitelisting the sender. You don't have to remove the tests, you just have to rename them. I renamed mine with DYN, that way Declude doesn't see them as matching DUL/DYNA/DUHL and therefore will not skip them when the Mail From matches a local address. The only drawback that I have found with this work around is when you try configuring non-DUL tests twice, once only for the first hop, and once for all hops, in which case the work around will cause some extra lookups, but that's minor, and I'm only aware of a few people besides myself that are doing this. Nothing else appears to be a problem in anyway whatsoever. Matt Andy Schmidt wrote: Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. NO - removing DUL/DYNA/DUHL is NOT an option. Because MUCH of the private emails originate from some address that is on that list - but only on the FIRST hope. Thus, the DUL/DYNA/DUHL skip tests on the FIRST hop! They can't be omitted - otherwise we'd block most private mail relayed through other providers SMTP servers. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Brown Sent: Saturday, May 15, 2004 04:19 PM To: Matt Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either. Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt [EMAIL PROTECTED] wrote: M Andy, M It's only been a matter of months since a realistic work around M wasavailable for most users (using WHITELIST AUTH). To the best of M myknowledge, I'm the only one of us that has said anything about it M onthis list (first time in March, but of course I could be wrong). M LikeI indicated though, there is a way to fix the problem using the M dnsbltrick, and it works immediately. I would however like to see a M switchgiven also, but this seems more like a convenience if you M useDUL/DYNA/DUHL the way that they were meant to be used in the M firstplace (which I was not), but still, it only means some extra M lookups. M Matt M Andy Schmidt wrote: M Thanks - ouch. M M I'd say that's a bug in design. M M Since AUTH is supported in Imail 8 and sinceothers may not allow M local users to send through their Imail server (myoutbound is going M through IIS SMTP with SMTP AUTH), there should be ATLEAST a config M option to turn this "spam me by faking sender" featureoff! M Best Regards M Andy Schmidt M Phone: +1 201 934-3414 x20(Business) M Fax: +1 201 934-9206 M -Original Message- M M From:[EMAIL PROTECTED]:Declude.JunkMail-owner M @declude.com] M On Behalf Of Matt M Sent: Saturday, May 15, 2004 01:49 AM M To:[EMAIL PROTECTED] M Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M In absentia... M M http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm M l M This made a lot of sense before, and it was the only way to disable M DULtests for local users prior to IMail 8 and JunkMail ~1.76. M Decludewon't disable the tests for gatewayed domains, only where an M addressmatches a local account. You can also work around this by M using thednsbl trick like so: M DNSRBL-DYN dnsbl
RE: [Declude.JunkMail] f-prot
Title: Message I will ditto this. I used the 16 bit trend command line application, and was having trouble keeping up with 15-20k messages a day. I switched to F-prots 32-bit command line scanner and I dont even see it pop up in the task manager it moves so quick. Very big improvement, cant even say I can see a performance difference with it running or not. M From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, May 15, 2004 6:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] f-prot I did some benchmarking a few months ago and F-Prot was faster than everything else, and in many cases 4 times faster or more. You need to make sure that you use the 32-bit executable fpcmd.exe otherwise you will take a performance hit from the 16-bit operation of F-Prot.exe. Matt Jeff Maze wrote: Just was curious, did you happen to notice how much extra overhead was added to the CPU when another virus scanner was added to the system. With only 8000-1 message a day for our server, it's not the newest nor fastest thing out there. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan Sent: Saturday, May 15, 2004 1:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] f-prot Larry: We have used it for years and are very happy with it. Of course since it is cheap I suggest you use the savings and add another scanner to your arsenal. 2 is always better than 1. We use AVG and FProt together. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Larry Craddock Sent: Saturday, May 15, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] f-prot Can anyone tell me how f-prot compares to mcafee or symantec when it comes to keeping their database up with new viruses? That just seems pretty cheap but hey that's exactly what I'm looking for as long as it works well :) thanks, Larry Craddock -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=