[Declude.JunkMail] Hijack Not working on internal customers
I have had a continuing problem with Hijack. I have several business customers with 25 plus work stations, these customers are getting caught in hijack on outgoing mails. I have added ALLOWIP entries for all the customers with no success. It seems as though declude reads hijack cfg for a certain number of ALLOWIP entries then gives up on the last few entries. I am using 1.75 with IMail 7.15. Any suggestions? -jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Not getting messages with attachments.
This all began when I moved Declude from one server to another to perform some needed repairs. The version of Declude on my primary says 1.78 however, when I copied the delude.exe (1.78) to the secondary and looked at the version number it now says (1.75). I looked in the manual and I see a download for 1.75 and 1.79 beta. I have installed 1.79 beta and everything appears to work fine in the logs. Thank you for your help. Thank you, Joshua Sunline Team (941)206-7870 (888)512-6100 http://www.sunline.net/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, June 21, 2004 5:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Not getting messages with attachments. You need to run a newer version of Declude. The one you are using 1.75 does not include the MAXWEIGHT feature. I believe that was introduced in 1.77x John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Joshua Hughes Sent: Monday, June 21, 2004 1:57 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Not getting messages with attachments. ATTACHED Thank you, Joshua Sunline Team (941)206-7870 (888)512-6100 http://www.sunline.net/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, June 21, 2004 3:39 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Not getting messages with attachments. Are you using the newest GIBBERISH file? Try putting the log into Debug for a message, wait for a message to get caught, then turn back and review or send that log snippet. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Joshua Hughes Sent: Monday, June 21, 2004 12:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Not getting messages with attachments. I'm sorry, I am referring to Declude Junkmail. We have narrowed it down to the gibberish test. 06/21/2004 14:41:40.187 Q2bdf0f647117 Test #79 [GIBBERISH weight=330] triggered; action = 5 [Message failed GIBBERISH test (415)] The gibberish test is assigning the message a very large weight. However we have gibberish set as follows. SKIPIFWEIGHT35 MAXWEIGHT 10 After commenting out the gibberish test the mails are coming through. It's almost as if the gibberish test is reading the attachments as plain .txt. Any ideas? Thank you, Joshua Sunline Team (941)206-7870 (888)512-6100 http://www.sunline.net/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, June 21, 2004 2:58 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Not getting messages with attachments. Declude is blocking all messages that have attachments except .txt attachments. We have turned off Declude and we can now send messages with attachments. Any idea why Declude would be blocking all messages with attachments? By Declude do you mean Declude JunkMail (the subject of this list, and doesn't know about attachments), or Declude Virus (which knows about attachments, and treats .txt files differently since they are safe)? I'm guessing you are referring to Declude Virus -- and would suggest looking at the Declude Virus log file to see what it says. Note that if you are using McAfee, McAfee broke the other day -- the new virus definitions cause older versions to crash; McAfee requires that you upgrade to the latest version (.exe) in this case. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED],
Re: [Declude.JunkMail] Hijack Not working on internal customers
On 22 Jun 2004 at 7:07, Jeffrey M Donley wrote: Hi Jeff, So in your hijack.cfg file you have ALLOWIP xxx.xxx.xxx.xxx and in the HOLDx dir hijack is retaining emails from the allowip addresses? If that is the case I suggest stopping and restarting declude console to reset hijack; if that doesn't help review your hijack logs and email Scott... -Nick Hayer I have had a continuing problem with Hijack. I have several business customers with 25 plus work stations, these customers are getting caught in hijack on outgoing mails. I have added ALLOWIP entries for all the customers with no success. It seems as though declude reads hijack cfg for a certain number of ALLOWIP entries then gives up on the last few entries. I am using 1.75 with IMail 7.15. Any suggestions? -jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Sniffer and Declude
Hi,I want to score sniffer higher in my Declude points but I don't want to score all sniffer results equal. There is an experimental group as well as a grey group which I would like to score at the level I have it now, where I mark the subject. Do I need to define all sniffer external results, or can I havea fewlines like:SNIFFER-GREYMAIL external 060 ...\ID.exe AuthCode10 0SNIFFER-EXPERIMENTAL external 062 ...\ID.exe AuthCode10 0 SNIFFER external nonzero ...\ID.exe AuthCode 15 0 Where the last line catches all other results of the test?Groetjes,Bonno Bloksma
[Declude.JunkMail] Logging behavior w/ WARN action
List, Is it possible to have junkmail log a separate X-RBL-Warning: xxx line for each triggered phrase in a given filter file? It's default behavior appears to include the line # for the last phrase that was triggered for a given filter test, and to give the cumulative total weight of all triggered phrases (whether it's a subject, body or other filter type) for that filter file. Example: X-RBL-Warning: filterMiscBody: Message failed filterMiscBody test (line 327, weight 3) [2-36-12000] This line could mean just one phrase was triggered in my filterMiscBody test, or that multiple phrases were triggered and the cumulative weight was 3. It just makes it harder to determine exactly why a message is weighted like it is when I can only refer to the last phrase in a filter file that triggered. I have been pretty successful nickel and diming email messages 1 point at a time with words that tend to be in spam, but find it hard to fully understand why the messages are weighted like they are when I only get information on the last triggered phrase. Is there a way to have it log each triggered phrase individually? Thanks, Steve --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] weighting an IP range
I need to give a negative weight to a range of IP addresses. (actually 5 class C networks) Can I use an IP Blacklist with a negative weight using the test type ipfile? Bill Green dfn Systems --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack Not working on internal customers
I have had a continuing problem with Hijack. I have several business customers with 25 plus work stations, these customers are getting caught in hijack on outgoing mails. I have added ALLOWIP entries for all the customers with no success. It seems as though declude reads hijack cfg for a certain number of ALLOWIP entries then gives up on the last few entries. I am using 1.75 with IMail 7.15. Any suggestions? v1.75 only allows you to have a maximum of 20 ALLOWIP lines -- if you upgrade to the latest beta, it allows you to have up to 100. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Sniffer and Declude
In this case a message failing GREY or EXPERIMENTAL will receive 10 + 15 = 25 points and all other result codes will receive 15 points Remove the GREY and EXPERIMENTAL definitions, add all other result codes with a weight of 5 and assign 10 points to the SNIFFER nonzero line. So GREY and EXP will receive 10 points and all other 10 + 5 = 15 points. Keep in mind that Sniffer will run only one time even if you've 50 Sniffer-test definitions in your cfg file. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bonno BloksmaSent: Tuesday, June 22, 2004 2:59 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Sniffer and Declude Hi,I want to score sniffer higher in my Declude points but I don't want to score all sniffer results equal. There is an experimental group as well as a grey group which I would like to score at the level I have it now, where I mark the subject. Do I need to define all sniffer external results, or can I havea fewlines like:SNIFFER-GREYMAIL external 060 ...\ID.exe AuthCode10 0SNIFFER-EXPERIMENTAL external 062 ...\ID.exe AuthCode10 0 SNIFFER external nonzero ...\ID.exe AuthCode 15 0 Where the last line catches all other results of the test?Groetjes,Bonno Bloksma
Re: [Declude.JunkMail] weighting an IP range
dfn Systems wrote: I need to give a negative weight to a range of IP addresses. (actually 5 class C networks) Can I use an IP Blacklist with a negative weight using the test type ipfile? That's how I do it: GOODIPipfile C:\IMail\Declude\GOODIP.TXT x -25 0 -- - Good is better than Evil because it's nicer -- Mammy Yokum - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Logging behavior w/ WARN action
Is it possible to have junkmail log a separate X-RBL-Warning: xxx line for each triggered phrase in a given filter file? It's default behavior appears to include the line # for the last phrase that was triggered for a given filter test, and to give the cumulative total weight of all triggered phrases (whether it's a subject, body or other filter type) for that filter file. Unfortunately, there is no way to do this -- the problem is that for many filters, it would generate way too many headers. If you use LOGLEVEL HIGH in the \IMail\Declude\global.cfg file, though, this information will be recorded in the log file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Logging behavior w/ WARN action
Thanks for the reply Scott - I could see where a separate line for each would be a problem. Since the X-RBL-Warning: xxx displays the cumlative weight for a particular test anyways, do you think giving the line numbers for each matched phrase in a comma separated list rather then the line number for the last phrase would bloat the headers too much? X-RBL-Warning: filterMiscBody: Message failed filterMiscBody test (line 327, weight 3) Could become this if there were multiple matches... X-RBL-Warning: filterMiscBody: Message failed filterMiscBody test (line 43,21,327, weight 3) Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, June 22, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Logging behavior w/ WARN action Is it possible to have junkmail log a separate X-RBL-Warning: xxx line for each triggered phrase in a given filter file? It's default behavior appears to include the line # for the last phrase that was triggered for a given filter test, and to give the cumulative total weight of all triggered phrases (whether it's a subject, body or other filter type) for that filter file. Unfortunately, there is no way to do this -- the problem is that for many filters, it would generate way too many headers. If you use LOGLEVEL HIGH in the \IMail\Declude\global.cfg file, though, this information will be recorded in the log file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Delog and new logging
Couldn't find this in the archives. I'm noticing that Delog apparently has problems reading my Declude logs now that there have been format changes. I thought of using search/replace in a good text editor to make my logs readable, but I wonder if there's a specific syntax Delog expects? Keith Purtell, Web/Network Administrator VantageMed Corporation (Kansas City office) CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude/SpamAssasin Question
Can anyone with SpamAssasin plugged into declude give me their global.cfg excerpt? I hold on 15, I am unsure on the cw and sw weight. Also, how do you weigh this test compared to your hold weight? SPAMASSASSIN external nonzero c:\imail\declude\spamc32.exe -cw %WEIGHT% -sw 10 -f choose a weight 0 Thanks, Chris Patterson, CCNA Network Engineer Rapid Systems
RE: [Declude.JunkMail] Logging behavior w/ WARN action
Since the X-RBL-Warning: xxx displays the cumlative weight for a particular test anyways, do you think giving the line numbers for each matched phrase in a comma separated list rather then the line number for the last phrase would bloat the headers too much? X-RBL-Warning: filterMiscBody: Message failed filterMiscBody test (line 43,21,327, weight 3) We'll take a look into this -- perhaps combining this with a ... if too many lines match would work well. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ASTA Proposal
Not much new...but interesting anyways. http://corp.aol.com/press/ASTA_Statement_of_Intent.pdf Andy Ognenoff Online Systems Administrator Direct: (262)250-2860 [EMAIL PROTECTED] - Cousins Submarines, Inc. http://www.cousinssubs.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] HTML Features
Is there a way to check / count the number of html features in an email with Declude, much like Imail Anti-spam does? Thanks Jay --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ASTA Proposal
Not much new...but interesting anyways. http://corp.aol.com/press/ASTA_Statement_of_Intent.pdf Andy Ognenoff The comments about using the standard Mail Submission Port, port 587, were news to me. Can Imail be configured to listen on port 25 and port 587? Can I configure my firewall (Linux, iptables based) to forward external port 587 traffic to internal port 25 (in addition to external port 25 to internal port 25)? Regards, Brad Morgan IT Manager Horizon Interactive Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Logging behavior w/ WARN action
That would be sweet. Declude rocks! Steve From: [EMAIL PROTECTED] on behalf of R. Scott Perry Sent: Tue 6/22/2004 5:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Logging behavior w/ WARN action Since the X-RBL-Warning: xxx displays the cumlative weight for a particular test anyways, do you think giving the line numbers for each matched phrase in a comma separated list rather then the line number for the last phrase would bloat the headers too much? X-RBL-Warning: filterMiscBody: Message failed filterMiscBody test (line 43,21,327, weight 3) We'll take a look into this -- perhaps combining this with a ... if too many lines match would work well. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
Re: [Declude.JunkMail] HTML Features
Is there a way to check / count the number of html features in an email with Declude, much like Imail Anti-spam does? No, Declude JunkMail does not attempt to analyze the content of HTML E-mails. With filters, though, you could detect a number of different HTML structures. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude/SpamAssasin Question
I hold on 15, I am unsure on the cw and sw weight. You can't change the current weight; that syntax ('-cw %WEIGHT%') is just the way you pass the current weight at the time the test is run. The skip weight is used to reduce processing. The maximum, and traditional, skip weight would be the weight at which you take your strongest action (no use running it if you're already there). Also, how do you weigh this test compared to your hold weight? 2/3 of the hold weight in most installs, but it depends on what countermeasures you're taking (autowhitelisting, etc.). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Find Command
Question about the FIND command. Is this possible? I have a file that I would like to remove some lines which have unique texts. Lets say PhraseA, PhraseB and PhraseC I know that I could do Find /V PhraseA orig.txt temp1.txt Find /V PhraseB temp1.txt temp2.txt Find /V PhraseC temp2.txt final.txt Now if this is all I had to do OK fine but over time I am going to accumulate more things to remove. So is there any way to pass the find command a list of things to remove and do it all in one shot? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.