RE: [Declude.JunkMail] Outbound Mail
Do you require SMTP authentication? We enforce SMTP authentication and port 587 for SMTP outbound. So far, I have not seen a virus or worm that uses SMTP authentication. Chuck From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Michael Cummins Sent: Wednesday, June 16, 2010 11:54 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Outbound Mail This is off topic for the list, but I thought this group might be able to give me some direction. How do you handle outbound mail? I really try to keep a lid on spam and my clients aren't shady, but if something happens to 1 client, then all the clients are affected when something goes wrong. .I had one a few weeks back that got infected by a virus; we clamped down on it pretty quickly, but it's amazing how fast those things get the mail out. I'm still seeing fresh complaints, weeks later. .I can't put hijack on my customers, because almost all of them have their own private mailing lists, etc. Is outbound mail an issue for you? How do you address it? Thanks for your patience and kind direction! -- Michael Cummins --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail 11
Thanks everyone for your responses. I also got a few off list which were also very helpful. Seems like Smarter Mail has made great inroads into the marketplace. I am definitely going to check it out. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of John Dobbin Sent: Tuesday, August 11, 2009 11:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail 11 We moved from Imail 8.22 to Smartermail and never looked back. After years of trying to make Imail work, we finally found one that does. We ran MailEnable for a while, but it had too many security problems at the time to keep. Our customers jumped for joy with the Smartermail web interface. John From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Chuck Schick Sent: Tuesday, August 11, 2009 11:57 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail 11 Sorry William I did not catch your sarcasm. I don't see those problems with Imail and we have people with 1000s of messages in their inbox but that is version 8.22, I know they had a lot of web mail problems with later versions.. I think roundcube is better than squirrel mail but I don't know if it will work on a windows machine - have never tried to do that. That being said, I am still looking for recommendations on a Mail Serveranyone have thoughts. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of William Stillwell Sent: Tuesday, August 11, 2009 10:33 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail 11 You didn't understand my sarcasm did you? I gave up w/Imail on fixing my imail webmail issues, on my servers, if there is more than 1000 messages in a mail box, users get Access Denied when going to different pages in there preview window. If they have less then 500 messages it works fine for them.. It's by no means OWA . William Stillwell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Imail 11
Anyone on this list using Imail 11? If so what has the experience been so far? We are running IMAIL 8.22 and I am looking at either upgrading my version or changing mail software all together - smartermail or Merak. Number one criteria is for a better webmail interface. Is version 11 ready for prime time? Thanks. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail 11
No disrespect, but squirrel mail is not what I am looking for...something closer to OWA is the type of interface that would make my client's happy. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of William Stillwell Sent: Tuesday, August 11, 2009 9:54 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail 11 I find Squirrel Mail works better :/ Webmail is nice, but its IIS intensive. William Stillwell From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Chuck Schick Sent: Tuesday, August 11, 2009 11:47 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Imail 11 Anyone on this list using Imail 11? If so what has the experience been so far? We are running IMAIL 8.22 and I am looking at either upgrading my version or changing mail software all together - smartermail or Merak. Number one criteria is for a better webmail interface. Is version 11 ready for prime time? Thanks. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail 11
Sorry William I did not catch your sarcasm. I don't see those problems with Imail and we have people with 1000s of messages in their inbox but that is version 8.22, I know they had a lot of web mail problems with later versions.. I think roundcube is better than squirrel mail but I don't know if it will work on a windows machine - have never tried to do that. That being said, I am still looking for recommendations on a Mail Serveranyone have thoughts. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com _ From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of William Stillwell Sent: Tuesday, August 11, 2009 10:33 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Imail 11 You didn't understand my sarcasm did you? I gave up w/Imail on fixing my imail webmail issues, on my servers, if there is more than 1000 messages in a mail box, users get Access Denied when going to different pages in there preview window. If they have less then 500 messages it works fine for them.. It's by no means OWA . William Stillwell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Does anyone know of a tool that does this....
Markus: That is kind of what I am looking for. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gufler Markus | Limitis Sent: Friday, November 07, 2008 2:15 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Does anyone know of a tool that does this Hi Chuck Look at the attached message. Is it something like this what you want? It's in german and at the moment and it works in a mode where the user can request his report by inserting his recipient address on our website. The report for the selected day will be send then to his email-address and the user can also click on the subject to requeue the message and deliver it to his mailbox. By having a list of of all recipients who want this daily reports it could also be automated. Unfortunately this is not a ready click and play solution. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, November 07, 2008 9:51 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Does anyone know of a tool that does this I would like to route spam that people receive to a spam folder on the server. It would be great is there was a program that could periodically (daily) scan the spam folder and send an email to the mailbox owner to tell them what was caught in the spam folder. We are running Imail 8.22. Anyone know of something like this? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Does anyone know of a tool that does this....
I would like to route spam that people receive to a spam folder on the server. It would be great is there was a program that could periodically (daily) scan the spam folder and send an email to the mailbox owner to tell them what was caught in the spam folder. We are running Imail 8.22. Anyone know of something like this? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on mailbox action...
I am not trying to re route the messages. What I want to do is place the email in a spam folder for each user if the message exceeds a certain weight. The mailbox action in declude would seem to do this. I just want to know if the folder will be created automatically using the mailbox action if it does not already exist. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Tuesday, April 29, 2008 4:32 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Question on mailbox action... It the mail box is [EMAIL PROTECTED] And you say ROUTETO [EMAIL PROTECTED] THEN THE FOLDER SPAM GETS CREATED AUTOMATICLY Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, April 29, 2008 5:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question on mailbox action... If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question on mailbox action...
If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: alligate
Point your mx record to your new serverlike MX 10 gateway.123marbella.net. Then point gateway.123marbella.net. to the IP address of your new alligate server. Imail should not need any changes. To really tighten things up have your users authenticate on port 587 and block all IPs to port 25 except for your alligate server. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com _ F rom: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig Edmonds Sent: Tuesday, April 22, 2008 12:58 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] OT: alligate Hi All, I have installed alligate on a new dedicated server and configured everything by the looks of it. Does anyone know what DNS settings I need to make on my domain and what I need to change on my IMAIL server? I sent a support ticket to alligate about 10 seconds ago but am itching to get it working and wondered if anyone here knew. Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.net --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Is Tqmcube.com dead???
We are seeing this on the dhcp.tqmcube.com - that is the only one we were running. It is very inconsistent. Contrary to their message not every email is returning a hit. I turned the test off for now. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, February 21, 2008 12:58 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Is Tqmcube.com dead??? Chuck, was it just the prc.tqmcube.com that returned these? I see on their own RBL checker web page that only the Peoples Republic of China zone returns this error. When I query their servers for a few test IPs, including 127.0.0.2, I don't get an error or a positive response, everything fails. I've also tested based on their current dirty 12 list... and what I get is either a non-existent domain or a query refused response. Going back to my logs, the last hits I notice are on January 20 2007, for the DHCP and the TRAP lists. The lists have been either underperformers or have been down. Check it out like this: grep -c TQM dec*.log I see a lot of days with zero hits. It looks like they're the latest RBL to throw in the towel. Andrew. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Sent: Wednesday, February 20, 2008 7:57 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Is Tqmcube.com dead??? I started seeing these in the headers of messages today. Tqmcube.com is dead - all queries positive to stop people from using it - you risk loosing all mail unless you stop There web site looks the same but I am getting this return from them. Weird and unprofessional. Sent via the WebMail system at mail.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How can I filter this...?
Here is the From line. From: viagra [EMAIL PROTECTED] The X-declude Sender line is: X-Declude-Sender: [EMAIL PROTECTED] [190.172.162.107] Sorry, I was not clearer. We are getting tons of these with varying spellings of the viagra and the email address is always different. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, February 08, 2008 1:56 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? How so, can you show the X-Declude-Sender line that it did not work on ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, February 08, 2008 3:50 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? David: The first one does not work. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 06, 2008 12:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? Chuck you have several options: MAILFROM5 STARTSWITH Viagra MAILFROM5 CONTAINSViagra MAILFROM5 PCRE (?i:.*viagra.*@) David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, February 06, 2008 2:17 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] How can I filter this...? Spam email is sent and the from line is vigara [EMAIL PROTECTED] Now the declude sender is [EMAIL PROTECTED] but I want to filter the sender name of vigara. Seems like it should be simple but it is eluding me. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How can I filter this...?
David: The first one does not work. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 06, 2008 12:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? Chuck you have several options: MAILFROM5 STARTSWITH Viagra MAILFROM5 CONTAINSViagra MAILFROM5 PCRE (?i:.*viagra.*@) David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, February 06, 2008 2:17 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] How can I filter this...? Spam email is sent and the from line is vigara [EMAIL PROTECTED] Now the declude sender is [EMAIL PROTECTED] but I want to filter the sender name of vigara. Seems like it should be simple but it is eluding me. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How can I filter this...?
That may be but since I have a client that is seeing about 20 of these a day all spelled the same he thinks I should be able to block it. I want to know how to filter on the From line. I never asked how many ways to spell the word. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, February 08, 2008 4:15 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] How can I filter this...? There are 1,300,925,111,156,286,160,896 ways to spell Viagra (see the update at the bottom). http://cockeyed.com/lessons/viagra/viagra.html Going after the word is not the way to target the spam. Matt Chuck Schick wrote: Here is the From line. From: viagra [EMAIL PROTECTED] The X-declude Sender line is: X-Declude-Sender: [EMAIL PROTECTED] [190.172.162.107] Sorry, I was not clearer. We are getting tons of these with varying spellings of the viagra and the email address is always different. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, February 08, 2008 1:56 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? How so, can you show the X-Declude-Sender line that it did not work on ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, February 08, 2008 3:50 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? David: The first one does not work. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 06, 2008 12:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? Chuck you have several options: MAILFROM 5 STARTSWITH Viagra MAILFROM 5 CONTAINSViagra MAILFROM 5 PCRE (?i:.*viagra.*@) David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, February 06, 2008 2:17 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] How can I filter this...? Spam email is sent and the from line is vigara [EMAIL PROTECTED] Now the declude sender is [EMAIL PROTECTED] but I want to filter the sender name of vigara. Seems like it should be simple but it is eluding me. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How can I filter this...?
David: Thanks. I will try that. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, February 08, 2008 5:18 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? Try these couple of lines in a Filter. HEADERS 5 PCRE (?im:From:.*(?i:v.{0,2}[|li1í!].{0,2}[a@/\\].{0,2}[gq].{0,2}r.{0,2}[a@/\\]). *@) HEADERS 5 PCRE(?im:From:.* (?i:(v{1,}i{1,}a{1,}g{1,}r{1,}a{1,}).*@)) Let us know how it works. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, February 08, 2008 7:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? That may be but since I have a client that is seeing about 20 of these a day all spelled the same he thinks I should be able to block it. I want to know how to filter on the From line. I never asked how many ways to spell the word. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, February 08, 2008 4:15 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] How can I filter this...? There are 1,300,925,111,156,286,160,896 ways to spell Viagra (see the update at the bottom). http://cockeyed.com/lessons/viagra/viagra.html Going after the word is not the way to target the spam. Matt Chuck Schick wrote: Here is the From line. From: viagra [EMAIL PROTECTED] The X-declude Sender line is: X-Declude-Sender: [EMAIL PROTECTED] [190.172.162.107] Sorry, I was not clearer. We are getting tons of these with varying spellings of the viagra and the email address is always different. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, February 08, 2008 1:56 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? How so, can you show the X-Declude-Sender line that it did not work on ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, February 08, 2008 3:50 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? David: The first one does not work. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, February 06, 2008 12:25 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] How can I filter this...? Chuck you have several options: MAILFROM 5 STARTSWITH Viagra MAILFROM 5 CONTAINSViagra MAILFROM 5 PCRE (?i:.*viagra.*@) David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, February 06, 2008 2:17 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] How can I filter this...? Spam email is sent and the from line is vigara [EMAIL PROTECTED] Now the declude sender is [EMAIL PROTECTED] but I want to filter the sender name of vigara. Seems like it should be simple but it is eluding me. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives
[Declude.JunkMail] Has Senderbase become worthless?
I have used senderbase for several years to see information about IP blocks. I have found the information useful in the past to see who owns a block and how large a block may be... In the past several months all inquires to senderbase show they don't know who owns the block nor do they see any traffic...Anybody else seeing the same thing? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] frustration
Anyone using a spam gateway in front of declude like alligate, Imgate, or Xwall? We want something that does greylisting and tarpitting. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Gnabasik Sent: Thursday, July 19, 2007 9:15 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] frustration I'm going to third (or fourth) everyone's comments related to Declude, the company, their people (David Barker in particular) and the product. We're running Imail v8.22 (tried 2006 but failed miserably), Declude with invURIBL and Commtouch. We tried Sniffer but it added so much overhead to the system that we had to remove it. Commtouch really was the biggest improvement for us when we added it to the Declude/invURIBL configuration we were running previously. So, our experience was Commtouch was much less of an impact on our server than Sniffer. We have about 3500 mailboxes with 350+ domains and our spam is down to probably 2-3% sneaking through and it's usually the ones that are new and only come in once until their signature is broken and gets included in the various test sources. It's going to be a constant battle where the vendors are always behind the spammers but it seems like the vendors are closing the gap between introduction of new spamming techniques and how fast they get the solutions into the field. Glenn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, July 19, 2007 10:47 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] frustration We are running Declude, invURIBL, and Sniffer. We are not using Commtouch. For those of you running the first three, how much impact did you see by adding Commtouch? Our management is very happy with the current set up, esp. compared to what we used to have. However, I do spend a few hours per week tweaking settings to achieve that. Uwe, I second (or third) the others that Declude (a fantastic product) on it's own won't get you want you want/need. As I mentioned, we are not running Commtouch, but I noticed an improvement when I added invURIBL, and another when I added Sniffer. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, July 19, 2007 1:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] frustration We are on SmarterMail 3.x and run invURIBL and Commtouch ZEROHOUR. We do not run sniffer. We get very few smaps to the user boxes. Most users get none and the heavier email user get 1-3 a day. We delete about 85% of incoming spam the other 14% get held for review and less than one half of one percent gets through to mailboxes. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Uwe Degenhardt Sent: Wednesday, July 18, 2007 10:46 PM To: Craig Edmonds (123marbella.com) Subject: Re: [Declude.JunkMail] frustration Hi Craig and everybody who answered my contribution. It was more a sign of my deep desperation I sometimes feel. But I get new hope now. Obviously with Declude alone (We run Smartermail 3.x) we can't catch them all. I will try Sniffer, invURIBL and Commtouch. I hope they all run with SM. Thanks everybody. Uwe Same Here. Subscribe to the following plugins in addition to Declude...(unfortunately on its own its not enough unless you sit tweaking it all day everyday) Sniffer from Armresearch invURIBL from invariant systems ZEROHOUR from Commtouch With that combo you cant go wrong. Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: 18 July 2007 23:57 To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] frustration We're running pretty well... catching somewhere between 99.7% and 99.9% of incoming spam. Declude 2.0.6 (waiting on Imail 2006 to stabilize before upgrading to the latest version) on IMail 8.22, along with Sniffer and invURIBL. Darin. - Original Message - From: Uwe Degenhardt [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, July 18, 2007 5:33 PM Subject: [Declude.JunkMail] frustration Hi everybody on the list, please excuse me, but I would like to share my frustration with you. I am poured with SPAM the last two-to-three weeks. It gets worse every day. Am I the only one who is seeing this ? I am in a good contact with David of Declude. He is doing a fantastic job, but sometimes I loose my faith and my trust, that we can win the SPAM-fight. It appeals to me, as it is like the old principle: If you put water on the fire at one place, you have to run to the next place to delete it there too
[Declude.JunkMail] Script for removing spam from folder....
I want to start routing mail tagged as spam to the spam folder in the users mail box. I want to have a script that would run dailty that would remove all spam from that folder that is older than 30 days. Has anyone developed anything like this? Any ideas on where to start? Thanks. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Imail Anti-spam
We are running IMAIL 8.22 and I am looking at the Anti-spam features. We are also running declude. Which Anti-spam features do people find good to turn on in Imail versus Declude? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam gateway/proxy...
Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam gateway/proxy...
David: We have such an investment in Imail that it is not feasible for us to switch. Migration cost would be huge. We host several hundred domains. Actually we looked at switching about a year ago and we decided if we would switch it would be to Merak mail (at least based upon our evaluation at that time). Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 11, 2007 2:21 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Spam gateway/proxy... Chuck, Just FYI Some of these things can be achieved with SmarterMail they are able to block connects on the SMTP. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 11, 2007 3:27 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Spam gateway/proxy... Anyone using a spam gateway (Like IMGATE) or proxy (like ASSP) in front of declude. I am intrigued by the idea of using something that will reject the messages before accepting it for delivery and then scanning it. I would only want to use the gateway/proxy to perform graylisting, Sender Validation, tar pitting. According to Len Conrad this could result in a 70 to 90 percent reduction in spam. Ultimately I would like our spam filtering to be where we reject the message before the data command and messages that we do accept for delivery we scan with declude and if it is identified as spam it will be delivered to a junkmail folder in the users mailbox - which they can check via webmail or configure their mail clients to download it. I want to get out of the business of holding or deleting spam. Any thoughts, comments, ...? what have others done. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AUTOWHITELIST Question....
I have not turned on autowhitelist but am considering doing so. I a have question regarding this - does declude only look at the web messaging address book? If [EMAIL PROTECTED] has [EMAIL PROTECTED] in his web messaging address book does the whitelisting only apply to joeblows account or does it apply to everyones account? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] method for reducing CPU load- WeightGate
Based on Chris email I implemented Weightgate on our mail server and have to say it has significantly reduced the CPU load. I estimate that about 70% of the messages that come in are blatant spam with extremely high weights. I moved sniffer to be the last test and set weightgate to NOT trigger sniffer if the weight was over delete weight already. I thought I would pass this on. Thanks Chris. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Jaime Sent: Tuesday, November 28, 2006 9:19 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] method for reducing CPU load This is an excellent suggestion. I can't wait to see it implemented. In the mean time, it's worth taking a look at WeightGate.exe (FREE). http://kb.armresearch.com/index.php?title=Message_Sniffer.TechnicalDetails.T ools I am personally using it with Message Sniffer and invURIBL with great success. - Chris -- Midtown Micro, Inc. (TM) Programming and Web Hosting http://www.MidtownMicro.com Toll Free: 1-800-442-2447 Voice: (916) 442-2447 - Original Message - From: Scott Fisher mailto:[EMAIL PROTECTED] To: Declude.JunkMail@declude.com Cc: Support - Scott mailto:[EMAIL PROTECTED] Sent: Tuesday, November 28, 2006 7:43 AM Subject: [Declude.JunkMail] method for reducing CPU load I've been mulling this one over as I watch my spam filtering CPU time slowly taking over the email server. And I don't expect the number of emails to go down. For external programs and filters I think it would be a good idea to add two optional fields to the global.cfg definition line: a minweight and a maxweight. These would be the last two arguments and optional so existing configs would not need to be changed. For an external program: INV-URIBL external 25 D:\INVURIBL.exe %WEIGHT% %REMOTEIP% 25 0 would become INV-URIBL external 25 D:\INVURIBL.exe %WEIGHT% %REMOTEIP% 25 0 -50 300 in this case invuribl would only get run if the current weight was between -50 and 300. For a filter: ATTACHMENT-GIF filterD:\ATTACHMENT-GIF.txt x 0 0 would become ATTACHMENT-GIF filterD:\ATTACHMENT-GIF.txt x 0 0 -50 300 in this case the attachment-gif filter would only get processed if the current weight was between -50 and 300 Here's why I think this is a good idea: Declude could check the weights before launching the external program. If it is over/under weight the external program would not be launched. 2 if statements to avoid launching a program. That seems like a CPU time saver. Especially when multiplied by 10,000s of emails per day. I use 6 external programs. I believe over half of the program launches would be avoided because of stuff that has already been declared obvious ham or obvious spam. My final of the 6 programs, gets weight skipped over 90% of the time. At 10,000 emails a day, avoiding 50% of the external programs would save 30,000 program launches a day. I believe my 50% to be a conservative number and I think that the percentage would average out to be even higher. Now I have about one hundred filters. The vast majority of them get triggered with the skipweight since the email is already at a high spam weight by the time it reaches the filters. But still every one of these filter files needs to be opened, read and closed for every email. Again 2 IF statements per filter could avoid opening 100 files. That seems to me to be a CPU time saver. By the time, email reaches the filters, I think 75% of it is bypassing filters by being over the skipweight. At 10,000 emails a day (small to many of us). That would mean 750,000 filter files a day would not need to be open, read and closed. From the programming side, I don't believe the coding changes to be too difficult. Weight verification/processing code already exists in the Declude program. It would just need to be relocated. I'm a pretty small user here, getting about 14,000 spams on a weekday. Imagine the potential CPU savings for scaling this up to an ISP with 100,000 emails per day. I don't know if this would have an impact on saving my CPU or not, but it has to help even if it is a little. Please consider this. - Scott Fisher Director of IT Farm Progress Companies 191 S Gary Ave Carol Stream, IL 60188 630-462-2323 This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Although Farm Progress Companies has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email
[Declude.JunkMail] Configuring sniffer for declude...
I also posted this on the sniffer list but I thought I would also post it here. Several years ago when we first started using message sniffer I set it up for in the following manner in my global.cfg file. SNIFFER-GENERAL external063 F:\IMail\Declude\sniffer2r32\licensecode.exe activationcode 70 SNIFFER-EXPERIMENTALexternal062 F:\IMail\Declude\sniffer2r32\licensecode.exe activationcode 120 SNIFFER-OBFUSCATION external061 F:\IMail\Declude\sniffer2r32\licensecode.exe activationcode110 So one and so forth. With the increase in spam and CPU load is there any advantage load wise to just call sniffer once using nonzero instead of the return code. It seems like someone told me that sniffer was only called once and not seperately for each return code. Could someone confirm that. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blacklists Recommendations.
I am looking for recommendations on other blacklists that Declude users are successfully using. Right now I use. Spamcop list.dsbl.org (trusted) AHBL Spamhaus CBL UCEB ORDB SORBs NJABL BLITZEDALL MailPolice I looked at the Declude list and I am wondering about adding spamsources.fabel.dk bl.csma.biz 0spam.fusionzero.com dnsbl.cyberlogic.net blackholes.five-ten-sg.com (multiple tests) psbl.surriel.com db.wpbl.info Thoughts on these tests. Any others that people are having luck with? We use sniffer with Declude but too much is slipping through. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklists Recommendations.
Gary: Thanks a lot for taking the time to put that together. I am going to check out those sites. We do use the multiple tests from NJABL and SORBs. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Monday, November 27, 2006 12:15 PM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] Blacklists Recommendations. BLITZEDALL went offline in May (see http://opm.blitzed.org). Other than that, all the ones you are using I am also using. Other IP4R tests that I am using successfully that you are not: ADNSBL dnsbl.antispam.or.id BASURA bl.emailbasura.org CSMA-SBLbl.csma.biz IMP-SPAMspamrbl.imp.ch SWINOG dnsrbl.swinog.ch JAMMDNSBL dnsbl.jammconsulting.com PSBLpsbl.surriel.com SPAMBAG blacklist.spambag.org SPAMCANNIBALbl.spamcannibal.org TQM3-DYNA dhcp.tqmcube.com TQM3-SPAM spam.tqmcube.com MXRATE sub.mxrate.net FIVETEN blackholes.five-ten-sg.com WHOIS-DYNA combined-HIB.dnsiplists.completewhois.com MXRATE, FIVETEN, and WHOIS-DYNA have multiple lists, and it is good to give separate weights to each. Make sure you check out their web sites for specifics. NJABL and SORBs have multiple tests, make sure you are using all of them, check out their web sites for specifics. Sometimes these sites with multiple tests delete some and add new ones, so it is a good idea to check their web sites every so often to see if there are any changes. For RHSBLs, make sure you are using SURBL (multi.surbl.org). Statistically (using DLanalyzer), the top ten spam catching blacklists for my servers are CBL, SORBS-DUHL, FIVETEN-SPAM, IMP-SPAM, SPAMCOP, PSBL, NJABL-DYNA, UCEPROTECT-1, UCEPROTECT-3, MXRATE-BLOCK. Are you using invURIBL? It is an inexpensive external test, and it will catch a lot of spam. Gary Original Message From: Chuck Schick [EMAIL PROTECTED] Sent: Monday, November 27, 2006 12:55 PM To: Declude. JunkMail Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Blacklists Recommendations. I am looking for recommendations on other blacklists that Declude users are successfully using. Right now I use. Spamcop list.dsbl.org (trusted) AHBL Spamhaus CBL UCEB ORDB SORBs NJABL BLITZEDALL MailPolice I looked at the Declude list and I am wondering about adding spamsources.fabel.dk bl.csma.biz 0spam.fusionzero.com dnsbl.cyberlogic.net blackholes.five-ten-sg.com (multiple tests) psbl.surriel.com db.wpbl.info Thoughts on these tests. Any others that people are having luck with? We use sniffer with Declude but too much is slipping through. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] California Regional Intranet
Title: Message We don't block there IPs but we do have them on a high weight. I have seen nothing but spam come out of there. Chuck SchickWarp 8, Inc.(303)-421-5140www.warp8.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin BilbeeSent: Monday, September 18, 2006 2:28 PMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] California Regional Intranet This IPS seems to be very friendly with the Spammers. What are your thoughts about blocking their entire assigned IP range?? Kevin BilbeeNetwork AdministratorStandard Abrasives, Inc.[EMAIL PROTECTED]Changing the way industry works. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Goober of the year
Title: Message The first clue would be anyone who would set up an AOL account in this day and age and then brag about it. Chuck SchickWarp 8, Inc.(303)-421-5140www.warp8.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Butch AndrewsSent: Tuesday, August 01, 2006 8:14 AMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] Goober of the yearI must write the list to see if my customer meets the criteria for "goober" of the year. We use Imail and Declude Junkmail. My customer requested over a year ago to be removed from Spam filtering and I did this. Recently he called and requested that we set up Imail to forward his email to a new email account he opened with AOL. Our customer support software makes these changes on our server so the fact that his mail folder was receiving unfiltered mail went undetected. In addition this winner went into his webmail interface and put a vacation notice that was sent to all incoming email that he had a new address at AOL and he includedit in the email. I hope you can follow this. "Soo" now his account with us is receiving hundreds of spam that are forwarded to his newAOL account.He sends the spammer his new address with the vacation replyfrom our server. That email bounces back to my server which forwards it back to AOL. They bounce it back to him which forwards back to them via the mail forwarding he set up. Those spammers that are monitoring bounce back messages have his new address. My mail server becomes blocked by AOL. Isn't it great to be a small facilities based ISP trying to survive in today's Internet with customers like this? I closed his account. Thanks for the time I had to tell someone who might understand. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Goober of the year
Title: Message The original poster was an ISP who stated the customer(of the ISP) set up a new email account and emailed people of his new account. I would interpret that to mean the person was a customer of the ISP and they had an email account with the ISP. Going from that to AOHELL is not a step to be applauded, IMHO. Chuck SchickWarp 8, Inc.(303)-421-5140www.warp8.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael JaworskiSent: Wednesday, August 02, 2006 8:50 AMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Goober of the year They maybe just human. It may have been a big step for them to get there. They need to be applauded for the step, not the stone. After little Internet experienceand peer talk they may find AOL is not the best solution for them and remember your kindness and start paying you money for a service they now appreciate. Mike -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck SchickSent: Wednesday, August 02, 2006 7:21 AMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Goober of the year The first clue would be anyone who would set up an AOL account in this day and age and then brag about it. Chuck SchickWarp 8, Inc.(303)-421-5140www.warp8.com---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] Forged from local domains.
I am starting to see a lot of spam email that uses the recipient domain in the from address. So if the mail is going to [EMAIL PROTECTED] the from address may be something like [EMAIL PROTECTED] Is there any declude test to see if the sender is valid for local domains??? I thought I remembered something about the spammers using a wildcard to just fill in the recipient domain for the from address - seems like there should be a method to block this. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forged from local domains.
Matt: Thanks. I have been looking at setting up a gateway filter. Thanks for your recommendations. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, July 21, 2006 4:42 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Forged from local domains. Chuck, Yes, you can make a version of SPAMDOMAINS that lists your own domains figuring that your own customers will be whitelisted for AUTH or IP and therefore not hit by that filter. IMO, even though they are forging addresses and their content may be spammy, those two things don't necessarily represent the best way to tag such guys. Gateways that tarpit or greylist like ORF and Alligate will block virtually zombie spammers with minimal effort, and if configured properly, without false positives. I only currently know of one zombie spammer that defeats greylisting, and a good number of them fail when tarpitted. Matt Chuck Schick wrote: I am starting to see a lot of spam email that uses the recipient domain in the from address. So if the mail is going to [EMAIL PROTECTED] the from address may be something like [EMAIL PROTECTED] Is there any declude test to see if the sender is valid for local domains??? I thought I remembered something about the spammers using a wildcard to just fill in the recipient domain for the from address - seems like there should be a method to block this. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Status
Here is what I want to see in the spam filtering solution. 1) The ability to automatically create a spam/junkmail folder at the user level whenever a newuser is created. 2) The ability to route items marked as spam to that folder at the user level. 3) The ability to delete items from the spam folder after x number of days. I have been told all this can be done but I have never seen a straight forward way to do it. Checking the spam filters is our most time consuming activity. Eliminating holding any spam above the user level would avoid a lot of problems and wasted time. A poll of our customers showed that tagging spam was not helpful to them. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, July 20, 2006 8:28 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Declude Status Hi, Let me make a few observations: - if it wasn't for the discussion on business policy, this list would not be busy at all. In fact, I note that I seldom see any new technical issues being discussed. - I understand that people from either side of the fence have various opinions about business decisions/policy - and I think everyone has voiced their opinions. Which is good. - I am very encouraged to see Declude personnel being very accessible on this list, responding to technical issues on the list and off-list in an informed and capable manner. I deeply feel that someone is at last taking ownership of the product and its customers again. Let's not frustrate those individuals. - I am pleased to see that there have been a few new Declude builds that addressed a few issues and have not introduced big gotchas. - I do understand that some Declude customers have a list of outstanding problems that have not yet been addressed - but it does sound as if we do have their ear and they are trying to work the list. - I also agree that Declude has not added some sorely missed features in the past years. On the other hand, integrating a virus scanner with automatic update is something that many less-savvy administrators truly needed and certainly does count as a valuable offering. Offering a Sniffer alternative to SOME Declude customers (albeit not all), certainly can't be discounted either. - I don't know if those of us who have been holding off the upgrades are simply a very vocal majority - or if there are indeed only a few satisfied Declude 3.x / 4.x customers. I installed it on one of my co-lo customer's system last week - and it's been running fine (although with comparably moderate load). My suggestion is this: Now that everyone had a chance to voice their position regarding Declude business policies/strategies, let everyone determine for themselves if any more posts on this issue really introduce new facts/facets - or if we are just keeping the thread alive for S/M and/or revenge purposes. I would love for the list to go back to discussing/prioritizing technical issues as this will help Declude advance their product for their and our benefit. I don't know if Declude will remain a vendor we can rely on - but I think after offering our opinions - we should ALL be allowed to get back to work. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Trying to install Declude 3.1.20 anew
Because the original notifications use to pi$$ people off so it was best not to send them. I don't know if this is still the case but back in the early versions of declude the default message to postmaster was composed like this. ***Declude Message** The Declude Virus v%VERSION% software on our mail server detected the %VIRUSNAME% virus that appears to have come from your mail server. It was sent in an attachment %VIRUSFILE%, from %MAILFROM% to %ALLRECIPS%, with the subject %SUBJECT%. The Message-ID was: %MSGID%. This notice is sent as a courtesy so that you have the option of contacting your user and helping them get rid of the virus. This message was sent by Declude Virus. If this virus did originate from one of your users, you may want to consider adding virus protection to your mailserver. You can check the headers below to verify that the virus originated from your mailserver. ** Since many viruses forge the sender and/or use their own smtp engine the messages tended to accuse people who were innocent kind of like bouncing spam will cause you to be a spammer. After receiving several of bogus messages from servers using declude I figured that postmasters that sent notifications for viruses were clueless. Just my 2 cents. Maybe it got better in later versions - I just never turned it on. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ncl Admin Sent: Wednesday, July 12, 2006 3:50 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Trying to install Declude 3.1.20 anew At 03:31 PM 7/12/2006 -0400, David Barker wrote: As far as I know this still works, although majority of customers do not send virus notifications. What gives you this opinion might I inquire? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Declude confirm...
I was going to run Declude confirm for the list server. It is still listed on the Declude website as a free tool but when I go to the download the confirm.cfg link I get a page not found error. http://www.declude.com/version/Release/Confirm.cfg Could someone send me the proper link or a copy of the confirm.cfg file. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] How to get support from sniffer....
It appears in the sniffer rulebase updated yesterday one of the rules trips the getrich test on sniffer when emails are sent from or to our domain name. I have identified the rule and made a panic rule entry. But it appears the problem is more wide spread. I have sent messages to [EMAIL PROTECTED], [EMAIL PROTECTED], and have submitted several examples to [EMAIL PROTECTED] with absolutely no response. I am concerned that my emails are not getting through because of the bad rule - when I sent a message to the sniffer list it never shows up making me suspect the bad rule is torpedoing my email correspondence. This is a big catch-22. I wish that sortmonster had a web based ticketing system. Anybody have a non email way of getting ahold of sortmonster. The tech support phone number on the armresearch web site just goes to voice mail. Sorry to post this here but I want to get this resolved. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How to get support from sniffer....
Andrew: Thanks a bunch. Pete has always been responsive, I just think I have been caught in the proverbial death spiral on this issue. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Wednesday, May 24, 2006 12:54 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] How to get support from sniffer Chuck, since I'm not blocked, I've sent a message on your behalf to Pete as well as false@ ... while redacting your domain name. Happy to help, Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, May 24, 2006 11:13 AM To: Declude. JunkMail Subject: [Declude.JunkMail] How to get support from sniffer It appears in the sniffer rulebase updated yesterday one of the rules trips the getrich test on sniffer when emails are sent from or to our domain name. I have identified the rule and made a panic rule entry. But it appears the problem is more wide spread. I have sent messages to [EMAIL PROTECTED], [EMAIL PROTECTED], and have submitted several examples to [EMAIL PROTECTED] with absolutely no response. I am concerned that my emails are not getting through because of the bad rule - when I sent a message to the sniffer list it never shows up making me suspect the bad rule is torpedoing my email correspondence. This is a big catch-22. I wish that sortmonster had a web based ticketing system. Anybody have a non email way of getting ahold of sortmonster. The tech support phone number on the armresearch web site just goes to voice mail. Sorry to post this here but I want to get this resolved. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How to get support from sniffer....
Pete: Thanks. Was worried my messages were not getting through. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Wednesday, May 24, 2006 1:22 PM To: Chuck Schick Subject: Re: [Declude.JunkMail] How to get support from sniffer Chuck, I stepped away for a while (started work today at midnight). I've found your FPs and I will address them immediately. I note you did not leave a message on the support line (that I can see). I'll take the rest of this off list. Thanks, _M On Wednesday, May 24, 2006, 2:12:39 PM, Chuck wrote: CS It appears in the sniffer rulebase updated yesterday one of the CS rules trips the getrich test on sniffer when emails are sent from or CS to our domain name. I have identified the rule and made a panic rule CS entry. But it appears the problem is more wide spread. I have sent CS messages to [EMAIL PROTECTED], [EMAIL PROTECTED], and CS have submitted several examples to [EMAIL PROTECTED] with CS absolutely no response. I am concerned that my emails are not CS getting through because of the bad rule - when I sent a message to CS the sniffer list it never shows up making me suspect the bad rule is CS torpedoing my email correspondence. CS This is a big catch-22. I wish that sortmonster had a web based CS ticketing system. Anybody have a non email way of getting ahold of CS sortmonster. The tech support phone number on the armresearch web CS site just goes to voice mail. CS Sorry to post this here but I want to get this resolved. CS Chuck Schick CS Warp 8, Inc. CS (303)-421-5140 CS www.warp8.com CS --- CS This E-mail came from the Declude.JunkMail mailing list. To CS unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type CS unsubscribe Declude.JunkMail. The archives can be found at CS http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Storage Server (NAS)
Sorry to reply late. We have set up Dell Powervaults with that approximate configuration. You can usually get a pretty good discount off of the list price. We usually go with a raid 5 configuration. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Friday, May 12, 2006 1:26 PM To: JunkMail Declude Subject: [Declude.JunkMail] OT: Storage Server (NAS) We are looking for a storage server to do our nightly backups to and our desktop user backups. 1U Rack 1gig Ram 4 SATA hot swapable Windows storage server any suggestions? Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] How to filter for this?
In the headers of messages there is this line Received: from spambag [70.69.167.210] by warp8.com I want to filter on the spambag portion of that line. What filter could I use to accomplish this? Thanks. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailing List Software
Imail has a list server which works well. We have used it for lists up to 40,000 recipients. I recommend password protecting any list - not doing so can create problems. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Hentschel Sent: Thursday, November 03, 2005 12:16 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Mailing List Software Does anyone use or know of some software to send out emails to a customer base that works with IMail? We want to send out occasional emails to a portion of our customers while protecting everyone's email from each other, checking for bad emails etc. Thanks, Karl --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam not getting scanned
I have a customer that is getting swamped with blank emails - there is no from, to, subject or body. Here are what the headers of one email said. Date: Wed, 2 Nov 2005 04:57:45 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Comment: Sending client does not conform to RFC822 minimum requirements X-Originating-IP: [208.182.249.15] It appears that Declude did not scan the email. That IP address is on a couple of blacklists and would have been held. Anyone know why declude would not scan it - are the headers too corrupted to scan? Is there a way to block these? Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter idea!
I would say that 90% of my subject tests use the operator CONTAINS. This is usually for the 5000 variations of drug names. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Tuesday, September 13, 2005 12:44 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Filter idea! I do not know why I did not think of this before. Of course, knowing my fortune, many of you probably already figured this out. It appears that using IS to check the subject line has always been iffy. I thought of a solution: Use ENDSWITH instead of IS. Just an FYI. John T eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT - Removal from SPEWS
As other have noted - don't waste your time. One of our class C's is part of a class B that a spammer at some time had a couple of IP blocks in. As their approach is that any collateral damage is acceptable, they blocked the entire class B. As reputable and competent administrators do not use Spews to block email, we have had very few problems with customers mail not getting through. When it does come up we offer to move these clients to another mail server but also explain that it is a misguided guerilla warfare attempt by spews. Almost every time once the client has understood what is going on they have informed the person not receiving the email to contact their host so they are not blocked. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton Sent: Thursday, September 01, 2005 11:00 AM To: Declude Junkmail Forum Subject: [Declude.JunkMail] OT - Removal from SPEWS Hey All, How does one go about getting their IP address delisted with SPEWS? I understand how I got listed and that problem has been successfully removed. But now is the daunting task of getting delisted. While most blacklists do provide some sort of removal process, SPEWS seems to only tell you you're listed. Any suggestions here? Troy D. Hilton Serveon, Inc. [EMAIL PROTECTED] 302-529-8640 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Header showing up in body
Title: Message How are you viewing the message? It is probably associated with the email client settings.I know some email clients have the option of showing headers - you have to make sure the option is turned off. This is also true of webmail. Chuck SchickWarp 8, Inc.(303)-421-5140www.warp8.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark E. SmithSent: Monday, August 01, 2005 11:39 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Header showing up in body Does anyone know why occasionally the SMTP header of Declude will show up in the message body?Here's an example:-0-From: Rachel Horton [mailto:[EMAIL PROTECTED]]Sent: Mon 8/1/2005 11:04 AMSubject:To: [EMAIL PROTECTED]Subject: This week's casesDate: Mon, 01 Aug 2005 10:03:49 -0500Mime-Version: 1.0Content-Type: multipart/mixed; boundary="=_NextPart_000_4ab2_2c37_1ad0"X-OriginalArrivalTime: 01 Aug 2005 15:03:50.0065 (UTC) FILETIME=[3958BA10:01C596AA]X-RBL-Warning: CATCHALLMAILS:X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"X-RBL-Warning: IPNOTINMX:X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected.X-RBL-Warning: SIZE-M: Message failed SIZE-M: 14.X-RBL-Warning: MS-WHITE: Message failed MS-WHITE: 0.X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -20.X-RBL-Warning: WEIGHTLEGIT: Total weight between -5000 and 119.X-Declude-Sender: [EMAIL PROTECTED] [64.4.43.56]X-Declude-Spoolname: D39D65DE200E85A8A.SMDX-NOTE:X-Note: ==X-Note: Spam Score: 0 [SUBJECT STRING ON 120-349 DELETED ON 350+]X-Note: Scan Time: 11:04:03 on 01 Aug 2005X-Note: Spool File: D39D65DE200E85A8A.SMDX-Note: Server Name: hotmail.comX-Note: SMTP Sender: [EMAIL PROTECTED]X-Note: Reverse DNS IP: bay17-f6.bay17.hotmail.com [64.4.43.56]X-Note: Organization: netrends.comX-Note: Recipient(s): [EMAIL PROTECTED]X-Note: Country Chain: UNITED STATES-destinationX-Note: Tests Failed: CATCHALLMAILS [0], NOABUSE [10], NOPOSTMASTER [10], IPNOTINMX [0], NOLEGITCONTENT [0], SIZE-M [0], MS-WHITE [0], SPAMCHK [-20], WEIGHTLEGIT [-5000]X-Note: In or Out: incomingX-Note: ==X-Note: filter [2.0.6.16] for SPAM virus.X-Note: ==X-NOTE:Return-Path: [EMAIL PROTECTED]This is a multi-part message in MIME format.--=_NextPart_000_4ab2_2c37_1ad0Content-Type: text/html; format=flowedhtmldiv style='background-color:'DIV class=RTEThis week's advisory is attached./DIV/divbr clear=allhr a href=""http://g.msn.com/8HMBENUS/2755??PS=47575">http://g.msn.com/8HMBENUS/2755??PS=47575" target="_top"Get the NEW version of MSN Messenger with Video Conversation - it's FREE!/a /html--=_NextPart_000_4ab2_2c37_1ad0Content-Type: application/msword; name="adv 8-1-05.doc"Content-Transfer-Encoding: base64Content-Disposition: attachment; filename="adv 8-1-05.doc"0M8R4KGxGuEAPgADAP7/CQAGAAAB
[Declude.JunkMail] RBL's becoming worthless...
In the last several months we have seen large quantity of spam coming from IP blocks that never seem to get listed on any RBL. Spamcop is about the only one that picks some of them up and once in awhile spamhaus. There was a block last night that sent several hundred and sendbase.org showed they had detected no email from that block. The reason I bring this up is because when we first started blocking spam I would say the blacklists would catch almost 90% so we relied heavily on the blacklist. With the blacklists not being as effective we need to rely on other tests like sniffer but that misses alot also. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] My ideal spam filtering solution.
After running declude for almost three years, here are the features I would like to see. Maybe this capability already exists and I am just not knowledgeable enough to set it up. 1) When a user account is set up a folder for spam is set up under his user folder automatically. 2) Spam filtering can be set by the user to tag his spam or to route it to the spam folder. 3) Automatically delete spam old from the spam folder after a set time interval. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New Spam or Virus????!!
Starting to see messages that have a zip attachement with the format 5.zip or 7.zip - I do not know if it is spam or a virus. Anyone else seeing this? Virus scanner is not catching it so I do not know if it is a virus or not. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Automated requeuing
Pete: Are you distributing this tool? If so I would be interested in testing it out. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, March 14, 2005 4:21 PM To: Markus Gufler Subject: Re[2]: [Declude.JunkMail] Automated requeuing On Monday, March 14, 2005, 5:59:15 PM, Markus wrote: MG 2.) Log file processing with MDLP (Modular Declude Logfile MG Processor) written by Pete McNeil This tool does extremely fast MG parsing of declude jm logfiles. Pete's primary intention was to MG write a tool that's able to analyze results of each declude test and MG based on the determined reliability adapt automatically the MG weighting system. Due to a lot of other work I haan't had time to MG test this part of the tool. I concentrated on the other part of MG MDLP. It can write CSV-files containing all processed messages, MG mailfrom, mailto, datetime, subject and the total weight of the MG weighting system. Then I've setup up some MS-SQL DTS packages that MG are able to import this csv-sources in a very fast way into a MS-SQL MG database. MDLP allows to process only e certain timerange of a daily MG logfile, so we import the processed message results on a hourly MG base. Just following on to the thread here... I'm putting together a page for MDLP showing test results from our system and, eventually (under construction), documentation etc. http://www.sortmonster.com/MDLP/ _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude log analysis...
Can anyone recommend a good log analysis program to work with Declude? I am most interested in tests failed and possibly IP addresses of failed mail. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SpamCop not testing?
Scott: Do you have do you have any further information about this statement - what type of errors, etc. It is important to note that you should only have one DNS server listed in the IMail SMTP settings (IMail has a known sporadic issue if there are multiple DNS servers listed). We have used 3 DNS servers in Imail for 6 years and I was not aware of any problems. We even change the order sometimes so Imail is querying the least busy one. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Notification Policy...
Pete: Barry made a post to the Sniffer list but as far as I know there has not been a notification to Declude Customers. When there is a major glitch in a program like this, I would expect to be notified by the Vendor immediately. Users are finding out from peer lists about this problem which was first reported on Saturday. Not all users are on these lists or they do not monitor them. I think this is a good opportunity for the Management at Declude to develop a notification policy. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, January 03, 2005 9:50 AM To: Marc Catuogno Subject: Re: [Declude.JunkMail] FW: [sniffer] Sniffer Notifications now failing declude spamheaders test On Monday, January 3, 2005, 11:30:22 AM, Marc wrote: MC I don't mean to be a nag but this was just posted to the sniffer MC forum and is exactly what I was talking about. It is almost 48 MC hours after the first post discussing this bug and there is still MC no e-mail from Declude that I am aware of that has gone out. I saw a note from Barry... maybe you don't have it yet? _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Solution to death of IMail
For us this may be a blessing in disguise. I purchased a SA last Friday the 22nd and I am glad I did. Anyway as an ISP we have been thinking of changing our mail system anyway. Declude does need to look at a gateway type of product. We have been seriously looking into something like Barracuda just because we could use one gateway for several servers. I think that Ipswitch is going the wrong way - yes there is a market for collaboration software but it is not for everyone. To not sell the stand alone server is going to be a blow to them. By the time they realize their mistake it may be too late. Just my two cents on the subject. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Outbound mail
For some reason declude is holding outbound mail even though we do not have it set in the Global.cfg file to hold. We are running the Declude Pro version 1.79. Any explaination of why this is happening? We do not want to even scan outbound mail - what is the best way to turn that off. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Citibank - phishing- still live
Dan: I certainly know how to run the spamdomains test but I would like to point out some of the basic problems with the spam domains test. As I said there is no central list for the spam domains - you posted yours and Marcus posted his and they were different. Here are a few other problems with spamdomains - many legitimate businesses (American Express, Dell) outsource mailings to third party mailers - this can trigger false positives. People using their personal email address as a reply to address and send it from a different server (from work) - more false positives. People forwarding mail to an account on our server from another mail server - these will trip more false positives. Every situation is different, everyone's objectives are a little different. I could never get away with blocking mail without a reverse dns entry like aol does. Our top priority is to deliver the mail, our second priority is block unwanted email, our third priority is to minimize time spent maintaining the mail system. I find that body filters are very good at meeting our objectives and actually save us time. We use spam domain tests but find they are more prone to false positives for the reasons mentioned above and therefore we have to weigh it lower than some other tests. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Tuesday, October 05, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Citibank - phishing- still live Chuck, If you are getting lots of false positives with SpamDomains then I don't think you are using it right. My hold weight is 100. My delete weight is 200. I have multiple SpamDomains tests with some weighing 100 points and some weighing 125 points. So almost any failure of SpamDomains is held in my setup. Obviously I wouldn't be holding on SpamDomains if it generated lots of false positives. BTW, I don't do any filtering on the body of messages, only headers. Body filtering is a big waste of time in my opinion. Dan - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 12:07 PM Subject: RE: [Declude.JunkMail] Citibank - phishing- still live Unfortunately spamdomains is a test that has a lot of false positives and there is not real solid list of spamdomains. Because of that we have to weight spamdomains low, so I could never say that users would not see such an email because of spam domains alone. On the other hand I can give a very high weight to urls contained in the body of an email and will have almost no false positives. Just my thoughts on the matter. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Tuesday, October 05, 2004 9:14 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Citibank - phishing- still live Whether I classify them as spam or not, I don't post every spam that I receive to this list. My point is that if you are blocking phish based on individual URLs I think you are not doing it in the most efficient way. Simply adding... @ameritrade.com.ameritrade.com @citi.com.citibank.com @citibank.com.citibank.com @ebay.com.ebay.com @fleet.com.fleet.com .gs.com @paypal.com .paypal.com @suntrust.com.suntrust.com @visa.com.visa.com @wellsfargo.com.wellsfargo.com to the text file which maps to my Spamdomains test keeps all of the phish away from my users since none of these messages every originate from the proper domains. Dan - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 10:58 AM Subject: Re: [Declude.JunkMail] Citibank - phishing- still live Where else would you suggest they be posted, after all, phishing e-mail are spam in my book. However, with that said, more and more virus vendors are starting to add phishing e-mail recognition to their virus definitions. Both uvscan (NAI/McAfee) and the latest release candidates for ClamAV support phishing e-mail detection. Bill - Original Message - From: Dan Geiser [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 4:22 AM Subject: Re: [Declude.JunkMail] Citibank - phishing- still live Can I ask why you guys post these to the Declude JunkMail discussion list? It doesn't seem to have anything to do with the subject matter of this list. - Original Message - From: Kami Razvan mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 6:56 AM Subject: [Declude.JunkMail] Citibank - phishing- still live Hi; the following is another phishing attempt- the site still live. http://211.158.34.250/citifi/ http://211.158.34.250/citifi/ Regards, Kami Email Subject: [37~]Dear
RE: [Declude.JunkMail] E-Mail to download v1.8
Keith Where did you find the manual or the cfg files? I can find the download but not the link to the manual. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Tuesday, September 28, 2004 8:45 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] E-Mail to download v1.8 Jeff, I was able to get it via my account login at www.declude.com. Keith -Original Message- From: [EMAIL PROTECTED] on behalf of Jeff Maze Sent: Tue 9/28/2004 10:33 AM To: [EMAIL PROTECTED] Cc: Subject: [Declude.JunkMail] E-Mail to download v1.8 Hello, Just wanted to know if there's a place to download the latest .cfg files to handle the v1.8 additions. Or even an updated declude manual? Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. attachment: winmail.dat
RE: [Declude.JunkMail] Blacklisted again
When you get listed on spamcop they usually send a notice to your abuse contacts with full headers. You should be able to identify the source IP address from those headers and then use that IP to check you mail logs. Once you match up the spam with headers with the log files you should quickly see what the problem is. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Wednesday, September 15, 2004 8:16 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Blacklisted again I just got blacklisted again with Spamcop...I have taken out every IP address from my mail server except for my 1 dial up pool...Everyone else must authenticateMy server is still at almost 100% most of the time...I am still sending out spam but how do I tell where it is coming from... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spamtest quality report
Markus: What are the following IP4R tests, I could not cross reference them with the Declude Manual or the list at http://www.declude.com/Articles.asp?ID=97 TESTSFAILED 0 CONTAINSBHOLE-CN-KR TESTSFAILED 0 CONTAINSBHOLE-JAPAN TESTSFAILED 0 CONTAINSBHOLE-KOREA TESTSFAILED 0 CONTAINSKOREASPAM Thanks for your help. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Wednesday, August 11, 2004 3:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Spamtest quality report This is really helpful. Could you explain some of your combo tests? I did not know that declude could do combo tests. You can use combo-test with TESTSFAILED lines in Declude Junkmail Pro filter files For example You've running several IP4R tests SPAMCOP, FIVETEN, CBL, SBL, Now set up a test COMBO-IP4R with the following filterfile containing only your reliable IP4R-tests ## TESTSFAILED 0 CONTAINSAHBLDOMAINS TESTSFAILED 0 CONTAINSAHBLPROXIES TESTSFAILED 0 CONTAINSAHBLSOURCES TESTSFAILED 0 CONTAINSBHOLE-CN-KR TESTSFAILED 0 CONTAINSBHOLE-JAPAN TESTSFAILED 0 CONTAINSBHOLE-KOREA TESTSFAILED 0 CONTAINSBLITZEDALL TESTSFAILED 0 CONTAINSORDB TESTSFAILED 0 CONTAINSCBL TESTSFAILED 0 CONTAINSDSBL TESTSFAILED 0 CONTAINSDSN TESTSFAILED 0 CONTAINSFABEL TESTSFAILED 0 CONTAINSKOREASPAM TESTSFAILED 0 CONTAINSMAILPOLICE-BULK TESTSFAILED 0 CONTAINSNJABLPROXIES TESTSFAILED 0 CONTAINSSBL TESTSFAILED 0 CONTAINSSORBS-HTTP TESTSFAILED 0 CONTAINSSORBS-MISC TESTSFAILED 0 CONTAINSSORBS-SOCKS TESTSFAILED 0 CONTAINSSPAMBAG TESTSFAILED 0 CONTAINSSPAMCOP TESTSFAILED 0 CONTAINSSPAMHAUS TESTSFAILED 0 CONTAINSXBL-DYNA ## This test will have no effect on your weighting system but it's the base for the following COMBO-Tests. COMBO-IP4R will fail if at least one of the listed IP4R-Tests has failed before. Now set up one test for each other test you want to combine with the IP4R-tests For example COMBO-IP4R-SNIFFER with another filterfile ## TESTSFAILED END NOTCONTAINS COMBO-IP4R TESTSFAILED 30 CONTAINS SNIFFER ## So what happens COMBO-IP4R-SNIFFER will terminate wtihout result if COMBO-IP4R hasn't failed before Otherwise it will add 30 points if SNIFFER has identified this message as spam. You can combine several other tests with the group of IP4R-tests. Most of you should forget to use the COMBO-IP4R-COUNTRY-US filter because it's working good only for european mailservers. Maybe you can use a COMBO-IP4R-COUNTRY-EU filter file. Unfortunately you can't use this COMBO-Test with SPAMCHK because it can return also a negative weight if a message seems legit. If the result is negative it's not a good idea to combine it with another group of tests and add weight if the second group indicates spam. A feature request to separate the weight test in weight+ and weight- should be somewhere deep in Scott's todo-list ;-) Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spamtest quality report
Markus: This is really helpful. Could you explain some of your combo tests? I did not know that declude could do combo tests. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Wednesday, August 04, 2004 2:05 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spamtest quality report If someone is interested on this report: http://www2.spamchk.com/public.html I've added Pete's explanation and additional information. This static website from now on will be updated weekly every Sunday. Markus BTW: any feedback is welcome BTW2: if there is someone who can provide a solution for ASP-based on-the-fly calculation of web-graphics so that I can create historical graphs for every test it would be very helpfull. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New ALL_LIST.DAT File?
Having trouble with the country filter test. It is not tripping. Here is what the headers show X-Country-Chain: KOREA-KR-destination But even though I have an entry in the country filter that says - COUNTRIES CONTAINS5 kr and I have an entry in the default file that states FILTER-COUNTRY WARN There are no errors showing the declude logs. The logs seem to indicate the test is running but it does not trip even when the country shows up in the chain. Any suggestions? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, July 30, 2004 2:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] New ALL_LIST.DAT File? Me four, or is there a link where I can get it myself? Here are the details, so people don't have to go searching the list or asking people to send them the details: With the latest release, you can download the all_list.dat file from http://www.declude.com/version/release/all_list.dat . The %COUNTRYCHAIN% variable and the country filtering will be enabled. For filtering, you can use the formats: COUNTRY CONTAINS5 cn COUNTRIES CONTAINS5 kr COUNTRY will only match when the remote mailserver is in the listed country (in the example above, it would match if the remote mailserver was in China, but not if a spammer in China relayed the mail through Spain). COUNTRIES will match when the E-mail traveled through the listed country (in the second example, an E-mail would get caught whether it was sent from a mailserver in China, or whether a mailserver in China relayed it through another country). Note that this is an experimental feature in Declude JunkMail Pro, and since new IPs are allocated daily, it will require occasional updating of the IP/country data (the all_list.dat file). The filter uses the 2-character country code, which is the same as the 2-character ccTLDs ([EMAIL PROTECTED]). A list of these codes can be found at http://www.iana.org/cctld/cctld-whois.htm . Besides countries, the following may be used as well, in cases where the country is not known: *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted *B Public Data Network *E RIPE Unlisted *I Private IP *L Loopback *M Multicast *P APNIC Unlisted *R IANA Reserved *U Unknown -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Attach action...
I had a client that we use the attach action for his domain. He received an email with attachments that was labeled as spam. It appears the original attachment was stripped from the email, is this standard with the attach action? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] fromfile test gone bad.
I have a fromfile test that we have been using for the past 2 years. In the last two weeks we have had a couple of clients complain about missed emails, when I have checked the Declude log it shows that it had failed our fromfile test. When I search the fromfile I do not find the offending from domain!!! These domains are unique enough that they should not accidentally get confused. Anyone ever experience similar problems? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Attach action question.
When we use the attach action is there a way to have the Senders information show up in the subject line. For example: Subject: You have spam from [EMAIL PROTECTED] Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPEWS problem
Goran: Do not waste your time. Spews is an example of a bad blacklist and people should not use it. They have a terrorist mentality towards Spam fighting - collateral damage is okay because their cause is just. If you want to try to get delisted you will need to post to a news group where the bottomfeeders of the world will flame you for weeks. Go To google groups -news.admin.net-abuse.email and do a search for spews - you will see the treatment of those who request removal. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Goran Jovanovic Sent: Monday, May 17, 2004 10:10 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPEWS problem Anyone have any experience with SPEWS.ORG? It seems that the IP address of our server we are using is listed in SPEWS. Has anyone ever got themselves de-listed? Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Scott: Is there any advantage performance wise to run the DNS on the same machine as Imail?? I am putting up a new mail server and we are looking at implemented a DNS server with a sole function of supporting mail. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 8:01 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities
Darin: Is your DNS system home grown or did you purchase it? Sounds like it is part of a hosting control panel. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox Sent: Friday, April 23, 2004 8:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities Good to know. Hadn't heard of problems with Windows DNS, but had heard of security issues with BIND. The one thing I don't like about Windows DNS is the inability to enumerate subdomains without manually parsing the zone files. Not sure what BIND has now in terms of programmatically manipulating zone files to automate most common processes and provide simple management interfaces. A few years ago we ran DNS and hosting on Unix/BIND and had an inherited system with some automated management capabilities, but all via telnet. We now do all of our DNS management via a database driven system, with a web UI and multiple security levels to provide some customers (collocated, advanced customers, and resellers) the ability to manipulate DNS. Darin. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 10:01 AM Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
I guess I was not clear. I do not use ATT (for anything) but we have seen the load increase so much on our own name servers that we are adding more. I only use ATT as a reference point - they must have decided the load was too much to take such drastic action. Many desktop Spam filters are now incorporating blacklist lookups. It is one thing to have mail servers and gateways doing lookups but if end users start doing them it is only going to increase the congestion. The timeouts are from the blacklists not our name servers. I think this is going to be a bigger problem as time goes. We are probably going to do zone transfers on as many of the blacklists as possible and make our own nameservers authoritative for those zones within our network. Maybe I am the only one that sees this as an issue. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jason Sent: Thursday, April 22, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Nameserver issues and Spam fighting Chuck, Your most efficient option would be to run your own DNS server. Then YOU control the query volumes, and no longer rely on ATT. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Thursday, April 22, 2004 11:16 AM To: Declude. JunkMail Subject: [Declude.JunkMail] Nameserver issues and Spam fighting With the increase in people trying to fight spam, nameservers are getting bombarded with lookup request. Recently I understand that ATT has taken steps to not allow lookups of most of the blacklists using their network. It seems that we are seeing more and more DNS timeouts which result in more spam getting through. Anyone else perceive this as a problem that will only get worse? Anyone have any suggestions to make the DNS lookup process more efficient? It would be nice feature if we could bypass some of the DNS lookups if the email scored over a certain amount which would allow some of the email to bypass the lookups thereby reducing the load. [AUTOMATED NOTE: Your mail server [66.140.194.140] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Failed Spamdomains Why
FYI - There is not a DNS failure on Microsoft's end. Microsoft for some reason has no reverse dns for a whole bunch of their mail servers causing mail from MSN and Hotmail to fail both spamdomains and revdns. I have contacted Microsoft and they said it would be fixed yesterday. What a mess. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kevin Bilbee Sent: Wednesday, April 21, 2004 3:04 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Failed Spamdomains Why Scott I thought if there was a DNS failure that SPAMDOMAINS would not fail but pass the email??? This message failed Spam domains when there was a DNS failure on Microsofts end? Declude Version 1.78i18 *** Declude Log *** 04/21/2004 11:36:34 Qbf301a5d024003e8 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 207.68.163.152 with no reverse DNS entry.). Action=IGNORE. 04/21/2004 11:36:34 Qbf301a5d024003e8 Msg failed SPAMDOMAINS (Spamdomain 'hotmail.com' found: Address of [EMAIL PROTECTED] sent from invalid [No Reverse DNS].). Action=IGNORE. *** RDNS Lookup from DNSStuff *** How I am searching: Asking d.root-servers.net for 152.163.68.207.in-addr.arpa PTR record: d.root-servers.net says to go to ginseng.arin.net. (zone: 207.in-addr.arpa.) Asking ginseng.arin.net. for 152.163.68.207.in-addr.arpa PTR record: ginseng.arin.net says to go to dns1.sj.msft.net. (zone: 163.68.207.in-addr.arpa.) Asking dns1.sj.msft.net. for 152.163.68.207.in-addr.arpa PTR record: Error: dns1.sj.msft.net reports a SERVER FAILURE. Answer: An error occurred: Server dns1.sj.msft.net is reporting a server failure (it is probably broken). Details: I could not get to the nameserver authoritative for 152.163.68.207.in-addr.arpa, because one or more of them aren't working properly right now. Sorry! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Updating Global.CFG
I guess I was not clear. I know that SMTP Auth works in IMAIL versions but my question was does it work in declude for all versions of Imail. Or more Clearly - Does the Whitelist AUTH function in Declude work with all versions of IMAIL - I thought I read that this Declude feature only works with IMAIL 8. Clarification would be appreciated. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Hyslip Sent: Thursday, April 15, 2004 2:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG There's a checkbox under the properties of the SMTP service, something about disabling the AUTH function. This was on 7.x I am pretty sure, probably supported for quite some time. The introduction into declude I believe has been much more recent. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Thursday, April 15, 2004 4:18 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG Doesn't that only work with Imail 8.x and not the earlier versions. I got the impression somewhere, sometime. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Hyslip Sent: Thursday, April 15, 2004 8:22 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG It is for user SMTP authentication. To bypass relay settings and show you're really a user of the server when sending an email (so you can relay while off the local network) - since you're an authenticated user, you can choose to whitelist any emails from that particular session. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Thursday, April 15, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Updating Global.CFG Hello, I'm also updating my Global.CFG file and noticed something new. What is WHITELIST AUTH? I checked the online manual, but there's nothing listed for it. There's an entry for WHITELIST HABEAS, but not AUTH. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Reverse DNS on Hotmail..???
All of sudden yesterday evening and this morning hotmail and MSN messages are failing reverse DNS - saying that reverse dns does not exist. This makes it also fail spamdomains. Anyone else seeing this and have any idea of what is going on? Just curious. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Hotmail follow up
I thought I would forward some IPs this is happening on. 65.54.241.110 65.54.241.118 These IPs are registered to Microsoft when I do an IPWHOIS but when I do a reverse DNS I get a No PTR record response. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Updating Global.CFG
Doesn't that only work with Imail 8.x and not the earlier versions. I got the impression somewhere, sometime. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Hyslip Sent: Thursday, April 15, 2004 8:22 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Updating Global.CFG It is for user SMTP authentication. To bypass relay settings and show you're really a user of the server when sending an email (so you can relay while off the local network) - since you're an authenticated user, you can choose to whitelist any emails from that particular session. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Thursday, April 15, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Updating Global.CFG Hello, I'm also updating my Global.CFG file and noticed something new. What is WHITELIST AUTH? I checked the online manual, but there's nothing listed for it. There's an entry for WHITELIST HABEAS, but not AUTH. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] spam domains question
Kami: I agree with your comments. I have trouble maintaining the spamdomains file myself because I lack a good reference for the rules to create one(this goes back to the manual issue). I think the reason so many people ask for one is they are not totally confident in creating it themselves (that is my excuse). I could reverse engineer it easily enough (and I have with a few entries). Scott, could you please post or re-post the criteria for a spamdomains entry. Probably my biggest issue is when their are multiple entries for a domain. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan Sent: Wednesday, March 10, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] spam domains question Hi Chuck: Spamdomains has been one of those topics that appear and disappear- never with a final and definitive answer. It would be good if something like this was done like Forged Virus - with a server giving the weight.. But there are so many variations and changes that perhaps this can't be done by a single company (e.g. Scott) - I know we gave up in maintaining it.. except if we see things that have to be added -like eBay and PayPal which we are about to move to a HOLD-spamdomain test - which could be helpful with phishing attempts. We had several universities in there but had to abort it since a lot of professors and students use their home PC's and the weight was causing problem with FP's. There was a discussion a while back for someone to maintain this and others contribute to it but that never got anywhere either. Oh well... That is a little history for you.. Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] spam domains question
Scott: Thank you. Once again your knowledge and responsiveness are a major reason for the success of Declude and the reason we are committed to using your products. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, March 10, 2004 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] spam domains question Scott, could you please post or re-post the criteria for a spamdomains entry. Probably my biggest issue is when their are multiple entries for a domain. In the spamdomains.txt file (or whatever you choose to name it), you need lines that have either 1 or 2 entries on them. The first one determines a domain (or part of a domain) that you want the test to apply to. Any E-mail with a return address that contains the first entry must come from an IP with a reverse DNS entry that either contains that same domain (or part of a domain), or contains the 2nd entry. So if you have a line example.com, then any E-mail address that contains example.com in it must come from an IP that contains example.com in the reverse DNS entry. Or, if you have a line that says example.com example.net, then any E-mail address that contains example.com in it must come from an IP that either contains example.com *or* example.net in the reverse DNS entry. This would only apply to E-mail with example.com in the return address (not E-mail with example.net in the return address). You can only have 2 entries per line. Also, it is important to remember that the test can fail on any line, so if you have two lines that begin with the same domain, an E-mail failing either one will fail the test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Anyone have a current spamdomains file?
Does anyone have a current spamdomains file they would care to share? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Test for SPAM from AOL, Yahoo
Isaias: You did not say what weights you hold and delete on. But here are a few things. You need to really clean up your global.cfg file 1.) osirusoft.com is dead I believe - you may want to replace these with SORBs 2.) Monkeys.com is also dead 3.) Wirehub is also dead. 4.) IPNOTINMX should be a negative weight (Scott can confirm this). I like using NJABL, spamhaus and mail-police bulk for blacklist. If you have the pro version you can do reverse DNS filter tests to give negative weights to Hotmail, aol and Yahoo servers. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of TC Online Support Sent: Wednesday, January 28, 2004 2:55 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Test for SPAM from AOL, Yahoo This is our global.cfg file. Isaias Hernandez -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, January 28, 2004 3:41 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Test for SPAM from AOL, Yahoo Would you mind posting your global.cfg? Redact whatever you want private. With that maybe some good suggestions can be made -Nick Hayer From: TC Online Support [EMAIL PROTECTED] To: Declude.JunkMail [EMAIL PROTECTED] Subject: [Declude.JunkMail] Best Test for SPAM from AOL, Yahoo Date sent:Wed, 28 Jan 2004 15:20:42 -0600 Send reply to:[EMAIL PROTECTED] What are the best test weights to use for scanning e-mails from AOL and Yahoo. We are catching many valid e-mails and many SPAM e-mails are going through. We have been getting many complaints from customers about blocking valid e-mails that we have been temporarily whitelisted the domains. Also are there any other tests that can be done to stop the amount of SPAM sent to our uses. 80%-90% of our network traffic is incoming SPAM and much is going through. Thanks, Isaias Hernandez TC Online Internet Tech Support [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] evaluating declude
Jim: You need to modify your settings so you can see the individual tests that are tripping. Here are some of my general guidelines. 1. ) Develop a list of the DNS based tests you want to use - looking through the archives may help. The tests I find catch the most spam with the fewest false positives are: Spamhaus, DSBL, SORBS(multiple tests), NJABL, CBL, and Spamcop. (others will have other opinions.) Watch these tests for awhile and adjust your weighing accordingly - Spamcop sometimes will list AOL servers which may or may not cause a problem. 2. ) There are other tests like noabuse, no postmaster, revdns, helobogus that are tripped on legitimate email that come from a poorly configured server( I am reluctant to use the term false positive in this case). We tend to weigh those a little less. 3. ) I would go for the Pro version because of the ability to develop custom filters. We have set up custom filters for negative weighing on mail servers like aol.com, hotmail.com, yahoo, etc. to offset known flaws in their setup (no abuse, etc.) which has significantly reduced false positives. Custom filters can also scan email for subject text, body text, etc. - be careful though scanning the body of emails can be very cpu intensive if you are handling a lot of mail. We had to turn off all body scanning due to excessive cpu usage. 4. ) A few pieces of Spam are always going to get through because spammers are always changing their methodology. We are in a reactive mode. 5. ) There are addon products like sniffer and spamchk that will help catch more email. Finally, you just have to do a lot of your own tweaking to make it work in an optimal manner for you situation. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jim Priest Sent: Tuesday, January 27, 2004 11:35 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] evaluating declude Yesterday with Scott's help I got JunkMail installed and running on my Imail installation. Currently I have all my actions set to WARN and am using some client side filter/rules to deal with spam. I've got a few filters setup on my local mail client to look for: X-RBL-Warning WEIGHT20 Currently I'm catching a lot of spam but I'm also seeing some things (like the occasional email from this list) get caught as well. I'm curious how other folks have Declude setup and how you deal with false positives, etc. If a spam message doesn't get flagged by Declude - what do you do? I have seen a few message get through that didn't fail any of the RBL tests. How do I catch those? It looks like just using WEIGHT10 would grab a lot which will be a tremendous help but I'm curious how others deal with the rest. Heard lots of great things about Declude on the imail mailing list so figured I'd give it a try as I haven't had much luck with Imail's own antispam tools. Thanks, Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude feature request...
I do not think Declude can do this now but I would like to be able to hold Spam to different folders especially when I am testing a new test or filter. Presently it appears the HOLD action will route email to a single folder \IMail\spool\spam. It would be a nice feature to be able to specify other folders -maybe subfolders to put the Spam into. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Do legitimate mailers use iso 8859 character sets?
I have been blocking email that is using the iso-8859 character sets and it has been effective in reducing Spam. Today I came across MSNBC sending out a notification using iso-8859. Is anyone aware of others doing this? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filtering question.
I am adding filter files in slowly to my Declude setup. I now have added filter tests that are scanning the body of emails. I have noticed a significant increase in CPU spikes. I want to skip these body tests if the weight is high. From the filter files that others have been kind enough to share with me I notice the following at the start of the filter file: SKIPIFWEIGHT 25 MAXWEIGHT25 My question is what version of Declude do I have to be running for these commands to work. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filtering question.
Scott: Thank you. Another question - which filtering tests use the most amount of CPU? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, December 22, 2003 1:02 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Filtering question. I am adding filter files in slowly to my Declude setup. I now have added filter tests that are scanning the body of emails. I have noticed a significant increase in CPU spikes. That will happen if you have a lot of BODY filters. For example, if you have 1,000 BODY filters, Declude JunkMail will have to search through the body of the E-mail 1,000 times. That works out to millions of comparisons, which is time consuming (there are more efficient algorithms, which we will likely be looking into soon, now that there are a significant number of people using many BODY filters). I want to skip these body tests if the weight is high. From the filter files that others have been kind enough to share with me I notice the following at the start of the filter file: SKIPIFWEIGHT 25 MAXWEIGHT25 My question is what version of Declude do I have to be running for these commands to work. These require v1.77 or later. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Does anyone not have Reverse DNS?
Matthew: You do not need an abuse or postmaster account for mail to function properly. You do not need to accept Null sender to have email function properly. But the mail system on the Internet only works because of cooperative interoperability. The RFCs are the standards out there and it things will work better by adherence to a set of standards. The increase in Spam has caused all of us to change how we operate (otherwise we would not be on this list). When we set up our first mail server, I did not filter for spam, did not require SMTP Authentication, did not care about the configuration of sending servers, and had Imail set to relay for local users for a year and a half. I cannot run my business nor my mail servers like I did back then. People that do not want to run their servers in accordance with industry standards are going to find that it will be more challenging for them over time. I do agree with you about it making us all look better. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matthew Bramble Sent: Wednesday, December 17, 2003 12:16 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Does anyone not have Reverse DNS? Why not just require everyone in the world to show the secret sign before having their E-mail accepted? Sarcasm obviously, but reverse DNS entries are not necessary for E-mail to function properly, and in many cases won't even match the domain given in HELO...so why require it? This also will do near nothing to stop the flood of spam over the long-haul, so it appears to be a net negative due to the problems that this creates. Sorry, but I just see this as another blunt weapon, and again, something that becomes our problem to deal with when problems occur. Just like I expect to see many legit servers sending E-mail without DNS entries, I also expect companies which take such actions to be almost impossible to reach for corrections because they are obviously causing widespread problems and don't have the staff to handle all of the inquiries that would result, and of course, their lack of logic appears to have spread to other highly imperfect anti-spam measures which have blacklisted at least three list members reported in the last few days. The only positive about all of this is that it continues to prove the incompetence of such companies to deal with spam, and that just makes me look all the better. Naturally, this is all just my opinion, so please don't be offended that I disagree so strongly. Matt Andy Schmidt wrote: 1. ISPs are not accurately, clearly and fairly specifying RDNS entries. They need to do a better job of this, but have little motivation to do this. Well - I see your point and admit that there will be a painful time of adjustment. But frankly, providers like yours will adopt their policies, when many of their business customers suddenly have valid complaints that they are unable to send emails anymore. There is no need for them to DELEGATE DNS, but at least they have to offer to adopt their Reverse DNS to your needs (e.g. generic host entries for your domain). In the meantime, why not relay your outbound mail through your ISP? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Wednesday, December 17, 2003 01:33 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Does anyone not have Reverse DNS? Jason, Many ISPs refuse (for one reason or another) to delegate RDNS. For example, we have a T-1 from MPower in Las Vegas. It is business class. It has is a static block of 8 IPs. Normally considered by most as acceptable to host a mail server. But Mpower refuses to delegate RDNS. And a few times people on this list have set forth criteria that would classify us as unacceptable. Bundling us into the dynamic IP bunch because of our RNDS from MPower: las-DSL224-cust089.mpowercom.net The most common reason for this reasoning is that most admins consider DSL to be equal to consumer. But there is such a thing as SDSL (symmetric DSL) at speeds 2Mbit! A better hosting environment than my T-1. In conclusion, I see two distinct problems here: 1. ISPs are not accurately, clearly and fairly specifying RDNS entries. They need to do a better job of this, but have little motivation to do this. 2. Mail admins need to do a better job of creating criteria for mail classification. Don't lump all DSL into spam source. Don't put a lot of stock into what an RDNS says, just that it exists. I really appreciate Pete McNeil's unique approach in building a tool that looks for the same things that I would look for by hand, in the content, not the context. I think we need more out
RE: [Declude.JunkMail] AOL and Reverse DNS
I will disagree. I do not believe there is any comparison between MS EULA and AOL mail policies. I do not see AOL's actions as the ...internet-nazi-police tactics... as you claim. I do not see where AOL is gaining any competitive advantage, they are simply trying to protect their network and client base the same as many of us. I have picked up many AOL customers for Internet access because they could no longer stand the spam in their AOL mail accounts. I actually applaud AOL doing this - it will force many people to get a reverse DNS entry and maybe they will fix their DNS record along the way. If I block people because of Reverse DNS, the blocked entity will simply criticize our policies. If AOL blocks them they will fix their rdns. If more mail servers had the MX records and reverse DNS entries, I could tighten up my filtering because I would have less worries about blocking legitimate mail from badly configured mail servers. I guess I do not see the problem - it is not much different than when most ISPs started blocking Port 25 for access. Or implemented SMTP Authentication. Just me 2 cents on the subject. Chuck Schick -- Original Message -- From: Todd Holt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 16 Dec 2003 16:32:57 -0800 I know this will stir a few people the wrong way, but. If so many people are upset that MS is being monopolistic by using their EULA to prevent software from operating, then why don't those same people get upset at AOL for the internet-nazi-police tactics used to prevent mail from being delivered? MS just says that you can't use certain apps on their OS. AOL says that you can't deliver mail through mail servers (that control more email than any other on the planet) because they deemed it bad through inaccurate, generalized and dare I say monopolistic policies. The lack of complaints about AOL just shows that the MS bashers are not upset about the MS policies (or monopoly), they just want to complain about the big company on the block. I think if the majority owner of AOL was the richest person on the planet, they would bash AOL. How short sided!!! Further, all of the justice dept. proceedings are based on complaints by the competition, not the users. On the other hand, AOL has thousands of consumer complaints, but very few (if any) complaints by competitors. It's obvious that the justice dept. just wants to appease whiny losers like Jim Barksdale and Scott McNealy. And the MS bashers just fall in line. Lemmings. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filtering Question...
We have just upgraded to the Declude Junkmail Pro version mostly to take advantage of filtering. I have looked at Kami's filtering setup and I would like to get some input on other filters especially negative filters. 1) Are others using revdns filters for mail from aol, yahoo, excite, etc. with success since many of these domains trip no abuse, no postmaster tests? If so, does anyone have a list they would care to share for this purpose? 2) I notice some are using a MAILFROM counterweight instead of Revdns counterweight. What are the pros and cons of that approach? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering Question...
Matt: Thanks for your insight. I have been trying for two years to get in Front of the Spam curve but have found it to be an ever changing landscape which is hard to stay on top of. We have seen our Spam load increase at least 10 fold in the past two years. The challenge is that we have seen our legitimate email customers increase significantly also in that period of time and I feel the number one objective is to deliver the legitimate mail to them. Every time we add a spam test it also increases the false positives. It has gotten to the point where we need to counterweight some of the known issues. I prefer a counterweight (negative filter value) to out and out whitelisting. I believe whitelisting by email address or domain should be a last resort. I agree with much of what you have stated (the parts I do not fully agree with are simply because I have not fully studied it yet). Programmatic filtering we have been using Spamchk for two months now and have been very happy with the results - it has probably moved us to the high 90% in eliminating spam. One thing I see as that certain test cause more false positives than others. Spamdomains is an example of a test that I am strongly thinking of dropping - it probably causes more false positives than any other tests. Too many times people sending legitimate emails use a reply to address that is not the same domain as they are sending from. So I would like to use more programmatic filtering and counterbalances to get 99% rejection (we are there) and less than .3 % FP - (we are not there). Chuck Schick -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 15 Dec 2003 21:52:57 -0500 Chuck, There are several different general uses for custom filtering. The Matt's School of Thought would teach as follows: 1) Programmatic filtering. This is more like pattern matching with custom filters. Patterns can be as simple as the country of origin, or more complex like gibberish inserted into spam in order to throw off some products. These filters can be highly effective at targeting crud spammers, even when they find a perfectly clean IP address. These guys often try multiple types of obfuscation in each message, and it's the techniques that give them away instead of the content. You can download a bunch of filters from my site, www.mailpure.com/software/decludefilters/ , and search the archives for versions of OBFUSCATION, DYNAMIC, PEXICOM, FORGEDHELO-IP, FORGEDHELP-FDQN, FORGEDASLOCAL, SPAMDOMAINS, and last week's New fraud exploit. There are other examples as well that appear now and then. 2) Banned words list. These should be scored fairly low, but some words are highly indicative of spam, for instance the various drugs that are advertised, or terms related to sex, printer cartridges, anti-virus products, fraud and scams, etc. You can categorize these in one single file, and score each entry independently. You can also add words to the list as you discover false negatives that get through your system. This need not be a very large list, in fact I make due quite well with maybe 50 such entries, though I could pay a bit more attention to it. Spammers will obfuscate problematic words, which means that the entries themselves may cause more FP's than P's. 3) Pseudo-whitelist. This is a very useful file to have in order to mitigate the effects of false positives from tests. Every system out there makes a subconscious attempt to deem what a normal score is, and it's not necessary to counterbalance every last point that might be scored from every last test...otherwise we would be blocking on every RBL and whitelisting with every filter. I really don't get concerned about false positives on E-mails until they start to score consistently at 70% of my fail weight, and then I take action on them by listing them in this filter. My pseudo-whitelist is much larger than my own blocklist because I add a listing to it every time I encounter a false positive as a result of an RBL or external test. I do differentiate between responsible bulk mailers, direct senders, and those that come from neither. 4) Pseudo-blacklist. This is mostly what Kami has done by building a list of identifiers for what he considers to be spam. In many cases he lists multiple types of information, probably in the off chance that one piece changes, but the others remain trackable. The downside of tracking multiple pieces is that FP's can occur with multiple elements. I personally keep two filters for this use, one is IP based (uses IPFILE functionality) and the other is based on a range of things, it all depends on what I deem as a reliable identifier, but I group them by identifier. If I consider a source to be spam and its not he crud type of spam that comes from open relays or zombied machines (so it can be tracked
RE: [Declude.JunkMail] Spamchk fine tuning?
Matt: At what weights do you hold and delete? I will share my config file with you with the caveat that I am still fine tuning. I have been running Spamchk in production mode for about a month and have had excellant results. I turned it off for a day when I was trying to reduce some of the false positives and I received comments from customers that they noticed something had changed so I turned it back on. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Robertson Sent: Tuesday, December 02, 2003 10:03 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spamchk fine tuning? I just set up spamchk and was wondering if anyone can share some fine-tuning info with me? Updated keyword lists and such? I tried subscribing to their list but all I get back is an Invalid Syntax email from their mail server. Cheers, Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Capital One
John: I agree with you to some extent. But many large companies outsource a lot of their emailings. We have seen that MailPolice-Bulk seems tplists anyone who does bulk mailing which we have noticed has included several legitimate mailers. As a result we have reduced the weight for that test significantly. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Friday, November 21, 2003 12:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One Well, in this day and age of SPAM and security issues and fraud, I think Capital One needs to rethink their e-mail strategy. Red flags for me: 1. Links are to sites other than capitalone.com. (Why the redirects?) 2. It failed SPAMHEADERS, NOABUSE and MAILPOLICE-BULK 3. Did not originate from any Capital One server. 4. Tells you to add the from address to a white list. A financial institution should be doing everything it can to be clean. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Friday, November 21, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One John.. Am I not seeing things correctly.. These go straight to CapitalOne.com I even did a Google search and that is the domain for Capital One. Every link in that email goes to Capital One... Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] How do you handle held messages??
We are an ISP and we host a lot of domains so our mail volume is healthy. We hold at 10 and delete at 20. We also have our in-house blacklist that automatically deletes any mail from certain domains. Of the incoming spam messages we are deleting about 80% but that still leaves several thousand messages per day that are held. Presently we go through the held messages using spamreview - returning the false positives to the spool. As the spam has been going up - so have the messages in the held folder so this is starting to become labor intensive. I just wanted to query the list to see if I am missing something that would streamline the process. And yes we are tweaking to reduce the false positives. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Earthlink, AOL, HOTMAIL
The question is what do the Imail logs say? Is the mail being bounced because you can't make a connection? We have not seen any problem with bounces. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Terry Parks Sent: Thursday, October 30, 2003 10:09 AM To: Declude. JunkMail Subject: [Declude.JunkMail] Earthlink, AOL, HOTMAIL Is anybody else having trouble with mail being returned from these domains. The returned email shows no consistent errors and well over half the time only reports that mail was undeliverable. It's not consistent, and does not affect all addresses, but it is wide spread. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IMail server Memory Dump.
Kevin: Could you describe in what exactly you are seeing? Does the server lock up or does it reboot on its own? Has the hardware been in service for a long time or is this new hardware? Have you done any upgrades lately? Do your event logs show anything? Are you running Imail with a database backend? Did this problem just start? What sort of load are you running on the server - memory and CPU usage? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Link Brokers Support Sent: Tuesday, October 28, 2003 10:46 AM To: Declude Virus; Declude Junk Mail Subject: [Declude.JunkMail] IMail server Memory Dump. Anyone knows of any known problems with Imail and declude causing it to just shutting down and restart. ( The server that is. ) I'm getting a problem every 6 -7 hours. I'm using the latest version of I mail on Windows server 2000 with all the latest MS patches. Declude version IM not sure. How do I find out. Kevin Shimwell Link Brokers Group, LLC ( Support ) 401 Ist Ave. North North Myrtle Beach, SC 29582 Phone: 843-663-1004 Fax: 843-663-1007 Email: [EMAIL PROTECTED] 24/7 Support http://www.linkbrokers.com/support_ticket.cfm Support M-F 1-888-546-5631 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
Thanks Scott: The reason blocking IPs is not the answer is because I would have to spend 24 hours a day doing it. Also Imail's control access list is just a list of IPs. It would be nice if the list was part of a database where you could put dates and reasons for blacklisting IPs - Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, October 10, 2003 10:24 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions. We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Blocking the IPs is the only solution. :) Some people have reported that BlackIce Server can be set up to stop dictionary attacks (check the IMail and Declude JunkMail forum archives for BlackIce, and you should be able to find more information). IMail doesn't address this issue, nor can addons to IMail effectively do so, since Ipswtich doesn't document the file format used for their control access file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Can a blacklist file have too many entries...
I have a blacklist of spammers and in the last week I have seen emails come through that should of failed that test - and these are the entries at the end of the file (the latest entries). The Declude log files show that the blacklist is working but entries at the end of the file are not triggering a failure. Could it be the file is now too long and Declude is not processing it to the end?? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Can a blacklist file have too many entries... entries...
Scott: I am not sure that it is always the last line, but I will start watching it more closely and I will make sure there is a return after the last entry. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, October 07, 2003 11:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Can a blacklist file have too many entries... entries... I have a blacklist of spammers and in the last week I have seen emails come through that should of failed that test - and these are the entries at the end of the file (the latest entries). The Declude log files show that the blacklist is working but entries at the end of the file are not triggering a failure. Could it be the file is now too long and Declude is not processing it to the end?? The blacklist files can contain an unlimited number of entries. Is it always the last line? If so, you need to remember that lines in text files must end (most programs can't properly process them otherwise). In technical terms, you need a carriage return and linefeed (ENTER key on the keyboard) at the end of every line; in non-technical terms, you need to make sure that if you move the cursor as far down in the file as possible, you reach a blank line. This also holds true with the IMail mailing list files, for example -- if you manually add an entry without hitting the ENTER key at the end of the line, you'll get a mixed-up entry combining two users. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Is Spamcop Down?
Notice I cannot get to their site this morning. I hope that it is not another DDOS attack. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam lists
John: You actually are using some I was not so thanks for posting that. About the only one that I am using that you are not is NJABL (see entry below). It does not catch very many per day - about the same amount as ORDB. NJABL ip4rdnsbl.njabl.org 127.0.0.2 5 0 I have been toying with testing Reynolds. But have not gotten any feedback. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Thursday, September 25, 2003 12:05 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam lists With the loss in the last month of several spam lists, I am reviewing what I have been using. This is the current list. Any recommendations on additions? DSBL ip4rlist.dsbl.org * 6 0 ORDB ip4rrelays.ordb.org * 2 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 150 EASYNET-DNSBL ip4rblackholes.easynet.nl 127.0.0.2 7 0 EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl 127.0.0.2 7 0 BLITZEDALLip4ropm.blitzed.org * 7 0 SORBS-HTTPip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISCip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTPip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-ZOMBIE ip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUL ip4rdnsbl.sorbs.net 127.0.0.10 5 0 SORBS-NOMAIL ip4rdnsbl.sorbs.net 127.0.0.12 5 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 100 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 3 0 NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 7 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 100 DNSFRAUD rhsbl in.dnsbl.org 127.0.0.3 100 DNSILLEGALrhsbl in.dnsbl.org 127.0.0.5 100 DNSPROMO rhsbl in.dnsbl.org 127.0.0.4 100 John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] What's wrong with SpamCop?
The major problem we have seen is that Spamcop is listing many aol ip addresses. This has been going on for about 3 weeks now. Most aol mail is now getting held because they fail 3 tests. We are considering lowering the weight on Spam Cop. I would assume with all of the aol Volume that their IPs would not be listed very long but that has not been the case recently. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matthew Bramble Sent: Wednesday, September 24, 2003 9:12 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] What's wrong with SpamCop? Is it me, or did SpamCop suddenly become awful when it comes to false positives with almost anything that is sent in bulk? I've recently seen them tag PayPal, ActivePDF newsletters, Match.com and even the local chamber of commerce (which only sends to members w/opt-out). If they ever start crossing FP's with MailPolice, two very important RBL's will suddenly become greatly diminished in value on my server. So the question is, does SpamCop care about this problem? Are they going to make fundamental changes in how they determine what to block based on their clearly impure input? Anyone have a scoop? Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] What's wrong with SpamCop?
Andrew: How do you have your counterweight test set up in your global file? I would be very interest in something like that. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Colbeck, Andrew Sent: Wednesday, September 24, 2003 12:12 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] What's wrong with SpamCop? Well, it's important to remember that SpamCop is user-driven. The man behind it, Julian Haight, and his Spam Cop deputies focus on parsing the messages well, holding off the DoS attacks, juggling the expiry and the weight of the IP subnet based on reports, and getting the right abuse addresses and that's about it. Who gets listed really isn't their deal. In that way, it's a lot like CloudMark, only it doesn't have a counterweight system. The only safety valve is the expiry time, or users like us complaining in their newsgroup about unwarranted listings. As Chuck says, it simply can't be used by itself reliably. As for AOL mail, I think they've come a long way. I used to counterweight mail from .mx.aol.com to counteract the IPNOTINMX and NOABUSE and NOPOSTMASTER weights it would always fail, and I recently found that they've gotten much better at containing spam; they still host reply mailboxes, but are sending out very little to us, so I've increased my counterweight for mail coming from their mail servers. Andrew 8) -Original Message- From: Matthew Bramble [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 24, 2003 8:12 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] What's wrong with SpamCop? Is it me, or did SpamCop suddenly become awful when it comes to false positives with almost anything that is sent in bulk? I've recently seen them tag PayPal, ActivePDF newsletters, Match.com and even the local chamber of commerce (which only sends to members w/opt-out). If they ever start crossing FP's with MailPolice, two very important RBL's will suddenly become greatly diminished in value on my server. So the question is, does SpamCop care about this problem? Are they going to make fundamental changes in how they determine what to block based on their clearly impure input? Anyone have a scoop? Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Configuration Question -
I am trying to use Sorbs as a new black list. I put this line in my Global config file. SORBS-BADCONF ip4rdnsbl.sorbs.net 127.0.0.11 4 0 And I put in the following lines in both the Junkmail and the Global file SORBS-BADCONF WARN After running this for 24 hours I did not find the test had been triggered once. Here are my questions: 1) Is my configuration incorrect? 2) Is it a waste of my time to use SORBS as a Blacklist? Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Black List Questions.
Since Osirusoft has gone away I am looking at replacing it with other Blacklists. Here are some I am considering - BLARS Reynolds SORBS Anyone else using these and what is your opinion on these? Also since each of these have multiple lists, which do you use? Thanks for the help. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude
Markus: I would be interested in your mini-howto list. Send it to [EMAIL PROTECTED] Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Thursday, September 04, 2003 2:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude We are working to publish some install informations on www.spamchk.com In the meantime I will send you a mini-howto offlist. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webmaster Oilfield Directory Sent: Thursday, September 04, 2003 9:38 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude Can you send me a sample config file so i can get an idea of how to set it up. i'm running the default setup and not sure how good it is :) thanks sheldon - Original Message - From: Todd - Smart Mail [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 6:05 PM Subject: Re: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude Greg, we have been using SpamCheck for about 1 1/2 months now and have had No problems with it. Pros 1. Easy to Install 2. Support has been good 3. Highly flexible 4. Catches a lot of spam that passes DNS and RFC tests 5. Allows you to give emails + or - weights 6. Cost $0 Cons 1. Config files can require a good deal of time and customization for your needs 2. I understand CPU utilization can be high - but they are working on that. 3. Its Beta(?) software so you take it As Is(Correct me if wrong on this anyone) 4. Did I mention it takes some time to get the config files setup :) I have not looked at any of the other external testing programs so I cannot say how it compares. For us SpamCheck has been Great. Todd Hunter Progressive Systems - Original Message - From: Greg Foulks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 12:26 PM Subject: RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude Scott, What is your opinion of Spamchk? How well does it work with Declude and have you seen any issues with using? Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 1:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More and more email getting past Declude It just seems like that recently the spam we've been getting is clean. Which makes it hard for declude to block it when it passes all of the rules. That's because companies that feel that they are legitimate E-mailers (ones that technically *do* have your permission to send the mail!) are the ones that are very likely to have everything in order. Their mail isn't likely to have header problems, DNS problems, anti-filter devices, etc. For this type of spam, the best answer is often a content filtering program (such as Message Sniffer or Alligate) that can work in conjunction with Declude, which is better able to catch this type of spam. But, note that there's a fine line here in determining what is spam and what is not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- -- -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send