RE: [Declude.JunkMail] Stock Spam
Title: Message Would this get the same result as below ? STOPATFIRSTHIT BODY75CONTAINSgeocities.comBODY75CONTAINSgeocities.yahoo.com BODY100CONTAINSgeocities. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Scott FisherSent: Thursday, February 02, 2006 11:46 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Stock Spam Here's my geocities filter. It's a little more specific so I can weight foreign geocities more than US geocities. STOPATFIRSTHIT BODY100CONTAINSar.geocities.comBODY100CONTAINSgeocities.com.arBODY100CONTAINSar.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.com.ar BODY100CONTAINSasia.geocities.comBODY100CONTAINSasia.geocities.yahoo.com BODY100CONTAINSau.geocities.comBODY100CONTAINSgeocities.com.auBODY100CONTAINSau.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.com.au BODY100CONTAINSbr.geocities.comBODY100CONTAINSgeocities.com.brBODY100CONTAINSbr.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.com.br BODY100CONTAINSca.geocities.comBODY100CONTAINSgeocities.caBODY100CONTAINSca.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.ca BODY100CONTAINScf.geocities.comBODY100CONTAINScf.geocities.yahoo.com BODY100CONTAINScn.geocities.comBODY100CONTAINSgeocities.cnBODY100CONTAINScn.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.cn BODY100CONTAINSde.geocities.comBODY100CONTAINSgeocities.deBODY100CONTAINSde.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.de BODY100CONTAINSes.geocities.comBODY100CONTAINSgeocities.esBODY100CONTAINSes.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.es BODY100CONTAINSespanol.geocities.comBODY100CONTAINSespanol.geocities.yahoo.com BODY100CONTAINShk.geocities.comBODY100CONTAINSgeocities.com.hkBODY100CONTAINSgeocities.hkBODY100CONTAINShk.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.com.hkBODY100CONTAINSgeocities.yahoo.hk BODY100CONTAINSin.geocities.comBODY100CONTAINSgeocities.co.inBODY100CONTAINSin.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.co.in BODY100CONTAINSit.geocities.comBODY100CONTAINSgeocities.itBODY100CONTAINSit.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.it BODY100CONTAINSkr.geocities.comBODY100CONTAINSgeocities.co.krBODY100CONTAINSkr.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.co.kr BODY100CONTAINSmx.geocities.comBODY100CONTAINSgeocities.com.mxBODY100CONTAINSmx.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.com.mx BODY100CONTAINSsg.geocities.comBODY100CONTAINSgeocities.com.sgBODY100CONTAINSsg.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.com.sg BODY100CONTAINSuk.geocities.comBODY100CONTAINSgeocities.co.ukBODY100CONTAINSuk.geocities.yahoo.comBODY100CONTAINSgeocities.yahoo.co.uk BODY75CONTAINSgeocities.comBODY75CONTAINSgeocities.yahoo.com - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Thursday, February 02, 2006 9:09 AM Subject: Re: [Declude.JunkMail] Stock Spam If you're referring to the geocities stuff that's been out the last couple of days, I just use a body filter. BODY3CONTAINSau.geocities.com Sniffer, which I weight at 7,picks it up OK, and the added weight of 3 is enough to get to my hold weight of 10. -Dave Doherty Skywaves, Inc. - Original Message - From: Michael Jaworski To: Declude.JunkMail@declude.com Sent: Thursday, February 02, 2006 9:32 AM Subject: [Declude.JunkMail] Stock Spam Anyone have a good filter strategy on the increasing amount of stock spam??? Thanks, Mike
[Declude.JunkMail] Way OT: Server Room Cooling
Can anyone recommend a portable air conditioner to cool a 8'x10' server closet ? I'll have to vent it up thru a drop ceiling and I'm trying to find something that doesn't require frequent draining. Thanks, Cris Porter JVC America --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: DNS / Web help
Question for the Declude collective, this is driving me crazy. I've got a website - http://sales.jvcdiscusa.com running on 65.244.173.133 I've got an A record in my DNS for the website but... I can't open the site using the name but I can using the IP address. If I ping the name, I get a DNS lookup for the IP. The only thingdifferent about this site is that it uses Windows authentication to force a login. Any ideas? Cris Porter JVC America
RE: [Declude.JunkMail] OT: DNS / Web help
Thanks everybody - I had been staring at it so long, I couldn't see the forest for the trees. (or the 1 for the 2) Amazing how the CORRECT ip address in DNS helps. Sorry for the bother. Thanks so much! Cris -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Patrick ChildersSent: Monday, June 06, 2005 9:52 AMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] OT: DNS / Web help When I try to ping sales.jvcdiscusa.com it returns an IP of 65.144.173.133. (Instead of 65.244.173.133) You might want to check your DNS. HTH, Patrick From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cris PorterSent: Monday, June 06, 2005 10:35 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] OT: DNS / Web help Question for the Declude collective, this is driving me crazy. I've got a website - http://sales.jvcdiscusa.com running on 65.244.173.133 I've got an A record in my DNS for the website but... I can't open the site using the name but I can using the IP address. If I ping the name, I get a DNS lookup for the IP. The only thingdifferent about this site is that it uses Windows authentication to force a login. Any ideas? Cris Porter JVC America
[Declude.JunkMail] Blank subjects
Shouldn't this header fail this test ? header snippet To: [EMAIL PROTECTED] Subject: Date: Fri, 29 Oct 2004 06:11:58 + MIME-Version: 1.0 /header snippet filter snippet SUBJECT 3 ISBLANK /filter snippet Cris --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blank subjects
New example - same problem. line in global.cfg SUBJFILTERfilter d:\imail\declude\filters\subject.txt x 5 0 first line in subject.txt SUBJECT 3 ISBLANK log snippet 10/29/2004 11:26:24 Q6ef70429031ee533 GIBBERISH:4 CMDSPACE:9 SPAMCHK:2 . Total weight = 15. 10/29/2004 11:26:24 Q6ef70429031ee533 Subject: 10/29/2004 11:26:24 Q6ef70429031ee533 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 221.114.77.52 ID: 10/29/2004 11:26:24 Q6ef70429031ee533 Tests failed [weight=15]: HOUR=IGNORE GIBBERISH=IGNORE CMDSPACE=IGNORE IPNOTINMX=IGNORE SPAMCHK=IGNORE WEIGHT0915=HOLD 10/29/2004 11:26:24 Q6ef70429031ee533 Last action = HOLD. /log snippet header Received: from emb1.bcc.univie.ac.at [221.114.77.52] by mail.jvcdiscusa.com (SMTPD32-7.13) id AEF7429031E; Fri, 29 Oct 2004 11:25:27 -0500 Message-ID: [EMAIL PROTECTED] From: Darrin Tapia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Date: Sat, 30 Oct 2004 08:22:08 + MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit X-Declude-Sender: [EMAIL PROTECTED] [221.114.77.52] X-Note: This E-mail was scanned by Declude JunkMail for JVC. X-Note: Failed tests - HOUR, GIBBERISH, CMDSPACE, IPNOTINMX, SPAMCHK, WEIGHT0915 X-Country-Chain: JAPAN-destination X-Note: Total spam weight of this E-mail is 15. X-Note: This E-mail was sent from (timeout) ([221.114.77.52]). /header -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, October 29, 2004 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blank subjects Shouldn't this header fail this test ? It looks like it should. What are the Declude JunkMail log file entries for that E-mail? I'm wondering if Declude JunkMail saw a different subject for some reason. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I recommend in the future to just tell us what line to add. A 5mb download seems overkill for this. Cris Porter JVC America -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, July 09, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail M Why a 5 MB download for an IP4R test? Yea, I don't get this. Does this harvest virus IPs from our system and report them back to Declude? No. A beta version of Declude Virus released about 6 months ago added a new feature to automatically detect forging viruses. It does this by sending a DNS packet (very similar to a DNS-based spam database lookup packet) that includes the IP, and name of the virus. Our server then determines if the virus is forging or not. What we have done is added code to automatically track this data. It is completely unrelated to the 5MB download, which simply adds a 50-byte line to your config file. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Surbl.org
Definitely interested in those scripts! Cris Porter JVC America -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger Eriksson Sent: Tuesday, April 13, 2004 9:11 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Surbl.org However I hope to see SURBL soon as an additional Declude test. I just got caught up on this thread and checked out the website for SURBL and I agree! This would help with the stuff that passes all of the other tests. Sheldon Hi, SURBL is surprisingly effective, considering the fact that it only contains about 450-500 entries. I have written a simple command script that downloads the rbldns zone file and converts it to a body filter. I have scheduled it to run once a day. Here are yesterday's stats with 9666 hits for the SURBL test (note that the individual tests show total number of hits, while the spam summary only counts one hit per message irrespective of the number of recipients): # Declude test results -- dec0412.log AHBL-PROXY 1857 AHBL-RHSBL 835 AHBL-SOURCE 302 BADHEADERS 1610 BASE64-PLUS 412 BASE64 786 CBL 10616 COMMENTS 54 DSBL 8875 DSN 1611 FORGEDLOCAL 781 GREYLIST 5 HELOBOGUS 2616 MAILFROM 487 MAILPOLICE 554 MESSAGE OK 2294 NETBL 463 OPM 554 ORDB 24 REVDNS 3028 RSL 673 SBL 571 SNIFFER-ADULT 897 SNIFFER-CASINO 35 SNIFFER-CREDIT 1057 SNIFFER-EMAIL 8 SNIFFER-EXP 578 SNIFFER-GEN 824 SNIFFER-GREY 2 SNIFFER-INSUR 571 SNIFFER-MAL 2 SNIFFER-MEDIA 2172 SNIFFER-OBFUSC 201 SNIFFER-PHARM 5279 SNIFFER-PRINT 0 SNIFFER-RICH 840 SNIFFER-SCAM 119 SNIFFER-TOOLS 0 SNIFFER-TRAVEL 43 SNIFFER 12628 SORBS-DUHL 7512 SPAMCOP 10546 SPAMDOMAINS 3380 SPAMHEADERS 293 SPAMTRAP 121 SPFFAIL 209 SURBL 9666 URLDBL 76 WEIGHT15-19 846 WEIGHT20 11987 WHITELISTED 110 Unique messages for local delivery: 5812 Held spam: 4256 (73%) Marked spam: 455 (7%) Non-spam: 1101 (18%) Furthermore, SURBL has a rather low overlap with most other tests (only unique hits are counted here): #Test check - dec0412.log Test: SURBL Number of unique hits: 2849 Shared with SBL (421 hits): 69 (2%) Shared with DSBL (3018 hits): 1951 (68%) Shared with SPAMCOP (3673 hits): 2208 (77%) Shared with AHBL-SOURCE (261 hits): 49 (1%) Shared with CBL (3563 hits): 2232 (78%) Shared with AHBL-PROXY (683 hits): 420 (14%) Shared with OPM (200 hits): 132 (4%) Shared with RSL (240 hits): 163 (5%) Shared with ORDB (22 hits): 8 (0%) Shared with SORBS-DUHL (2510 hits): 1494 (52%) Shared with DSN (479 hits): 299 (10%) Shared with AHBL-RHSBL (346 hits): 184 (6%) Shared with MAILPOLICE (492 hits): 171 (6%) Shared with MAILFROM (161 hits): 67 (2%) Shared with BADHEADERS (682 hits): 290 (10%) Shared with HELOBOGUS (940 hits): 537 (18%) Shared with SPFFAIL (125 hits): 101 (3%) Shared with SPAMHEADERS (248 hits): 43 (1%) Shared with REVDNS (1528 hits): 645 (22%) Shared with COMMENTS (46 hits): 19 (0%) Shared with BASE64 (577 hits): 3 (0%) Shared with SNIFFER (4485 hits): 2830 (99%) Shared with SNIFFER-TRAVEL (7 hits): 7 (0%) Shared with SNIFFER-INSUR (66 hits): 44 (1%) Shared with SNIFFER-TOOLS (0 hits): 0 (0%) Shared with SNIFFER-MEDIA (360 hits): 323 (11%) Shared with SNIFFER-EMAIL (8 hits): 1 (0%) Shared with SNIFFER-PHARM (2188 hits): 1650 (57%) Shared with SNIFFER-SCAM (35 hits): 5 (0%) Shared with SNIFFER-ADULT (470 hits): 290 (10%) Shared with SNIFFER-MAL (2 hits): 0 (0%) Shared with SNIFFER-PRINT (0 hits): 0 (0%) Shared with SNIFFER-RICH (377 hits): 65 (2%) Shared with SNIFFER-CREDIT (249 hits): 172 (6%) Shared with SNIFFER-CASINO (14 hits): 5 (0%) Shared with SNIFFER-GREY (2 hits): 0 (0%) Shared with SNIFFER-OBFUSC (130 hits): 85 (2%) Shared with SNIFFER-EXP (234 hits): 108 (3%) Shared with SNIFFER-GEN (343 hits): 75 (2%) Shared with SPAMDOMAINS (970 hits): 630 (22%) Shared with SPAMTRAP (29 hits): 18 (0%) Shared with FORGEDLOCAL (330 hits): 75 (2%) Shared with NETBL (214 hits): 125 (4%) Shared with URLDBL (52 hits): 6 (0%) Shared with BASE64-PLUS (384 hits): 2 (0%) Shared with GREYLIST (5 hits): 0 (0%) Shared with WEIGHT15-19 (455 hits): 198 (6%) Shared with WEIGHT20 (4256 hits): 2519 (88%) If anyone is interested, I can make the SURBL script available for download (together with some other scripts, e.g., the log analysis and test check scripts that generated the results seen above). The best solution is of course to have the SURBL test implemented directly in Declude, especially since it is a realtime blocklist, but until then this filter will do just fine. /Roger --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from
RE: [Declude.JunkMail] Gibberish filter not working
Shouldn't the e-mail with the following header have failed the SPAMDOMAINS test ? I have HOTMAIL.COM followed by MSN.COM on a line in my spamdomains.txt file. Cris Porter JVC America Original header === Received: from pcp08119495pcs.nrockv01.md.comcast.net [68.38.193.241] by mail.jvcdiscusa.com (SMTPD32-7.13) id AA03A540138; Tue, 17 Feb 2004 06:33:07 -0600 Received: from 205.100.216.113 by 68.38.193.241; Tue, 17 Feb 2004 18:24:38 +0600 Message-ID: [EMAIL PROTECTED] From: Barry Keene [EMAIL PROTECTED] Reply-To: Barry Keene [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: EXCLUSIVE REPORTS - ATWEC [ATWT] is ready for increased production... Date: Tue, 17 Feb 2004 11:27:38 -0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--4703830421352371 X-IP: 88.176.193.224 X-Priority: 3 X-Declude-Sender: [EMAIL PROTECTED] [68.38.193.241] X-Note: This E-mail was scanned by Declude JunkMail for JVC. X-Note: Failed tests - IPNOTINMX, SPAMCHK, WEIGHT0109 X-Country-Chain: UNITED STATES-destination X-Note: Total spam weight of this E-mail is 8. X-Note: This E-mail was sent from (timeout) ([68.38.193.241]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 374803116 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Report System
Darrell, Send me a copy, please. I would like to port it to ASP. Thanks, Cris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darrell LaRock Sent: Thursday, July 31, 2003 3:06 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Report System Terry, I used delog for awhile, but I needed several other features that did not come with delog. So I developed an application that had all of the features that I needed. Below is a sample report that I generated(tab format). The reports can be in tab, csv, or html format and you have the ability to email them as well. There are many other things that dlanalyzer can report on. You can get reports on domains, users, tests, and different reporting periods. The combinations are endless. Right now I am finishing up database support and a few other miscellaneous features I wanted to add in.. If you would like to try it out let me know and I will make it available.. Darrell Start Time: 6/1/2003 12:00:00 AM End Time: 6/2/2003 12:00:00 AM Total Messages: 25935 Messages That Failed: 18252 Spam Percentage: 70.38% TEST# FAILEDPercentage BADHEADERS 373514.40% BASE64 12034.64% BLACKLIST 13255.11% COMMENTS668 2.58% DECREASEIPWGHT 40 0.15% DECREASEWEIGHT 557 2.15% DECREASEWEIGHTLOW 313 1.21% DSBL380714.68% DSN 12154.68% EASYNET-DNSBL 741828.60% FXBLACKLIST 25749.92% HELOBOGUS 477618.42% HEUR10 289911.18% IPBLACKLIST 5 0.02% MAILFROM385 1.48% NJABL 408 1.57% NOABUSE 334112.88% NONENGLISH 214 0.83% NOPOSTMASTER402015.50% OLDEMPLOYEE 29 0.11% ORDB261 1.01% OSDUL 113 0.44% OSLIST 2 0.01% OSRELAY 343 1.32% OSSOFT 326512.59% OSSRC 330812.75% POSTMASTER 12 0.05% REVDNS 423116.31% ROUTING 14875.73% SNIFFER 328512.67% SNIFFERAV 12 0.05% SNIFFERCASINO 159 0.61% SNIFFERDEBT 815 3.14% SNIFFEREXP 269 1.04% SNIFFERGETRICH 630 2.43% SNIFFERGREY 421 1.62% SNIFFERINK 196 0.76% SNIFFERINSURAN 58 0.22% SNIFFEROBFUS350 1.35% SNIFFERPHARM17276.66% SNIFFERPORN 16306.28% SNIFFERSCAM 1 0.00% SNIFFERSPAMWAR 127 0.49% SNIFFERTHEFT138 0.53% SNIFFERTRAVEL 438 1.69% SPAMCOP 417216.09% SPAMHEADERS 416016.04% WEIGHT1010482 40.42% WEIGHT5 769 2.97% WORDFILTER 782630.18% -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Terry Parks Sent: Thursday, July 31, 2003 2:26 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Report System While it's quiet I'd like to know which system is best at reporting status of the email system in terms of most messages sent from/delivered to address, etc. I need a good summary reporting system that will email me these results. I've tried delog but the email feature doesn't work. Terry --- [This E-mail scanned for viruses by Surfside Internet] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Me too! Cris Porter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of VanTech.Net Sent: Thursday, July 17, 2003 9:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Karl, Please do so, I would be interested in it! Aaron Caviglia -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS - Systems Eng. (Karl Drugge) Sent: Thursday, July 17, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW.. yuck. FIND will work, but I'd have to wash my hands afterwards. My computer is supposed to do my work FOR me, on a daily basis, and mail me my checks at home ! ( I wish ! )... Just write up a quick PERL/WSH/Shell script to parse the info, then schedule it with AT to run whenever you want. I wrote mine up a few weeks ago. If people want I'll post it. It's in PERL, so you'll need active PERL installed, and you might need to tweak it for your local settings. It's not as clean as Scott or another professional programmer might make it, but it's quick, dirty, and gets the job done. Here's a sample of what mine does ( on a pretty slow day for SPAM ): Total number of messages 665 Total Passed, including whitelisted, 523,percentage : 78.6 Total HELD 21, percentage : 3.2 Total BOUNCED 121,percentage : 18.2 Total of Whitelisted 218 Total of SPAMCOP 25 Total of NOABUSE 66 Total of NOPOSTMASTER58 Total of BADHEADERS 38 Total of BASE64 1 Total of HELOBOGUS 99 Total of MAILFROM1 Total of PERCENT 0 Total of REVDNS2 34 Total of ROUTING 13 Total of SPAMHEADERS 40 Total of FILTERWORDS 248 Total of BLACKLIST 34 Total of REVDNSPROBLEM 77 Total of IPBlacklist 31 Karl Drugge, Systems Network Engineer -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filtering E-Greetings
Get JunkMail, then add Sniffer and let them do the filtering for you. My time spent filtering has dropped off dramatically since installing it. Cris Porter JVC America -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of David Delbridge Sent: Tuesday, December 03, 2002 12:01 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Filtering E-Greetings Hi all, What's the best approach for filtering the e-greetings scumware? I run both Declude Virus and JunkMail, and from what I've read in the forum archives, JunkMail is the tool to use. The options discussed so far don't appear to be conclusive. Filtering by phrase in the body will catch legit mail. Filtering by e-greeting domains will require frequent updates, and there is no authoritative source for such a list. What to do? Any advice is greatly appreciated. Dave --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Newbie question about baseline
I've been using Junkmail for a little over a year. I've continued using I-mail rules also. I've made 2 changes that cut down my spambox tremendously. 1) We subscribed to Sniffer and gave it a weight high enough to hold anything tripping it. 2) I've been slowly moving my catchphrases from I-mail rules to Declude word/phrase filters. Also, get SpamReview. It's great for reviewing help spam. Cris Porter JVC America -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Keith Purtell Sent: Friday, October 04, 2002 2:27 PM To: Declude JunkMail (E-mail) Subject: [Declude.JunkMail] Newbie question about baseline I've been using JunkMail for several weeks now. Not sure I'm using it correctly. I've tinkered with the weighting system, added a hophigh of 1, established a three weight system (WEIGHT10, WEIGHT20, WEIGHT30) with different actions for each one (WARN, SUBJECT, DELETE), etc. Also read posts to this list with great interest. And continued to handle some spam with Imail's rules.ima file. However, when I check the server each morning, the spambox has at least 250 new messages, and one Monday I found 1,000. Bear in mind we only have approx 200 employees nationwide and serve a niche market. I've tried to be aggressive about automatically deleting certain incoming mail, especially using rules.ima. Hence the term baseline in my subject. Do more experienced postmasters find this much junk on their server and just delete it manually, or do they make better use of the software to automatically delete spam? Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Newbie question about baseline
Most of the rules I had were looking for phrases in the header. Those had virtually no chance of false positives. I moved those to my Declude word filter file with a weight that will hold them or, if they fail other tests, will delete them. I only use Hold and Delete actions so my spambox only catches a few messages a day. As soon as I finish moving my remaining rules, I'll be deleting my spam mailbox. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Keith Purtell Sent: Friday, October 04, 2002 3:34 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Newbie question about baseline That's interesting. When you move a rule over to Declude, do you make the decision based a certainty of minimal false positives or what? As for SpamReview, here's what I've been doing to simplify viewing of likely spam. I have an IMail rule that catches some of the unique Declude language in the header, that re-directs to the IMail spambox. Then I open the box with Web Messaging. That way I don't have to review spam in two different places. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Cris Porter Sent: Friday, October 04, 2002 2:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Newbie question about baseline I've been using Junkmail for a little over a year. I've continued using I-mail rules also. I've made 2 changes that cut down my spambox tremendously. 1) We subscribed to Sniffer and gave it a weight high enough to hold anything tripping it. 2) I've been slowly moving my catchphrases from I-mail rules to Declude word/phrase filters. Also, get SpamReview. It's great for reviewing help spam. Cris Porter JVC America -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Keith Purtell Sent: Friday, October 04, 2002 2:27 PM To: Declude JunkMail (E-mail) Subject: [Declude.JunkMail] Newbie question about baseline I've been using JunkMail for several weeks now. Not sure I'm using it correctly. I've tinkered with the weighting system, added a hophigh of 1, established a three weight system (WEIGHT10, WEIGHT20, WEIGHT30) with different actions for each one (WARN, SUBJECT, DELETE), etc. Also read posts to this list with great interest. And continued to handle some spam with Imail's rules.ima file. However, when I check the server each morning, the spambox has at least 250 new messages, and one Monday I found 1,000. Bear in mind we only have approx 200 employees nationwide and serve a niche market. I've tried to be aggressive about automatically deleting certain incoming mail, especially using rules.ima. Hence the term baseline in my subject. Do more experienced postmasters find this much junk on their server and just delete it manually, or do they make better use of the software to automatically delete spam? Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] MonkeyProxies
How is everyone weighting this test? Are there many false positives? Cris Porter JVC America --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Handling Held Spams
Do you delete automatically ? If so, how ? Cris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Madscientist Sent: Thursday, June 06, 2002 9:39 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Handling Held Spams We delete held spam after 30 days. If a false positive possibility arrizes, we will use a file - search in our holding bin to identify any messages that have the correct keywords - If we verify the false positive this way we can not only put it back in stream, but also adjust our filtering scheme to compensate. This way we spend almost no time on dealing with the issue (we have very few false positives)... But when a false positive does show up we have everything we need to handle it quickly. Hope this helps, _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Mark MItchell | Sent: Wednesday, June 05, 2002 10:51 PM | To: [EMAIL PROTECTED] | Subject: [Declude.JunkMail] Handling Held Spams | | | Hello, | | I was wondering how people handle all the held spam? From | my estimates, my mailserver is holding over 1 million spams | per month. I only have BADHEADERS and MAILFROM set for hold | and rest for warn. Are those the two that most people have | set to hold? Any way to make it so the spam forwards to a | specific email address so I can search it easier if a | customer complains that there message was marked spam? | | Thanks, | Mark | | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Blacklisting bounce
If I add bounce@ and bounce- to my blacklist file, will it block all mail from [EMAIL PROTECTED] and [EMAIL PROTECTED] ? Cris Porter Jvc America --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] orbz is now dsbl
Isn't the idea that mail admins will receive spam and then test the source for an open relay and have the source send the mail to dsbl ? Cris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Todd Holt Sent: Monday, March 25, 2002 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] orbz is now dsbl Is the idea that mail admins will forward the mail they consider spam to the dsbl address? If so, I see a new feature request for SpamReview!! :-) Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Monday, March 25, 2002 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] orbz is now dsbl Then only the SPAMmers that have the dsbl mail address on their list (or aren't smart enough to know to remove it) will get blacklisted. I give more credit to the SPAMmers than that, so far. :-) That's not the idea. It may be the idea that is being portrayed for legal reasons, though. The idea is that dsbl won't test any mailservers. *But*, they are hoping that others will. People will run open relay testers, and have the E-mail sent to the dsbl list. So they will end up (if all goes as planned) with most open relays listed, but with the legal excuse of We aren't scanning any servers; your mail server sent us mail so you got listed. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Declude console
Just downloaded the console exe to my imail folder and changed my global.cfg file and it fired up immediately! It's a shame it doesn't work with terminal server. -Cris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, February 19, 2002 1:22 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude console Could it be that I was in a terminal server session? That could account for why you didn't see any information in it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Blacklisting domains
Scott, Any ETA for an update that will allow us to blacklist entire domains (ie pm0.net) ? I don't want to keep adding subdomains to my blacklist file if the fix is imminent. Cris Porter JVC America --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Help! Creating Black Lists
Did you see anything wrong with my previous post ? Cris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Thursday, January 31, 2002 2:45 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Help! Creating Black Lists Can you be more specific on how to setup your own black list in Declude? Yes, I know there's a manual at http://www.declude.com/junkmail/manual.htmwww.declude.com/junkmail/manual .htm . Well, rather than trying to guess what you're having troubles with, how about either asking a specific question or letting us know what you've already tried? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .