re: [Declude.JunkMail] Review spam in hold queue?
I wrote a real quick app a long time ago when I was trying to review an overloaded imail spool to see if there were any legit messages in it. It's no spam review, but it will show you a list of messages in a folder with To, From, Subject, and Size in a listview. You can click on each one to see the raw message. I wrote it to help with an immediate problem, then never touched it again, so it didn't really get any debugging time. It's a vb6 app. If anyone wants it, it may be a temporary help until they find something better, or it may give them something to start with to build their own. In it's current version, it will scan every message in the current directory. For instance, if your held spam is in folder C:\imail\spool\spam, then drop the exe in that folder and double click it, and it will scan every Imail format message in that folder and display a list. It should be pretty easy to convert it to work with SmarterMail format. App and source are attached. -Daniel -- Original Message -- From: Gary Steiner [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Wed, 31 Aug 2005 02:13:20 -0400 Welcome to Notepad! I've also been looking for a utility to do this, but haven't found it yet. Spam Review was recommended to me, but I was disappointed to find out that it only works with IMail - not SmarterMail. You can download it here - http://www.sunlightsoftware.com/spamreview.htm The author states on that web page that he will honor requests for a copy of the code, but he never got back to me. It would seem that it would be relatively easy to convert Spam Review for use with SmarterMail, as it is just a matter of changing the file names (Q*.SMD and D*.SMD for Imail vs. *.EML and *.HDR for SmarterMail) and probably some other minor tweaks like adding an X to the filename of re-qued mail. If anyone else knows of a similar utility that will work with SmarterMail, I would love to hear of it! Gary Original Message From: Dave Beckstrom [EMAIL PROTECTED] Sent: Wednesday, August 31, 2005 12:05 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Review spam in hold queue? I installed Junkmail Pro today as a trial with smartermail. I have a fair number of spams that have been held and I need a means to review them and to identify false positives. How do most of you review the spam in the hold queue? I seem to recall a utility, I think it was called spamreview, which would display the subject, from address and body of the messages in the hold queue. Does anyone have this utility that they could send to me or can you point me to where I can download it? I tried adding a copyto action such as: WEIGHT30 HOLD%DATE% WEIGHT30 copyto [EMAIL PROTECTED] The idea being that I could use a mail client to review all of the spams that were held. Then using the spool filename listed in the header I could identify the file and move it back into the mail queue for redelivery. Unfortunately the dual actions didn't work. Upon reading the manual closer I found that you could create two different actions with different names but that means duplicating each test, too. I don't want to do that. I'm looking for suggestions on how to review the spam that has been held? Thanks, Dave --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] Review spam in hold queue?
Well it appears the attachment didn't go through, so here is a link where you can download it... http://www.silverlinesolutions.com/downloads/SpoolSpamCheck.zip I'll probably only have it posted there for the next couple of days. If anyone wants it after that, email me. -Daniel -- Original Message -- From: Daniel Grotjan [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Wed, 31 Aug 2005 13:19:06 -0400 I wrote a real quick app a long time ago when I was trying to review an overloaded imail spool to see if there were any legit messages in it. It's no spam review, but it will show you a list of messages in a folder with To, From, Subject, and Size in a listview. You can click on each one to see the raw message. I wrote it to help with an immediate problem, then never touched it again, so it didn't really get any debugging time. It's a vb6 app. If anyone wants it, it may be a temporary help until they find something better, or it may give them something to start with to build their own. In it's current version, it will scan every message in the current directory. For instance, if your held spam is in folder C:\imail\spool\spam, then drop the exe in that folder and double click it, and it will scan every Imail format message in that folder and display a list. It should be pretty easy to convert it to work with SmarterMail format. App and source are attached. -Daniel --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: WMI scripting DNS TXT problems
I already tried that. I should have elaborated more on what I have already tried. It does not seem to have anything to do with the quotes, because if I do this... objRR.CreateInstanceFromTextRepresentation CONST_SERVER, strZoneName, strZoneName IN TXT v=sp1, objOutParam I still get the line break at the end. That is with no quotes around the text string and no spaces in it. If I do the same with quotes, I get the same results. It seems to me that it doesn't have anything to do with my code and is automatically added, but I was hoping there was a way to defeat that. I may be wrong though. All other types of records (A, MX, NS) work perfectly, and TXT works except the line break. Anyone have any other ideas? -Daniel -- Original Message -- From: William Stillwell [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Thu, 21 Apr 2005 08:45:25 -0400 Instead of : IN TXT v=spf1 mx ~all Try IN TXT chr(34) v=spf1 mx ~all chr(34) - Original Message - From: Daniel Grotjan [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, April 20, 2005 11:43 PM Subject: [Declude.JunkMail] OT: WMI scripting DNS TXT problems I'm trying to automate my dns zone creation and I am running into a problem with TXT records. I'm using WMI and when ever I create an SPF record (or any TXT record) it automatically adds a line break at the end of the record. Does anyone have any experience with this or have any idea what would cause this? The line below is the one I'm using to create the record. objRR.CreateInstanceFromTextRepresentation CONST_SERVER, strZoneName, strZoneName IN TXT v=spf1 mx ~all, objOutParam I've tried this every different way I can and I always get the same result. In the zone file, it looks like this @ TXT ( v=spf1 mx ~all ) Also, does anyone know if having this break at the end will cause problems with any SPF implementations? -Daniel --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: WMI scripting DNS TXT problems
I'm trying to automate my dns zone creation and I am running into a problem with TXT records. I'm using WMI and when ever I create an SPF record (or any TXT record) it automatically adds a line break at the end of the record. Does anyone have any experience with this or have any idea what would cause this? The line below is the one I'm using to create the record. objRR.CreateInstanceFromTextRepresentation CONST_SERVER, strZoneName, strZoneName IN TXT v=spf1 mx ~all, objOutParam I've tried this every different way I can and I always get the same result. In the zone file, it looks like this @ TXT ( v=spf1 mx ~all ) Also, does anyone know if having this break at the end will cause problems with any SPF implementations? -Daniel --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Program to extract users and aliases from IMail
http://www.smartbusiness.net/imail/ -- Original Message -- From: Matt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Tue, 18 May 2004 15:49:57 -0400 Does anyone know of a program with will extract both the user accounts and the aliases from IMail and put them in a text file? I thought that I had heard of a program like this to be used with IMGate, but everything that I have found only supports user accounts and not aliases. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] TESTFAILEDWITHWEIGHTS
Yes, I'm running 1.77 beta. The exact line from my global.cfg is... HIDETESTS IPNOTINMX NOLEGITCONTENT K-SPAM-ALL K-SPAM-VHIGH K-SPAM-HIGH K-SPAM-MED K-SPAM-LOW The K-SPAM- test are weight test for my Webmail junkmail filter I created. I use Imail rules for customers to choose to send mail to a junkmail folder or delete it based on results of declude weights. Since I set up HIDETESTS, the IPNOTINMX and NOLEGITCONTENT have not shown up in the TESTSFAILEDWITHWEIGHTS variable, but all of the weight tests still show up. This really wouldn't matter to me anyway except it looks like they are adding weight when they really don't. Like you said about the TESTSWITHWEIGHT suggestion, it looks very confusing to the user if they are adding up the score and the WEIGHT10 shows a [10] beside it. It looks like that added 10 points to the weight. -Daniel -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 08 Dec 2003 08:13:11 -0500 I have tried this and it did not work. I already have IPNOTINMX and NOLEGITCONTENT set up for this and they are not appearing in the TESTFAILEDWITHWEIGHTS variable. I added my weight test to it and they still appear. It is formatted as follows in my global.cfg HIDETESTS IPNOTINMX NOLEGITCONTENT WEIGHT10 WEIGHT20 Are weight test supposed to never be hidden, or is there something wrong on my end? I have checked and recheck my global.cfg and it looks correct to me, at least as I understand it. Are you running the latest beta (1.77)? The line that you have should prevent the WEIGHT10/WEIGHT20 tests from showing up in either the %TESTSFAILED% or %TESTSFAILEDWITHWEIGHTS% variables. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] END statement in filters
Is anyone using the END statement in filters successfully? I am finding on my server that if I have an END anywhere in a filter it always ends, whether it matches that statement or not. I have tried this on several filters just to test and get the same results on all of them. I tried in the following format... BODYEND CONTAINS whatever text here Is this the correct format or am I doing something wrong? Also, not related, but I have setup a filter that many people have reported working successfully with the following... BODY 0 STARTSWITHg This doesn't ever fail on the spam that everyone is getting with the fake html tags. At first I thought it was the CR at the beginning of the email, but I remember Scott saying that declude was fixed so it overlooked it. All of these email have a random gkrsjflksh type tag as the first text in them, but they never fail. Is there something I am missing? -Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] TESTFAILEDWITHWEIGHTS
Would it be possible to have the TESTFAILEDWITHWEIGHTS variable to not show the score for WEIGHT type test such as WEIGHT10 or WEIGHT20? It appears that the WEIGHT10 test has added 10 points to the score by the way the variable appears. -Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] TESTFAILEDWITHWEIGHTS
I have tried this and it did not work. I already have IPNOTINMX and NOLEGITCONTENT set up for this and they are not appearing in the TESTFAILEDWITHWEIGHTS variable. I added my weight test to it and they still appear. It is formatted as follows in my global.cfg HIDETESTS IPNOTINMX NOLEGITCONTENT WEIGHT10 WEIGHT20 Are weight test supposed to never be hidden, or is there something wrong on my end? I have checked and recheck my global.cfg and it looks correct to me, at least as I understand it. -Daniel -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Sun, 07 Dec 2003 19:46:17 -0500 Use the HIDETESTS option to remove the weight-based tests from your output. I believe it is used in the Global.cfg as follows: HIDETESTS WEIGHT10 HIDETESTS WEIGHT20 Of course Scott might also want to change the way that weight-based tests are reported, but this will remove some of the extraneous data. Matt Daniel Grotjan wrote: Would it be possible to have the TESTFAILEDWITHWEIGHTS variable to not show the score for WEIGHT type test such as WEIGHT10 or WEIGHT20? It appears that the WEIGHT10 test has added 10 points to the score by the way the variable appears. -Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] possible request for feature
Can there be a way for a filter to fail all or nothing. For instance, everyone seems to be receiving spam with no subject, and fake tags such as gkslthsjewl. I receive thousands of these messages a day, all from different spammers. I have been filtering on the two characteristics, and it usually gets to my hold weight. I don't want to set a very high weight for blank subjects because I'm sure of FP's. If I could combine the two I would feel comfortable deleting on just this test. If I could somehow define a filter that will only fail if all instances in the filter are true I could set up... SUBJECT 0 ISBLANK BODY0 STARTSWITH g and delete on this filter file alone. Maybe some statement at the top to define it, similar to the features you are adding with the maxweight and skipifweight. If it is for some reason it is not a good idea to do with a filter, maybe a new type of test could be created to do this. This could cut down on spam, but also save some resources if the test could be run first. No dns request would have to be made or any other filters run. If this has already been covered I apologize. If there is already a way to do this please let me know how. BTW, has anyone else seen the ridiculous increase in spam that I have? A few days before Thanksgiving my inbound mail increased from around 400,000 a day to over 2 million messages a day. I died back down over the holiday weekend but has picked back up now. I guess the spammers took Thanksgiving off too. Over the years it has been common for us to get more spam during Christmas, but not like this. I guess everyone is taking up spamming as a way to make extra Christmas money. -Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Capital One
I emailed them a few months back to inform them of the problems with their mailings. They replied and said they were going to try to take care of it. Probably not very likely. -Daniel -- Original Message -- From: John Tolmachoff \(Lists\) [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 21 Nov 2003 11:58:59 -0800 Well, in this day and age of SPAM and security issues and fraud, I think Capital One needs to rethink their e-mail strategy. Red flags for me: 1. Links are to sites other than capitalone.com. (Why the redirects?) 2. It failed SPAMHEADERS, NOABUSE and MAILPOLICE-BULK 3. Did not originate from any Capital One server. 4. Tells you to add the from address to a white list. A financial institution should be doing everything it can to be clean. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Friday, November 21, 2003 11:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One John.. Am I not seeing things correctly.. These go straight to CapitalOne.com I even did a Google search and that is the domain for Capital One. Every link in that email goes to Capital One... Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Unix Utilities reference
Bill, I was wondering if you ever got around to putting together a reference for the Unix utilities for Windows? I have found them very useful, but I'm sure I'm probably not using them to their full potential. If you have put anything together it would be greatly appreciated. Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Opinions on web interface
Scot, The web interface looks good. I created something similar using ASP and a custom COM object I wrote. I uses Imail rules instead of the individual junkmail files to process the mail based on weight test. I implemented it about a month ago and so far we have over a thousand users using it and all of them are thrilled about it. I don't have a demo set up, but I have a screenshot of it if you want to see. http://www.kimbanet.com/junkmail.jpg Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Several similar address in TO: field
Is there any way to test for several addresses in the TO: line that are similar? For instance the following addresses were in the TO: line of a message I received recently. None of the addresses exist other than mine. [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] If there is no way to check for something like this maybe it could be an idea for a future test. You could check for there being more that a certain number of addresses in the TO: field that start with the same letter, or something like that. I don't think I have ever received a legitimate message like that. It may have a few false positives from newsletters, but would probably be good in a weighting system. Daniel --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log to syslog option
I would like the ability to log by hour also. I have a very high traffic server. I have days where my log files are over 500mb with LOGLEVEL LOW. It makes it hard to open them up and find anything if there is a problem. Daniel OK, I understand that. How about the ability to log by hour? Right now, the log file is configured as \junkmail where the 4 # signs are replaced with the current day and month. Adding the ability to go hourly would help in cases of large log files. Some thing like \junk## would do. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
