RE: [Declude.JunkMail] FROMNOMATCH returning high scores
Was it invURIBL by any chance? If so did you find a cause? From: Nick Hayer [mailto:n...@madriveraccess.com] Sent: Wednesday, May 18, 2011 3:06 PM To: Declude.JunkMail@declude.com Subject: re: [Declude.JunkMail] FROMNOMATCH returning high scores I haven't seen it on FROMNOMATCH but have seen it elsewhere; specifically when an external app throws an exception. Bottom line somewhere declude or some other app threw an exception - the wacko score is the result. -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm _ From: Jim Comerford jcomerf...@sbsnet.com Sent: Wednesday, May 18, 2011 1:13 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] FROMNOMATCH returning high scores Has anyone else seen the FROMNOMATCH test returning ridiculously high scores (like 1027774676) event though its not configured to do so... and yet Declude does not act on the cumulative score, so for example a message with score 1027774676 would not get deleted like it is configured to at a score of 30? Curious if anyone else is seeing this and if they know the cause. -Jim --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FROMNOMATCH returning high scores
Has anyone else seen the FROMNOMATCH test returning ridiculously high scores (like 1027774676) event though its not configured to do so... and yet Declude does not act on the cumulative score, so for example a message with score 1027774676 would not get deleted like it is configured to at a score of 30? Curious if anyone else is seeing this and if they know the cause. -Jim --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FROMNOMATCH returning high scores
Well I just solved 1/2 the problem. The range I had defined did not go past so that’s why they were not acted on. Still unsolved is the very high score from FROMNOMATCH test - I'm working with DECLUDE on it, but curious if anyone but me has sees that happen. -Original Message- From: Herb Guenther [mailto:h...@lanex.com] Sent: Wednesday, May 18, 2011 1:31 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] FROMNOMATCH returning high scores I have not seen that. Herb On 5/18/2011 12:12 PM, Jim Comerford wrote: Has anyone else seen the FROMNOMATCH test returning ridiculously high scores (like 1027774676) event though its not configured to do so... and yet Declude does not act on the cumulative score, so for example a message with score 1027774676 would not get deleted like it is configured to at a score of 30? Curious if anyone else is seeing this and if they know the cause. -Jim --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)789-0966x200 (off hours or if out of office) This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero?
So what's the difference between the SNIFFER test as Internal vs External? Is one faster than the other? Assuming you did not want to check the individual tests (ie SNIFFER-TRAVEL) is there an advantage to using one over the other? Internal: SNIFFER external nonzero C:\Smartermail\Declude\Sniffer\xxx.exe xxxabc12312 0 SNIFFER-TRAVEL SNFx 47 12 0 External SNIFFER external nonzero D:\IMAIL\Declude\SNF\SNFClient.exe12 0 -Jim From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Friday, April 30, 2010 11:14 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero? The test works as an internal test and not as an external test. The main difference being the location of the exit code. See external is the 1st variable whereas the internal it is the 2nd variable and the NONZERO does not work for that. SNIFFER external nonzero C:\Smartermail\Declude\Sniffer\xxx.exe xxxabc12312 0 SNIFFER-TRAVEL SNFx 47 12 0 Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, April 30, 2010 10:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero? Hi Dave, Thanks for taking the time to explain it. I see that the sample on your web site has already been corrected to read IPREPUTATIONSNFIPREP and I was simply working off an earlier copy. For the SNF test type, is there a way to have a global match (e.g., NONZERO), instead of having to specify each of the 18 (current) return codes one at a time? The external Sniffer simply allow me to code: SNIFFER external nonzero D:\IMAIL\Declude\SNF\SNFClient.exe10 0 Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Friday, April 30, 2010 10:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration SNFIPBLACK SNFIP the 2nd variable value is 5 = Block and works as an exit code. IPREPUTATION works differently. Note: IPREPUTATIONSNFIP please update this to IPREPUTATIONSNFIPREP x 0 10 -5 this should be the default. SNFIPREP represents a scale of -1- 0 - 1 when the 2nd variable (BASEPOINT) is set to 0 this will convert the IP reputation to this scale as the examples below: If final score is 0 no score is added to the email dec0430.log1842 04/30/2010 00:01:20.700 49319588 SNFIPRep the Value of Result = 0.00 If final score is + the 3rd variable score is used in this case 10 dec0430.log7351 04/30/2010 00:07:14.043 49319625 SNFIPRep the Value of Result = 0.267262 If final score is - the 4th variable score is used in this case -5 dec0430.log1192604/30/2010 00:08:50.340 49319647 SNFIPRep the Value of Result = -0.267262 The BASEPOINT is the point value at which an email will be considered Good if the result is to the left or Bad if to the right. (SNIFFER RETURN) x 10 - (BASEPOINT) = Result Example: 0.267262 x 10 - 0 = 2 This is positive then the test is triggered for 10 points. 0.267262 x 10 - 1 = 1 This is positive then the test is triggered for 10 points. 0.267262 x 10 - 2 = 0 Not Triggered. 0.267262 x 10 - 3 = -1 This is negative then the test is not-triggered for -5 points. 0.267262 x 10 - 4 = -2 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 0 = -2 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 1 = -1 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 2 = 0 Not Triggered. -0.267262 x 10 - 3 = -1 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 4 = -2 This is negative then the test is not-triggered for -5 points. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com , April 30, 2010 1:26 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration Hi, 1. I'm confused about the Sniffer integration sample: SNFIPBLACK SNFIP x 5 10 0 IPREPUTATIONSNFIP x 5 10 -5 It seems to me as if BOTH lines test the SAME Sniffer return code of 5 - but one line assigns adds a weight of 10 when found,
RE: [Declude.JunkMail] Enumerating and Weighting IP4R/RHSBL/DNSBL tests
I also use fresh15.spameatingmonkey.net and urired.spameatingmonkey.net in my invuribl config Do you happen to know the config lines you need for invuribl to use these...? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Problems with AUTOWHITELIST
How about a per-domain config... You can turn off AUTOWHITELIST for that customer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, November 09, 2008 11:31 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Problems with AUTOWHITELIST I am having an issue with AUTOWHITELIST. I have a customer who's users use the web mail client exclusively. Because of this, they put each other in their address books. As spammers will spoof email to one user with another user from the same domain's address, this becomes a problem. With AUTOWHITELIST ON, all of this type of spam gets whitelisted. I cannot turn the feature off because that is how I let my other customers manage their personal whitelist. I would request that Declude offer an alternative to AUTOWHITELIST. Give me a test whereby I can assign a weight to an email if the sender is in the address book. That way, I can assign an appropriate negative weight to allow some of the email to come through but still catch the real bad stuff. Once it's whitelisted, nothing else can be done. This also goes for WHITELIST AUTH. Give us a test whereby I can test for Authentication and do whatever I want based on that. Please help, Don --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forged-Spam Backscatter
What is the reccommended entry in global.cfg for this filter... Does it also need an entry in $default$.junkmail files(s) Thanks, Jim Comerford http://www.sbsnet.com/images/1px.gif http://www.sbsnet.com/images/sbs65.jpg Successful Business Solutions, Inc. PO Box 310 Gillette, NJ 07933 phone 908-322-5123 fax 908-517-9318 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.sbsnet.com/ www.sbsnet.com _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, April 04, 2008 2:01 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter I have posted the backscatter filters we use under the download section of Declude, any feedback is welcome. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, April 03, 2008 6:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter Symantec says that backscatter-as-deliberate-spam-technique is back in vogue. See their April State of Spam Report http://www.symantec.com/enterprise/security_response/weblog/2008/04/post_8.h tml Andrew. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, April 03, 2008 12:43 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter Jim - I'm running the exact same set up as you are. We had the same problem about two weeks ago. I don't know if this made much difference or not, but I noticed the domains that we were seeing this with did not have any SPF records in place. So when I saw this sudden increase come through, I added a strict SPF policy for that domain. The backscatter for that domain all but stopped. A few days later, a different domain was targeted - without an SPF record - and adding one seemed to cure that. This happened a few more times, with the results all the same. I'm not at an expert level to say whether this did or did not do the trick. Perhaps it was just coincidental. All the new domains that are set up and running services through us get strict SPF records put in place from the start. However, the older domains that have been around for a while - that didn't have SPF in place - were the ones that seemed to have had the problem. And since then, we haven't had any more problems with that. I can't say for sure that them having their email addresses on their websites was the problem for sure or not. For what it's worth, my new policy is to not put email addresses on public websites. Anyway, just thought I would throw that out there. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Comerford Sent: Thursday, April 03, 2008 1:46 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Forged-Spam Backscatter Over the last several weeks we have seen a dramatic increase in spam hitting our server. From about 70,000 mails a day to around 110,000 /day. Most destined for our users is getting properly filtered by declude. What is getting thru is backscatter from spam that is forging addresses from domains we host. It seems just about any address that is posted on a website seems to be being used to forge outgoing spam (not from our server) -- and is generating all sorts of bounce messages. I suspect there is not much I can do to block this backscatter without blocking legit bounce messages... but I thought I'd ask. Here is our config: Imail 8.22 Declude 4.3.64 invURIBL 3.1.1 Sniffer --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.1px.gifsbs65.jpg
[Declude.JunkMail] Forged-Spam Backscatter
Over the last several weeks we have seen a dramatic increase in spam hitting our server. From about 70,000 mails a day to around 110,000 /day. Most destined for our users is getting properly filtered by declude. What is getting thru is backscatter from spam that is forging addresses from domains we host. It seems just about any address that is posted on a website seems to be being used to forge outgoing spam (not from our server) -- and is generating all sorts of bounce messages. I suspect there is not much I can do to block this backscatter without blocking legit bounce messages... but I thought I'd ask. Here is our config: Imail 8.22 Declude 4.3.64 invURIBL 3.1.1 Sniffer --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forged-Spam Backscatter
... but I noticed the domains that we were seeing this with did not have any SPF records in place. So when I saw this sudden increase come through, I added a strict SPF policy for that domain. The backscatter for that domain all but stopped. ... Good thing to check... the latest domain to get hit did NOT have an SPF record (and this seems to have been the worst so far)... BUT MOST of the ones that did get hit - did have an SPF record and we still get backscatter. We typically add SPF on all domains.. but in reviewing we had missed a couple of them. Hopefully the Filter that David is referring to will help. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Need to Filter...
Hi, I have a customer that keep getting a certain message I would like to block. Here are the headers. It always has the mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] address in there. How best to block this message. I have changed my customers email address in these headers to mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Microsoft Mail Internet Headers Version 2.0 Received: from mail.sbsnet.com ([63.147.233.20]) by thisdomain.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 5 Mar 2008 16:28:11 -0500 Received: from py-out-1112.google.com [64.233.166.182] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id A7A5023C; Wed, 05 Mar 2008 15:50:45 -0500 Received: by py-out-1112.google.com with SMTP id u52so2871078pyb.10 for someone mailto:[EMAIL PROTECTED] @thisdomain; Wed, 05 Mar 2008 12:50:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:subject:date; bh=7XAeQbBfpxM7+gtXqB4pHXkly3zKIUhT03M6xBGz6Fs=; b=R3EKQ9CkpX9inopXhNybOUkX9PkvZGe6zWd7/6n+iZVdGJVHwBJgnbH3jcKZPA7+RQzuZq Ptc28yS1czmWq4lt/k16yAxZ/iQLzbkPTotnh87GaRLnQzXAJTnyGi6I7+BULIwiODZqda2R 0ZLKqOIWMPwN6nhCLcP/yTCtdgWjs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:from:to:subject:date; b=uqmrXv3hqd0vHoXWsqtE5fKqJqKmW3QKVxeAsuLQi4ELBtTVDU8Dqkd5qlLaJJJrSD5QGS k9oEP4wokdxzY7o7XQrzfwPGvIhCw3tVJ+EU7Ukr70XKGSZDvzeMYfvdIRXG4DvAbJrubdN9 IQRqluRXH4h9QE5G9Y0yhScCh2luo= Received: by 10.35.75.15 with SMTP id c15mr5258589pyl.6.1204750242251; Wed, 05 Mar 2008 12:50:42 -0800 (PST) Received: by 10.35.75.15 with SMTP id c15mr10486278pyl.6; Wed, 05 Mar 2008 12:50:42 -0800 (PST) Message-ID: [EMAIL PROTECTED] From: Mail Delivery Subsystem [EMAIL PROTECTED] To: someone mailto:[EMAIL PROTECTED] @thisdomain.com Subject: Delivery Status Notification (Delay) Date: Wed, 05 Mar 2008 12:50:42 -0800 (PST) X-RBL-Warning: MXRATE-ALLOW: GOOD SENDER X-RBL-Warning: FROMNOMATCH: Env sender () From: ([EMAIL PROTECTED]) mismatch. X-Declude-Sender: [64.233.166.182] X-Declude-Spoolname: D07a5017c0029.smd X-Declude-RefID: X-Declude-Scan: Score [-5] at 16:29:09 on 05 Mar 2008 X-Declude-Fail: MXRATE-ALLOW [-5], BGISOCWL [-1], CASA [-1], FROMNOMATCH [2] X-Country-Chain: UNITED STATES-destination Return-Path: X-OriginalArrivalTime: 05 Mar 2008 21:28:11.0355 (UTC) FILETIME=[D02392B0:01C87F07] -Original Message- From: Mail Delivery Subsystem [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 3:51 PM To: someone Subject: Delivery Status Notification (Delay) This is an automatically generated Delivery Status Notification THIS IS A WARNING MESSAGE ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 4 more day(s) Technical details of temporary failure: DISABLED_USER: Account temporarily disabled - Message header follows - Received: by 10.35.84.9 with SMTP id m9mr18615493pyl.6.1204468218506; Sun, 02 Mar 2008 06:30:18 -0800 (PST) Return-Path: someone mailto:[EMAIL PROTECTED] @thisdomain.com Received: from e58065.upc-e.chello.nl (e58065.upc-e.chello.nl [213.93.58.65]) by mx.google.com with SMTP id f60si40752796pyh.14.2008.03.02.06.30.14; Sun, 02 Mar 2008 06:30:18 -0800 (PST) Received-SPF: neutral (google.com: 213.93.58.65 is neither permitted nor denied by best guess record for domain of someone mailto:[EMAIL PROTECTED] @thisdomain.com) client-ip=213.93.58.65; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.93.58.65 is neither permitted nor denied by best guess record for domain of [EMAIL PROTECTED]) mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Date: Sun, 02 Mar 2008 06:30:18 -0800 (PST) X-Originating-IP: [95.1.80.490] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Received: (qmail 13690 by uid 349); Sun, 2 Mar 2008 03:30:54 +0100 Message-Id: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: SALE 70% OFF From: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New PDF worm?
Could someone explain further how this filter works and what it is doing... it is adding weight to all PDF's or is this searhcing for some common element present in the PDF Spams? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, July 02, 2007 1:35 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Create a filter eg FILTER-PDF.txt and use the following lines. Adjust your weights accordingly. Also ensure you are running Declude 4.3.46 BODY 3 PCRE (JVBERi0xLjMgCjEgMCBvYmoKPDwKPj4KZW5kb2JqCjIgMCBvYmo) BODY 5 PCRE (-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)+(?:\r\n){1,}-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)*Content-Type: application/pdf;) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katie LaSalle-Lowery Sent: Monday, July 02, 2007 1:28 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? We've been suffering .pdf spam getting through the filter. What settings are you using that's identifying these as spam? We're seeing an overall increase in spam getting through the filter the last few weeks... Thanks, Katie _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SJ.Stanaitis Sent: Wednesday, June 27, 2007 9:17 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] New PDF worm? I'm getting gobs of PDF's snagged in my antispam filter, they're not triggering any AV yet, anyone else seeing this? SJ.Stanaitis - Network Administrator Decorative Product Source, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Per user config and performance
I don't have specific answers for you, but when I implemented per-domain setup, I inquired with Linda at Declude Tech Support and she was very helpful and timely in assisting in the setup. There are ways to default domains (and I assume users) to use a base set of settings if you dont need a custom setup for each. My experience with Declude tech support has been excellent - so why not try it since the answer is not coming out here quickly. -Jim _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ing. Andrés E. Gallo Sent: Wednesday, May 16, 2007 9:27 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Per user config and performance Sorry for re-posting but from Thursday to Monday, no messages of the list. If any, please re-answer. Thanks Andres.- /***/ Hi List I wonder if some have experience by configuring the per user and per domain settings. I mean, having 5000 users per domain, each user by domain will choose if Declude Antispam or not. So, should be a file ( for all users same configuration, _not_ customized for each one ) like user.junkmail, user1.junkmail, user6.junkmail and so on under each domain dir. How this will impact performance ? Is there a limit there ? Any experience ? or any easy way to do it ? Regards Andres-. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Weighting based on some Imail Tests...?
I'm relatively new to Declude, but have been using Imail and many of its test for quite a while. I'm curious if it is possible to use some of imail's antispam tests (specifically Baysean filter, and url-blacklist) to add weight to declude tests. We have had great results with these two tests and if they were in the weighting systen I think it would help. I'm not sure which part of imail's tests get run before control is passed to declude, but it seems if these are, declude shouldbe able to use them in the weighting system... Is anyone doing anything like this? Or and I off base and duplicating something that declude already offers...? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.