Re: [Declude.JunkMail] Spam not being marked
I'm not real sure here either way. I think I had 1.88 installed or so, then checked for an update and installed 2.0.6 As far as I know the config's are the defaults that came with 2.0.6 with my key/serial added. I'll try commenting out the existing and add the section that was posted with a weight range and see if any difference comes up. Thanks for the replies folks :-) Mike -- Original Message -- From: Matt [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Wed, 13 Jul 2005 13:36:26 -0400 I believe that was a byproduct of changes earlier in the 2.x releases, but it was fixed in 2.0.6. Much of this appearantly had to do with how they had changed the behavior of the DELETE action, but in 2.0.6 they set it back to the original behavior and created a new action with the new functionality (DELETEONLYFORRECIPIENTS or something like that). Matt Darrell ([EMAIL PROTECTED]) wrote: Their has also been talk on the list in the past about weights that conflict and Weight ranges clears a log of this stuff up WEIGHT10weightrangexx1013 WEIGHT14weightrangexx1419 WEIGHT20weightxx200 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Mike Hyslip writes: WEIGHT10weightxx100 WEIGHT14weightxx140 WEIGHT20weightxx200 Note - this only happens here and there. 99% of the messages are flagged and show up correctly, just a couple a day seem to be showing up like these where the headers are somehow stuck inside the body of the message. Mike -- Original Message -- From: Darrell \([EMAIL PROTECTED]) [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Tue, 12 Jul 2005 14:35:18 -0400 In your global config how is it configured? Darrell invURIBL - Intelligent URI filtering. Stops 85%+ of SPAM with the default configuration... http://www.invariantsystems.com Mike Hyslip writes: WEIGHT10SUBJECT**SPAM: WEIGHT14SUBJECT **SPAM: WEIGHT20SUBJECT**SPAM: There's not weightrange option configured far as I can tell. The headers that get stuck in the body show it is marked - Hello, Message-Id: [EMAIL PROTECTED] Subject: **SPAM: So not sure where else to look. Thanks for your reply :-) Mike -- Original Message -- From: Darrell \([EMAIL PROTECTED]) [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Tue, 12 Jul 2005 13:07:49 -0400 What are the actions you have configured for WEIGHT10 and WEIGHT14. Also, are those configured as WEIGHT's or WEIGHTRANGE? Darrell - DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. http://www.invariantsystems.com Mike Hyslip writes: I am having random emails it seems showing up in my inbox unmarked as spam, yet the body of the message is containing all the headers showing it as spam. Not sure if this is just a bug, or spam circumventing spam protection in some way. Below is an example. The email - From sender To me subject: haunted by your past? Hello, Message-Id: [EMAIL PROTECTED] Subject: **SPAM: X-RBL-Warning: SORBS-DUHL: Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?62.179.66.83; X-RBL-Warning: FIVETENSRC: 83.66.179.62.blackholes.five-ten-sg.com. X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-Declude-Sender: [EMAIL PROTECTED] [62.179.66.83] X-Declude-Spoolname: DD6A9018D4C8F.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [15] at 10:41:54 on 12 Jul 2005 X-Declude-Tests: SORBS-DUHL, FIVETENSRC, NOABUSE, CMDSPACE, ROUTING, WEIGHT10, WEIGHT14 X-Country-Chain: [Unknown]-AUSTRIA-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 371243910 X-IMail-ThreadID: d6a9018d4c8f You have been chosen to participate in an invitation only limited time event! Are you currently paying over 3% for your mortgage? STOP! We can help you lower that today! Answer only a few questions and we can give you an approval in under 30 seconds ÃÂÃÂ itÃÂÃÂs that simple! Stop fighting for lenders ÃÂÃÂ let them fight for you! Make them work for your business by giving you the lowest rates around! $230,000 loans are available for only $340/month! WEÃÂÃÂRE PRACTICALLY GIVING AWAY MONEY! Think your credit is too
Re: [Declude.JunkMail] Spam not being marked
WEIGHT10SUBJECT **SPAM: WEIGHT14SUBJECT **SPAM: WEIGHT20SUBJECT **SPAM: There's not weightrange option configured far as I can tell. The headers that get stuck in the body show it is marked - Hello, Message-Id: [EMAIL PROTECTED] Subject: **SPAM: So not sure where else to look. Thanks for your reply :-) Mike -- Original Message -- From: Darrell \([EMAIL PROTECTED]) [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Tue, 12 Jul 2005 13:07:49 -0400 What are the actions you have configured for WEIGHT10 and WEIGHT14. Also, are those configured as WEIGHT's or WEIGHTRANGE? Darrell - DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. http://www.invariantsystems.com Mike Hyslip writes: I am having random emails it seems showing up in my inbox unmarked as spam, yet the body of the message is containing all the headers showing it as spam. Not sure if this is just a bug, or spam circumventing spam protection in some way. Below is an example. The email - From sender To me subject: haunted by your past? Hello, Message-Id: [EMAIL PROTECTED] Subject: **SPAM: X-RBL-Warning: SORBS-DUHL: Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?62.179.66.83; X-RBL-Warning: FIVETENSRC: 83.66.179.62.blackholes.five-ten-sg.com. X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-Declude-Sender: [EMAIL PROTECTED] [62.179.66.83] X-Declude-Spoolname: DD6A9018D4C8F.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [15] at 10:41:54 on 12 Jul 2005 X-Declude-Tests: SORBS-DUHL, FIVETENSRC, NOABUSE, CMDSPACE, ROUTING, WEIGHT10, WEIGHT14 X-Country-Chain: [Unknown]-AUSTRIA-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 371243910 X-IMail-ThreadID: d6a9018d4c8f You have been chosen to participate in an invitation only limited time event! Are you currently paying over 3% for your mortgage? STOP! We can help you lower that today! Answer only a few questions and we can give you an approval in under 30 seconds  itÂs that simple! Stop fighting for lenders  let them fight for you! Make them work for your business by giving you the lowest rates around! $230,000 loans are available for only $340/month! WEÂRE PRACTICALLY GIVING AWAY MONEY! Think your credit is too bad to get a deal like this? THINK AGAIN! We will have you saving your money in no time! Are you ready to save your money? http://p8t.the-h00d.com/p1.asp Update records on site. Regards, Martin Christie - Here is the declude log for this message - 07/12/2005 10:41:54 QD6A9018D4C8F nNOLEGITCONTENT:-5 SORBS-DUHL:4 FIVETENSRC:4 NOABUSE:2 CMDSPACE:8 ROUTING:2 . Total weight = 15. 07/12/2005 10:41:54 QD6A9018D4C8F L1 Message OK 07/12/2005 10:41:54 QD6A9018D4C8F Subject: Haunted by your past? 07/12/2005 10:41:54 QD6A9018D4C8F From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 62.179.66.83 ID: j980FEKr454861 07/12/2005 10:41:54 QD6A9018D4C8F Tests failed [weight=15]: CATCHALLMAILS=IGNORE IPNOTINMX=IGNORE SORBS-DUHL=WARN FIVETENSRC=WARN NOABUSE=WARN CMDSPACE=WARN ROUTING=WARN WEIGHT10=SUBJECT WEIGHT14=SUBJECT 07/12/2005 10:41:54 QD6A9018D4C8F Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT [LAST ACTION=SUBJECT] 07/12/2005 10:41:54 QD6A9018D4C8F Cumulative action(s) taken on this email = IGNORE WARN SUBJECT [LAST ACTION=SUBJECT] Any ideas, or another piece of information I'm missing? I can see the subject is marked in the headers stuck in the body of the email, but ideas on how this is stuck in the body and not where it should be? I am running Imail 8.20, and the declude version is in the email headers above. Mike --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail
Re: [Declude.JunkMail] Spam not being marked
WEIGHT10weight x x 10 0 WEIGHT14weight x x 14 0 WEIGHT20weight x x 20 0 Note - this only happens here and there. 99% of the messages are flagged and show up correctly, just a couple a day seem to be showing up like these where the headers are somehow stuck inside the body of the message. Mike -- Original Message -- From: Darrell \([EMAIL PROTECTED]) [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Tue, 12 Jul 2005 14:35:18 -0400 In your global config how is it configured? Darrell invURIBL - Intelligent URI filtering. Stops 85%+ of SPAM with the default configuration... http://www.invariantsystems.com Mike Hyslip writes: WEIGHT10 SUBJECT **SPAM: WEIGHT14 SUBJECT **SPAM: WEIGHT20 SUBJECT **SPAM: There's not weightrange option configured far as I can tell. The headers that get stuck in the body show it is marked - Hello, Message-Id: [EMAIL PROTECTED] Subject: **SPAM: So not sure where else to look. Thanks for your reply :-) Mike -- Original Message -- From: Darrell \([EMAIL PROTECTED]) [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Tue, 12 Jul 2005 13:07:49 -0400 What are the actions you have configured for WEIGHT10 and WEIGHT14. Also, are those configured as WEIGHT's or WEIGHTRANGE? Darrell - DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. http://www.invariantsystems.com Mike Hyslip writes: I am having random emails it seems showing up in my inbox unmarked as spam, yet the body of the message is containing all the headers showing it as spam. Not sure if this is just a bug, or spam circumventing spam protection in some way. Below is an example. The email - From sender To me subject: haunted by your past? Hello, Message-Id: [EMAIL PROTECTED] Subject: **SPAM: X-RBL-Warning: SORBS-DUHL: Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?62.179.66.83; X-RBL-Warning: FIVETENSRC: 83.66.179.62.blackholes.five-ten-sg.com. X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-Declude-Sender: [EMAIL PROTECTED] [62.179.66.83] X-Declude-Spoolname: DD6A9018D4C8F.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [15] at 10:41:54 on 12 Jul 2005 X-Declude-Tests: SORBS-DUHL, FIVETENSRC, NOABUSE, CMDSPACE, ROUTING, WEIGHT10, WEIGHT14 X-Country-Chain: [Unknown]-AUSTRIA-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 371243910 X-IMail-ThreadID: d6a9018d4c8f You have been chosen to participate in an invitation only limited time event! Are you currently paying over 3% for your mortgage? STOP! We can help you lower that today! Answer only a few questions and we can give you an approval in under 30 seconds ÃÂ itÃÂs that simple! Stop fighting for lenders ÃÂ let them fight for you! Make them work for your business by giving you the lowest rates around! $230,000 loans are available for only $340/month! WEÃÂRE PRACTICALLY GIVING AWAY MONEY! Think your credit is too bad to get a deal like this? THINK AGAIN! We will have you saving your money in no time! Are you ready to save your money? http://p8t.the-h00d.com/p1.asp Update records on site. Regards, Martin Christie - Here is the declude log for this message - 07/12/2005 10:41:54 QD6A9018D4C8F nNOLEGITCONTENT:-5 SORBS-DUHL:4 FIVETENSRC:4 NOABUSE:2 CMDSPACE:8 ROUTING:2 . Total weight = 15. 07/12/2005 10:41:54 QD6A9018D4C8F L1 Message OK 07/12/2005 10:41:54 QD6A9018D4C8F Subject: Haunted by your past? 07/12/2005 10:41:54 QD6A9018D4C8F From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 62.179.66.83 ID: j980FEKr454861 07/12/2005 10:41:54 QD6A9018D4C8F Tests failed [weight=15]: CATCHALLMAILS=IGNORE IPNOTINMX=IGNORE SORBS-DUHL=WARN FIVETENSRC=WARN NOABUSE=WARN CMDSPACE=WARN ROUTING=WARN WEIGHT10=SUBJECT WEIGHT14=SUBJECT 07/12/2005 10:41:54 QD6A9018D4C8F Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT [LAST ACTION=SUBJECT] 07/12/2005 10:41:54 QD6A9018D4C8F Cumulative action(s) taken on this email = IGNORE WARN SUBJECT [LAST ACTION=SUBJECT] Any ideas, or another piece of information I'm missing? I can see the subject is marked in the headers stuck in the body of the email, but ideas on how this is stuck in the body and not where it should be? I am running Imail 8.20, and the declude version is in the email headers above. Mike --- This E-mail came from the Declude.JunkMail
RE: [Declude.JunkMail] XML? Just Say NO !
Declude can always have an option to edit a file by hand, or just display each current value, test, etc and let changes be fine tuned there and have it write the config file itself. I also think it would be nice for it to either have a global include file for the default junkmail file (for when adding a test and not having to define on every single domain specific config file) or having it travel through subdirectories adding tests heh. A module to pay my bills would be nice also :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Monday, July 12, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] XML? Just Say NO ! I like the XML idea. It is certainly editable by Notepad across a slow connection because an XML file is a plain text file (with specific chars used for specific purposes). But it would give the people that want programmatic control over the file a great capability. Then we can choose our method: Notepad or XML object. Also, viewing an XML file in IE is very easy to pick out the data you want to view. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of decjunkmail Sent: Monday, July 12, 2004 11:46 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] XML? Just Say NO ! Hi, I vote NO for XML. I'm sorry, but XML is much more like a registry setting or a binary configuration file -- Great for programmatic manipulation, but terrible for manual/interactive use. A text file in notepad is easy to change and edit interactively (even remotely on low-bandwidth connections) - as long as the goal for declude configuration files is to facilitate quick and easy changes, then it should stay as a text file. If the goal is to create a parametric-driven, API for automatic configuration/provisioning or programming, then XML or registry keys, or a binary database is fine. Note - I have used some XML, mostly with ASP.NET/VB.NET and although I can dig my way around config.net files and the like, I still prefer .ini files if I'm going to be fiddling with configurations. Yes, XML is great to serialize database structures, move them across web services, or dissimiliar internal database stores, but they are not as friendly for configuration files. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan Sent: Monday, July 12, 2004 9:43 AM To: [EMAIL PROTECTED] Subject: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Ok, couldn't resist my $.02 M sense, but I think they are putting the cart before the horse. Wouldn't M it be much better to work on creating a new format for the config files DREAMING Like an XML based config file that incorporated Junkmail, Virus and Hijack configurations as well as per user controls. Ooooh, how much easier that would be to control from code /DREAMING M In the mean time, it would make sense to also spend some time tightening M up loose ends which have not been getting that much attention. If you M asked for everyone's top 5 list from around here at least, I'm pretty M sure that it would include things besides a new DNSBL test on virus data M with a GUI installer, or the GUI itself. Declude is very capable at the M moment, but there are some loose ends that could be tied up over a short M period of time that would really help finish the foundation. Voicing Like a sender white list option for Vulnerabilities in DV. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forwarding delivers spam
Would marking the subject still allow the Imail rules to process on the receiving end? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, June 21, 2004 1:58 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Forwarding delivers spam I have seen from the list archives that when an account is forwarded to another, the second account receives all spams, instead of them being placed in the spam mailbox. Correct -- that is by design. The forwarded E-mail may go to another server that does not support mailboxes. Is there a work around for this? We have users who, when on vacation, will forward their mails to another user. The second user will now receive all of the original recipient's spam, ignoring the MAILBOX directive. This is causing major complaints from the users. In this case, you'll need to use an action such as HOLD or DELETE that does not deliver the E-mail to the recipient. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and attachments
I know others have mentioned higher CPU load with body searches and the like, and most like searching through the entire attachment text for matches to a filter? Just a guess here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, June 17, 2004 10:23 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude and attachments Hi Scott- When this happens, I usually see about three Declude processes, each in the 25% - 30% neighborhood, and several more showing smaller percentages. Also, I see the usual Sniffer, SMTP, POP, and IMAP, all much lower. -d - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 9:32 AM Subject: Re: [Declude.JunkMail] Declude and attachments Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? That shouldn't be an issue -- for example, with a 1MB file attachment, Declude will only scan about the first 5% of it. What processes are using the CPU time? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT IMail Backup/Restore
When you make a backup of Imail's user/domain settings, it might keep the original drive paths so check it's reg file that is created in case you need to do a find/replace -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, June 11, 2004 12:01 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT IMail Backup/Restore Hi, I think this is going to work I need to backup IMail from the C Drive, reformat the server, create D drive and then put IMail back on D Drive. I figure the way to do this is Old Server Stop all IMail services Backup IMail and all directories Make new server Install IMail on new server D Drive Patch it to same level Restore the IMail directories to D Drive Check all drive references Start Services This should move all the mail and users etc etc Obviously fix all the Declude filter paths etc. Will this work? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Junk Mail Test
I believe outlook 2003 can cause this if it is connecting without authentication. If that is the client youre using, try enabling authentication for sending email and see if that clears it up? I had that happen, being marked as spam sending myself a test message. M From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Calvert Sent: Wednesday, June 09, 2004 5:08 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Junk Mail Test Hi all, I have an email that is getting caught on CMDSPACE test, but can't find any information on it in the Junkmail manual, are there other tests that are not listed there? Jay Calvert Systems Administrator Web Support Services Corporate IT Office: 604.275.3800 Direct Phone: 604.448.3893 Cell: 604.612.6250
RE: [Declude.JunkMail] OT: GREP Help Needed
find whatever value is common to all of those (and hopefully nothing else) If interface 2 is 10.0.6.1 then grep for that value. If there are other interfaces on that device that would also match that (such as 10.0.6.10 or 10.0.6.100 ) then you can cat filename | grep 10.0.6.1 temp file notice the space after the .1 and inside the quotes I assume the grep is done on unix/linux, otherwise use type filename to throw its output into grep. That would at least get just those lines into a separate file I think. As far as accounting to see what is what maybe import that as space/tab delimited into excel or something similar? Then you can sort by IP address and get totals that way. I'm fairly clueless if it involves anything above simple :) M From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of serge Sent: Saturday, May 29, 2004 1:03 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: GREP Help Needed From the grep expert Below is a sample log file (cisco netflow output) 1- how can we export the lines with interface number 2 (in red) to another smaller file 2- can we easily get bytes totals per ipadress, port #, ... 216.226.209.180 202.59.119.218 10.0.6.1 2 4 6 304 2004-05-27 19:12:47.097 2004-05-27 19:12:57.097 5466 6346 3 6 0 0 0 24 0 208.154.200.5 192.36.125.2 208.154.200.6 208.154.200.6 4 2 1 233 2004-05-27 19:12:43.109 2004-05-27 19:12:43.109 53 1090 16 17 0 0 0 0 25 208.154.200.5 208.154.200.6193.0.0.193 10.0.6.1 2 4 1 69 2004-05-27 19:12:43.113 2004-05-27 19:12:43.113 1090 53 16 17 0 0 0 25 0 208.154.200.5 65.57.234.3 216.226.209.154216.226.209.154 1 2 1 40 2004-05-27 19:12:43.209 2004-05-27 19:12:43.209 6667 55790 16 6 0 0 0 0 24 208.154.200.5 216.226.209.144 213.30.182.60 10.0.6.1 2 4 2 112 2004-05-27 19:12:42.545 2004-05-27 19:12:43.041 0 771 16 1 0 0 0 24 0 208.154.200.5 66.118.142.125 216.226.209.133 216.226.209.133 1 2 2 106 2004-05-27 19:12:41.285 2004-05-27 19:12:42.897 65475 1034 24 6 0 0 0 0 24 208.154.200.5 216.226.209.183 216.155.193.182 10.0.6.1 2 4 2 156 2004-05-27 19:12:41.493 2004-05-27 19:12:43.069 10784 119 24 6 0 0 0 24 0 208.154.200.5 216.226.209.183 68.96.10.174 10.0.6.1 2 4 3 132 2004-05-27 19:12:39.081 2004-05-27 19:12:42.769 10728 60633 24 6 0 0 0 24 0 208.154.200.5 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNSstuff Website
My plan B in those situations is another tech who's still on site :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Robertson Sent: Thursday, May 20, 2004 3:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DNSstuff Website Nick wrote: Scott is on a cruise. No internet. No phone. Ugh. Don't say that. I'm going to Cabo for two weeks next month - first vacation in years - and I am absolutely *praying* that the place we're going is wired up, in case of exactly this kind of scenario. I have a Plan B (int'l cellular modem) but to use it would cost more than the whole vacation if I dare. -- --- Matt Robertson, [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filtering for HELOs that are IP Addresses
I think some folks had some custom rules that did this, but I think they also looked for numbers between dashes, such as 201-34-98-103..xxx Maybe some others can shed a bit more light than I J From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Wednesday, May 19, 2004 9:28 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Filtering for HELOs that are IP Addresses Hello, All, I am considering creating a filter file that looks for HELO strings that are IP addresses. I was going to do something along the lines of the following... # // JunkMail.05.Filter.Helo.IP.txt // # # == Add Points To Total Weight == # # -- Untrusted HELOs # HELOs That Are IP Addresses HELO 100 CONTAINS 0.1 HELO 100 CONTAINS 0.2 HELO 100 CONTAINS 0.3 HELO 100 CONTAINS 0.4 HELO 100 CONTAINS 0.5 HELO 100 CONTAINS 0.6 HELO 100 CONTAINS 0.7 HELO 100 CONTAINS 0.8 HELO 100 CONTAINS 0.9 In here are also HELO 100 CONTAINS [1..8.1..9] HELO 100 CONTAINS 9.1 HELO 100 CONTAINS 9.2 HELO 100 CONTAINS 9.3 HELO 100 CONTAINS 9.4 HELO 100 CONTAINS 9.5 HELO 100 CONTAINS 9.6 HELO 100 CONTAINS 9.7 HELO 100 CONTAINS 9.8 HELO 100 CONTAINS 9.9 Am I correct in my thinking that with this filter that an IP address in the HELO string would NOT add just 100 points to the weight of an e-mail but instead could end up adding up to 300 points because each line would be compared to the HELO string and if that string was 210.10.23.75, for example, it would add 100 points for 0.1 and 0.2 and 3.7? Thanks In Advance, Dan Geiser
RE: [Declude.JunkMail] f-prot
I believe you can also download a trial version for f-prot for Windows, test it out a bit and see how you like it. At least cheap enough to see If you want to spend more :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Tuesday, May 18, 2004 6:08 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] f-prot I has given CDW 458481 for license and then you download the program. Yea, $20 isn't not bad, but I am so cheap, it hurts. Also regards another post about DOS scanner. This command line scanner is for DOS and Win 2000 XP. I checked to make sure it had 32 bit mode. See 2nd paragraph of http://www.networkassociates.com/us/_tier2/products/_media/mcafee/ds_com mand_line_and_unix.pdf John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron J. Caviglia Sent: Tuesday, May 18, 2004 4:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] f-prot Even at 20 bucks its not bad Whats the current part number John? Thanks, Aaron Caviglia On May 18, 2004, at 2:16 PM, Scott Fisher wrote: On March 18, McAfee VirusScan for DOS was CDW part number 458401, and it was $11.00 Of course no one wants to jump through any hoops for $11 (It probably costs more for CDW to process the license paperwork than $11 Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 05/18/04 02:56PM Do you have a CDW product number on this? Called and they took forever to come back with $20+ Thanks, John --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] f-prot
Title: Message I will ditto this. I used the 16 bit trend command line application, and was having trouble keeping up with 15-20k messages a day. I switched to F-prots 32-bit command line scanner and I dont even see it pop up in the task manager it moves so quick. Very big improvement, cant even say I can see a performance difference with it running or not. M From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, May 15, 2004 6:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] f-prot I did some benchmarking a few months ago and F-Prot was faster than everything else, and in many cases 4 times faster or more. You need to make sure that you use the 32-bit executable fpcmd.exe otherwise you will take a performance hit from the 16-bit operation of F-Prot.exe. Matt Jeff Maze wrote: Just was curious, did you happen to notice how much extra overhead was added to the CPU when another virus scanner was added to the system. With only 8000-1 message a day for our server, it's not the newest nor fastest thing out there. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan Sent: Saturday, May 15, 2004 1:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] f-prot Larry: We have used it for years and are very happy with it. Of course since it is cheap I suggest you use the savings and add another scanner to your arsenal. 2 is always better than 1. We use AVG and FProt together. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Larry Craddock Sent: Saturday, May 15, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] f-prot Can anyone tell me how f-prot compares to mcafee or symantec when it comes to keeping their database up with new viruses? That just seems pretty cheap but hey that's exactly what I'm looking for as long as it works well :) thanks, Larry Craddock -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: [Declude.JunkMail] Updating Global.CFG
It is for user SMTP authentication. To bypass relay settings and show you're really a user of the server when sending an email (so you can relay while off the local network) - since you're an authenticated user, you can choose to whitelist any emails from that particular session. Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Thursday, April 15, 2004 10:15 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Updating Global.CFG Hello, I'm also updating my Global.CFG file and noticed something new. What is WHITELIST AUTH? I checked the online manual, but there's nothing listed for it. There's an entry for WHITELIST HABEAS, but not AUTH. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.Virus] Scott, what do you use to generate this report
That is because end users apply programs how they WANT, now how the writer intended hehe... Nice program, thank you for your time investing to help us as well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Sent: Wednesday, April 14, 2004 12:43 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] [Declude.Virus] Scott, what do you use to generate this report I have been using this program for months with no problem but you guys managed to break it in a matter of hours. :) I guess that I should have called it a BETA release! Anyway, that's what I call it now (v1.4B). I have fixed the problems that you have pointed out to me and have added the following: 1) The output file (wamlog.txt) goes in the same folder as the log file. 2) There is a progress counter so you know it is working. If you find any more problems PLEASE let me know. Thanks, Bill The new version is as of 11:40 am CDT 4/14/04. www.wamusa.com/wamtools Hi, I have a utility to do a quick analysis of my decMMDD.log file to discover test effectiveness. If anyone would like to use it, I have it available for free from my website: http://www.wamusa.com/wamtools The program is designed for LOGLEVEL MID but it may work for other levels. My system analyzed this 120Mb decMMDD.log in less than one minute. This is a sample output: Message Recipient Test Name Fail Count %Fail Count % WEIGHT10 116362 96 169684 96 SNIFFER2 114790 94 167322 95 WEIGHT15 112700 93 165299 94 WEIGHT20 108443 89 159758 91 WEIGHTDEL 108443 89 159758 91 SPAMCOP 84740 70 129602 73 SBL 52552 43 53879 30 AHBL 48506 40 57094 32 CBL 46445 38 89827 51 DSBL 39527 32 77743 44 SORBS-DUHL 29673 24 58427 33 REVDNS 28996 23 41544 23 BADHEADERS 27493 22 34922 19 SORBS-SPAM 25119 20 27995 15 NOPOSTMASTER 22488 18 46530 26 NOABUSE 21746 17 42732 24 SPAMHEADERS 19613 16 20587 11 SPAM-DOMAINS 15263 12 33776 19 ROUTING 120419 25060 14 FOREIGN 100988 163309 GIBBERISH90727 99325 DSN84847 137557 SORBS-HTTP65845 124597 SORBS-SOCKS65085 126977 SPFFAIL49544 65273 BLITZEDALL33502 59913 BASE6422521 29561 MAILFROM16841 28411 COMMENTS13281 20561 MYFILTERFAIL11590 17230 WAMO 58506090 MYFILTERPASS 5120 12390 SORBS-MISC 50409230 SORBS-SMTP 4450 11320 OBFUSCATION 36004570 ORDB 31606540 SORBS-WEB 31605140 SORBS-ZOMBIE 28002800 SPFPASS 20802340 BONDEDSENDER 620 620 @LINKED 100 140 HABEAS 40 40 WAMCHECK 10 20 Message Count 120934 175163 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
