[Declude.JunkMail] weighting domains
Some of our users are getting a lot of spam from various domains that all have this in the beginning: csh Like: csh.dbfm.org [65.249.245.172] csh.mdcg.net [65.249.245.159] csh.jtdz.org [65.249.245.150] csh.xmdc.org [65.249.245.168] csh.kvyh.com [65.249.245.204] I have the Pro versions of every Declude product. How would I go about adding some weight to emails from this domain? - Should I somehow use the csh. property or the first three parts of the IP address 65.249.245.? Thanks --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weighting domains
Hi Kevin Lots you could do - to wack this guy you could have a filter that that said REMOTEIP END NOTCONTAINS 65.249.245. REVDNS 0 CONTAINS csh. I am not sure if REMOTEIP or REVDNS or MAILFROM is appropriate but you get the idea.. In addition you could have an ipfile that you could list these particular ip's... -Nick Kevin Rogers wrote: Some of our users are getting a lot of spam from various domains that all have this in the beginning: csh Like: csh.dbfm.org [65.249.245.172] csh.mdcg.net [65.249.245.159] csh.jtdz.org [65.249.245.150] csh.xmdc.org [65.249.245.168] csh.kvyh.com [65.249.245.204] I have the Pro versions of every Declude product. How would I go about adding some weight to emails from this domain? - Should I somehow use the csh. property or the first three parts of the IP address 65.249.245.? Thanks --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weighting domains
If you are doing basic filtering, with dns based blacklists, and content filter, body and subject, then you could simply add points to this IP address, enough to reach the hold weight: #ipbl.txt is our list of ips that we penalize, not fully block ipbl.txt #contents of ipbl.txt 65.249.245.0/24 #default.junkmail contents - add this line: ipbl warn #global.cfg contents - add this line near the bottom of your cfg file IPBL ipfile E:\IMail\Declude\ipbl.txt x 12 0 of course change the paths to your liking. the idea here is to score the matches in the ipbl file with a weight that nearly equals your hold weight. Thus, another hit from a dns blacklist or keywords found in a subject/body scan will provide the extra hit needed to hold the email. This will nearly eliminate false positives, just in case there is a good guy on that ip range. Hope this helps! Travis - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, December 01, 2005 10:27 AM Subject: Re: [Declude.JunkMail] weighting domains Hi Kevin Lots you could do - to wack this guy you could have a filter that that said REMOTEIP END NOTCONTAINS 65.249.245. REVDNS 0 CONTAINS csh. I am not sure if REMOTEIP or REVDNS or MAILFROM is appropriate but you get the idea.. In addition you could have an ipfile that you could list these particular ip's... -Nick Kevin Rogers wrote: Some of our users are getting a lot of spam from various domains that all have this in the beginning: csh Like: csh.dbfm.org [65.249.245.172] csh.mdcg.net [65.249.245.159] csh.jtdz.org [65.249.245.150] csh.xmdc.org [65.249.245.168] csh.kvyh.com [65.249.245.204] I have the Pro versions of every Declude product. How would I go about adding some weight to emails from this domain? - Should I somehow use the csh. property or the first three parts of the IP address 65.249.245.? Thanks --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weighting domains
Kevin, I would suggest you look to add a URI filtering product like out invURIBL. All of these domains are listed on SURBL/URIBL. URI filtering is very effective at capturing these patterns well before these hosts get listed in traditional RBL's. Example: Non-authoritative answer: Name:dbfm.org.multi.surbl.org Address: 127.0.0.68 Non-authoritative answer: Name:dbfm.org.multi.uribl.com Address: 127.0.0.2 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers writes: Some of our users are getting a lot of spam from various domains that all have this in the beginning: csh Like: csh.dbfm.org [65.249.245.172] csh.mdcg.net [65.249.245.159] csh.jtdz.org [65.249.245.150] csh.xmdc.org [65.249.245.168] csh.kvyh.com [65.249.245.204] I have the Pro versions of every Declude product. How would I go about adding some weight to emails from this domain? - Should I somehow use the csh. property or the first three parts of the IP address 65.249.245.? Thanks --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weighting domains
I would suggest you look to add a URI filtering product like out invURIBL. David of Declude - Will this feature be available in a future release? Thanks -Nick All of these domains are listed on SURBL/URIBL. URI filtering is very effective at capturing these patterns well before these hosts get listed in traditional RBL's. Example: Non-authoritative answer: Name:dbfm.org.multi.surbl.org Address: 127.0.0.68 Non-authoritative answer: Name:dbfm.org.multi.uribl.com Address: 127.0.0.2 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers writes: Some of our users are getting a lot of spam from various domains that all have this in the beginning: csh Like: csh.dbfm.org [65.249.245.172] csh.mdcg.net [65.249.245.159] csh.jtdz.org [65.249.245.150] csh.xmdc.org [65.249.245.168] csh.kvyh.com [65.249.245.204] I have the Pro versions of every Declude product. How would I go about adding some weight to emails from this domain? - Should I somehow use the csh. property or the first three parts of the IP address 65.249.245.? Thanks --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] weighting domains
Nick, It is an item for the development schedule, but not likely in a near future release, as currently the functionality is available using invURIBL. David B www.declude -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Thursday, December 01, 2005 1:55 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] weighting domains I would suggest you look to add a URI filtering product like out invURIBL. David of Declude - Will this feature be available in a future release? Thanks -Nick All of these domains are listed on SURBL/URIBL. URI filtering is very effective at capturing these patterns well before these hosts get listed in traditional RBL's. Example: Non-authoritative answer: Name:dbfm.org.multi.surbl.org Address: 127.0.0.68 Non-authoritative answer: Name:dbfm.org.multi.uribl.com Address: 127.0.0.2 Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers writes: Some of our users are getting a lot of spam from various domains that all have this in the beginning: csh Like: csh.dbfm.org [65.249.245.172] csh.mdcg.net [65.249.245.159] csh.jtdz.org [65.249.245.150] csh.xmdc.org [65.249.245.168] csh.kvyh.com [65.249.245.204] I have the Pro versions of every Declude product. How would I go about adding some weight to emails from this domain? - Should I somehow use the csh. property or the first three parts of the IP address 65.249.245.? Thanks --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weighting domains
David Barker wrote: Nick, It is an item for the development schedule, but not likely in a near future release, as currently the functionality is available using invURIBL. Gotcha. No biggie - I was just wondering.. Thanks! -Nick David B www.declude -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick Hayer Sent: Thursday, December 01, 2005 1:55 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] weighting domains I would suggest you look to add a URI filtering product like out invURIBL. David of Declude - Will this feature be available in a future release? Thanks -Nick All of these domains are listed on SURBL/URIBL. URI filtering is very effective at capturing these patterns well before these hosts get listed in traditional RBL's. Example: Non-authoritative answer: Name:dbfm.org.multi.surbl.org Address: 127.0.0.68 Non-authoritative answer: Name:dbfm.org.multi.uribl.com Address: 127.0.0.2 Darrell -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers writes: Some of our users are getting a lot of spam from various domains that all have this in the beginning: csh Like: csh.dbfm.org [65.249.245.172] csh.mdcg.net [65.249.245.159] csh.jtdz.org [65.249.245.150] csh.xmdc.org [65.249.245.168] csh.kvyh.com [65.249.245.204] I have the Pro versions of every Declude product. How would I go about adding some weight to emails from this domain? - Should I somehow use the csh. property or the first three parts of the IP address 65.249.245.? Thanks --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.