Re: [Declude.JunkMail] Beginner configuration?
127.0.0.3 1 0 #= OTHER TESTS == BADHEADERS badheaders x x 8 0 BASE64 base64 x x 4 0 CMDSPACEcmdspacex x 8 0 COMMENTScommentsx x 7 0 HELOBOGUS helovalid x x 4 0 MAILFROMenvfrom x x 12 0 PERCENT percent x x 10 0 REVDNS revdnsexistsx x 4 0 ROUTING spamrouting x x 2 0 SPAMHEADERS spamheaders x x 3 0 SPFFAIL spffail x x 3 0 #SPFPASSspfpass x x -3 0 #BCCbcc 20 x 5 0 NONENGLISH nonenglish x x 3 0 #SUBJECTCHARS subjectchars50 x 0 0 #SUBJECTSPACES subjectspaces 12 x 5 0 #=== FILTERS === #SUBJECTfilter [path]\Filters\Subject.txt x 0 0 #WORD filter [path]\Declude\Filters\Word.txt x 0 0 #= 3RD PARTY = SNIFFER externalnonzero D:\IMail\Sniffer\snfrv2r3.exe xnk05x5vmipeaof7 10 0 #SPAMCHKexternalnonzero [path]\Spamchk\spamchk.exe1 0 #= TRIGGERS == WEIGHT1014 weightrange x x 10 14 WEIGHT1519 weightrange x x 15 19 WEIGHT20weight x x 20 0 As for actions, I am currently holding 10-14, redirecting 15-19, and deleting 20. Now this seemed to work great before, but now that I added a few more DNSBLs, my scores are much higher obviously. I'm curious if this is a BAD thing, or if it just confirms that if a message is on several blacklists, it SHOULD have a high score and be deleted. Thoughts on this? I basically guessed on the weights for the top 9 blacklists that I added manually... Thanks. Joey At 11:34 PM 3/4/2005, you wrote: Evan. It is my understanding that is a global command and is only supported in the global.cfg file. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Evans Martin [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:17 PM Subject: RE: [Declude.JunkMail] Beginner configuration? Does LOOSENSPAMHEADERS ON have to go in the global.cfg? What if I want to do this for one domain but not for others? Is there any way to accomplish this? Thanks, Evans Martin -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 8:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, Declude is very effective when tweaked. Not to mention the default global.cfg ships without all of the RBL's that most of us use (XBL, UCE, MAIL-POLICE, SENDERDB). Also, there are other 3rd patry utilties which are very effective at catching spam like like invURIBL and Message Sniffer. Both of those applications have trial versions. Are you still using the default scale? Since you have been working with your global.cfg you might want to post it to the list for us to look over it and see what you have done so far as to make suggestions. For your clients that you are not in control of I would imagine that you know the ip blocks they come from or the firewall ip that they are behind that. You can whitelist that ip so that them failing the cmdspace will not be a factor. CMDSPACE is very effective but direct connects from clients using outlook will set that off. For SPAMHEADERS I use LOOSENSPAMHEADERS ON this relaxes the spamheaders test so that it does not trigger on missing message ID emails. Hope that helps, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored
Re: [Declude.JunkMail] Beginner configuration?
The SBL-XBL includes the SBL, Blitzedall and the CBL list, so you are double-scoring the CBL list. For the SBL-XBL here are the return codes: SBL = 127.0.0.2 return code CBL = 127.0.0.4 return code BLITZEDALL = 127.0.0.6 return code So either: SBL dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.2 7 0 CBL dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 6 0 BLITZEDALL dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.5 7 0 or BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 SBL ip4rsbl.spamhaus.org* 7 0 - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, March 08, 2005 12:44 PM Subject: Re: [Declude.JunkMail] Beginner configuration? Thanks for all the help everyone. So far so good, users are noticing the improvement. I added sniffer to the arsenal earlier today, and it's amazing how much more it's picking up. VERY VERY few false positives at all in the first four days of my trial with Declude/Sniffer. However, I added a few more DNSBLs that one of you suggested last week. My global.cfg now looks like this: #=ADVANCED OPTIONS = LOOSENSPAMHEADERS ON CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com WHITELISTFROM @trg.com WHITELISTFROM @winnacunnet.k12.nh.us # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ # - SAU IPS - #SAU AND HAMPTON WHITELIST IP 207.228.220. WHITELIST IP 172.21.21. #SEABROOK WHITELIST IP 70.88.195.41 #HFALLS WHITELIST IP 24.128.32.179 #SOHAM WHITELIST IP 69.164.74.209 #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 9 0 XBL(ALL)ip4rsbl-xbl.spamhaus.org127.0.0.4 2 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 4 0 UCEPROTECT-ALL ip4rdnsbl-1.uceprotect.net 127.0.0.2 1 0 SENDERDB-BLACK ip4rpub.senderdb.net127.0.0.2 8 0 SENDERDB-SUSPICIOUS ip4r pub.senderdb.net 127.0.0.4 2 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 7 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com127.0.0.2 8 0 AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0
Re: [Declude.JunkMail] Beginner configuration?
So if I'm double scoring, can't I just remove the SBL, Blitzedall, and CBL lists entirely from my global.cfg? Joey At 02:47 PM 3/8/2005, you wrote: The SBL-XBL includes the SBL, Blitzedall and the CBL list, so you are double-scoring the CBL list. For the SBL-XBL here are the return codes: SBL = 127.0.0.2 return code CBL = 127.0.0.4 return code BLITZEDALL = 127.0.0.6 return code So either: SBL dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.2 7 0 CBL dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 6 0 BLITZEDALL dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.5 7 0 or BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 SBL ip4rsbl.spamhaus.org* 7 0 - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, March 08, 2005 12:44 PM Subject: Re: [Declude.JunkMail] Beginner configuration? Thanks for all the help everyone. So far so good, users are noticing the improvement. I added sniffer to the arsenal earlier today, and it's amazing how much more it's picking up. VERY VERY few false positives at all in the first four days of my trial with Declude/Sniffer. However, I added a few more DNSBLs that one of you suggested last week. My global.cfg now looks like this: #=ADVANCED OPTIONS = LOOSENSPAMHEADERS ON CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com WHITELISTFROM @trg.com WHITELISTFROM @winnacunnet.k12.nh.us # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ # - SAU IPS - #SAU AND HAMPTON WHITELIST IP 207.228.220. WHITELIST IP 172.21.21. #SEABROOK WHITELIST IP 70.88.195.41 #HFALLS WHITELIST IP 24.128.32.179 #SOHAM WHITELIST IP 69.164.74.209 #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 9 0 XBL(ALL)ip4rsbl-xbl.spamhaus.org127.0.0.4 2 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 4 0 UCEPROTECT-ALL ip4rdnsbl-1.uceprotect.net 127.0.0.2 1 0 SENDERDB-BLACK ip4rpub.senderdb.net127.0.0.2 8 0 SENDERDB-SUSPICIOUS ip4r pub.senderdb.net 127.0.0.4 2 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 7 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com127.0.0.2 8 0 AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4r
Re: [Declude.JunkMail] Beginner configuration?
Joey, Declude is very effective when tweaked. Not to mention the default global.cfg ships without all of the RBL's that most of us use (XBL, UCE, MAIL-POLICE, SENDERDB). Also, there are other 3rd patry utilties which are very effective at catching spam like like invURIBL and Message Sniffer. Both of those applications have trial versions. Are you still using the default scale? Since you have been working with your global.cfg you might want to post it to the list for us to look over it and see what you have done so far as to make suggestions. For your clients that you are not in control of I would imagine that you know the ip blocks they come from or the firewall ip that they are behind that. You can whitelist that ip so that them failing the cmdspace will not be a factor. CMDSPACE is very effective but direct connects from clients using outlook will set that off. For SPAMHEADERS I use LOOSENSPAMHEADERS ON this relaxes the spamheaders test so that it does not trigger on missing message ID emails. Hope that helps, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 7 0 #MTLDB ip4rmtldb.declude.com 127.0.0.2 3 0 BONDEDSENDERip4rquery.bondedsender.org 127.0.0.10 -10 0 #ADDITIONAL USED RBL IP4R TESTS #FIVETENSRC ip4rblackholes.five-ten-sg.com 127.0.0.2 2 0 #JAMMDNSBL ip4rdnsbl.jammconsulting.com127.0.0.2 2 0 #= RHBSL TESTS == DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 3 0 #NOABUSErhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 #NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 1 0 #= OTHER TESTS == BADHEADERS badheaders x x 8 0 BASE64 base64 x x 4 0 CMDSPACEcmdspacex x 8 0 COMMENTScommentsx x 7 0 HELOBOGUS helovalid x x 4 0 MAILFROMenvfrom x x 12 0 PERCENT percent x x 10 0 REVDNS revdnsexistsx x 4 0 ROUTING spamrouting x x 2 0 SPAMHEADERS spamheaders x x 3 0 SPFFAIL spffail x x 3 0 SPFPASS spfpass x x -3 0 #BCCbcc 20 x 5 0 NONENGLISH nonenglish x x 0 0 #SUBJECTCHARS subjectchars50 x 0 0 #SUBJECTSPACES subjectspaces 12 x 5 0 #=== FILTERS === #SUBJECTfilter [path]\Filters\Subject.txt x
Re: [Declude.JunkMail] Beginner configuration?
Some stats on how rate their test performances: Marcus: http://www.zcom.it/decludeupdater/spam_stats.htm Sort Monster: http://www.sortmonster.com/MDLP/ Mine: http://it.farmprogress.com/declude/declude.htm Andrew posted a filter that removes quite a few false positives for CMDSPACE: http://www.mail-archive.com/declude.junkmail@declude.com/msg23396.html I think you'd be best off adding some content checking. Either invuribl or Message Sniffer. - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 7:13 AM Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Joey, If you go here http://declude.mydomain.com/ (where mydomain.com is the domain I use in my from address) you can see the part of our Declude JunkMail Config which we make public. Thanks, Dan - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:13 AM Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Joey, A couple of thoughts. 1.) Look at adding a content test like invURIBL or Message Sniffer. Both have trials. 2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers can easily setup SPF records. 3.) Add a few of the other RBL style tests. make sure you adjust the weight for your system and add the corresponding entries in the $default$.junkmail file. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 12 0 XBL(ALL) ip4r sbl-xbl.spamhaus.org 127.0.0.4 4 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 6 0 UCEPROTECT-ALL ip4r dnsbl-1.uceprotect.net 127.0.0.2 2 0 SENDERDB-BLACK ip4r pub.senderdb.net 127.0.0.2 10 0 SENDERDB-SUSPICIOUS ip4r pub.senderdb.net 127.0.0.4 4 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com 127.0.0.2 10 0 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 7 0 #MTLDB ip4rmtldb.declude.com 127.0.0.2 3 0 BONDEDSENDERip4rquery.bondedsender.org 127.0.0.10 -10 0 #ADDITIONAL USED RBL IP4R TESTS #FIVETENSRC ip4rblackholes.five-ten-sg.com 127.0.0.2 2 0 #JAMMDNSBL ip4rdnsbl.jammconsulting.com127.0.0.2 2 0 #= RHBSL TESTS == DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 3 0 #NOABUSErhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 #NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 1 0 #= OTHER TESTS ==
Re: [Declude.JunkMail] Beginner configuration?
Thanks Dan, Is it generally frowned upon to use another company's spam setup, like yours? My feelings are that I'm not very experienced with this and you seem to have a very nice setup. I know I'd have to change a few things to reflect our system, but it would take me years to learn enough about spam and mail servers to setup something like that. Mail is only a fraction of what I do here...I need as much a plug and play system as I can :) Thanks. Joey At 10:29 AM 3/4/2005, you wrote: Joey, If you go here http://declude.mydomain.com/ (where mydomain.com is the domain I use in my from address) you can see the part of our Declude JunkMail Config which we make public. Thanks, Dan - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:13 AM Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beginner configuration?
Chipping in my two cents, I'd say you've received excellent advice for tuning Declude so far. As a busy sysadmin myself, I'll add some less specific advice from the field. Hopefully others will see fit to add their observations. Go with the weighted system. You're busy, but resist the urge to go for need a bigger hammer solutions. The worst thing you can do is create a filter or ramp up the weight for a specific blacklist, or make a DELETE action on a single test. Living with some spam is better than spending all of your time fighting it and fishing false positives out of your spam folder. Start with Declude 2.x, the organization of the log file makes it far more readable than previous versions. Your users will call you about missing mail (false positives). Get specific information from them about who sent it to whom and when. Write down your procedure for finding these missing emails and how to re-queue them. grep is your friend. Use find.exe if you're more comfortable, but if you have large logs or a slow computer, you'll love using grep instead. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joey Proulx Sent: Friday, March 04, 2005 5:14 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beginner configuration?
You mention that he should adjust for the weight of his system, but you do not let him know what weighting system you are using. Can you expand on that? I.e. Hold at 10, Delete at 20 Thanks. John Olden Systems Administrator Champaign Park District -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 9:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, A couple of thoughts. 1.) Look at adding a content test like invURIBL or Message Sniffer. Both have trials. 2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers can easily setup SPF records. 3.) Add a few of the other RBL style tests. make sure you adjust the weight for your system and add the corresponding entries in the $default$.junkmail file. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 12 0 XBL(ALL)ip4rsbl-xbl.spamhaus.org127.0.0.4 4 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 6 0 UCEPROTECT-ALL ip4rdnsbl-1.uceprotect.net 127.0.0.2 2 0 SENDERDB-BLACK ip4rpub.senderdb.net127.0.0.2 10 0 SENDERDB-SUSPICIOUS ip4rpub.senderdb.net127.0.0.4 4 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUDrhsbl fraud.rhs.mailpolice.com127.0.0.2 10 0 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 7 0 #MTLDB ip4rmtldb.declude.com 127.0.0.2 3 0
RE: [Declude.JunkMail] Beginner configuration?
I found yesterday that MAILPOLICE Bulk and Porn have been combined into Block (although there may be legitimate reasons to do separate lookups.) http://rhs.mailpolice.com/usage.php One page says fraud is in there too, but they are not consistent with that. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 9:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, A couple of thoughts. [un-needed content cut out] MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUDrhsbl fraud.rhs.mailpolice.com127.0.0.2 10 0 Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Sorry about that. Subject Tag 12 Hold 20 Delete 30+ Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. John Olden writes: You mention that he should adjust for the weight of his system, but you do not let him know what weighting system you are using. Can you expand on that? I.e. Hold at 10, Delete at 20 Thanks. John Olden Systems Administrator Champaign Park District -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 9:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, A couple of thoughts. 1.) Look at adding a content test like invURIBL or Message Sniffer. Both have trials. 2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers can easily setup SPF records. 3.) Add a few of the other RBL style tests. make sure you adjust the weight for your system and add the corresponding entries in the $default$.junkmail file. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 12 0 XBL(ALL) ip4r sbl-xbl.spamhaus.org 127.0.0.4 4 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 6 0 UCEPROTECT-ALL ip4r dnsbl-1.uceprotect.net 127.0.0.2 2 0 SENDERDB-BLACK ip4r pub.senderdb.net 127.0.0.2 10 0 SENDERDB-SUSPICIOUS ip4r pub.senderdb.net 127.0.0.4 4 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com 127.0.0.2 10 0 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net
RE: [Declude.JunkMail] Beginner configuration?
Does LOOSENSPAMHEADERS ON have to go in the global.cfg? What if I want to do this for one domain but not for others? Is there any way to accomplish this? Thanks, Evans Martin -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 8:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, Declude is very effective when tweaked. Not to mention the default global.cfg ships without all of the RBL's that most of us use (XBL, UCE, MAIL-POLICE, SENDERDB). Also, there are other 3rd patry utilties which are very effective at catching spam like like invURIBL and Message Sniffer. Both of those applications have trial versions. Are you still using the default scale? Since you have been working with your global.cfg you might want to post it to the list for us to look over it and see what you have done so far as to make suggestions. For your clients that you are not in control of I would imagine that you know the ip blocks they come from or the firewall ip that they are behind that. You can whitelist that ip so that them failing the cmdspace will not be a factor. CMDSPACE is very effective but direct connects from clients using outlook will set that off. For SPAMHEADERS I use LOOSENSPAMHEADERS ON this relaxes the spamheaders test so that it does not trigger on missing message ID emails. Hope that helps, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Evan. It is my understanding that is a global command and is only supported in the global.cfg file. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Evans Martin [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:17 PM Subject: RE: [Declude.JunkMail] Beginner configuration? Does LOOSENSPAMHEADERS ON have to go in the global.cfg? What if I want to do this for one domain but not for others? Is there any way to accomplish this? Thanks, Evans Martin -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 8:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, Declude is very effective when tweaked. Not to mention the default global.cfg ships without all of the RBL's that most of us use (XBL, UCE, MAIL-POLICE, SENDERDB). Also, there are other 3rd patry utilties which are very effective at catching spam like like invURIBL and Message Sniffer. Both of those applications have trial versions. Are you still using the default scale? Since you have been working with your global.cfg you might want to post it to the list for us to look over it and see what you have done so far as to make suggestions. For your clients that you are not in control of I would imagine that you know the ip blocks they come from or the firewall ip that they are behind that. You can whitelist that ip so that them failing the cmdspace will not be a factor. CMDSPACE is very effective but direct connects from clients using outlook will set that off. For SPAMHEADERS I use LOOSENSPAMHEADERS ON this relaxes the spamheaders test so that it does not trigger on missing message ID emails. Hope that helps, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type