On 8/5/2011 11:13 AM, Ferrell Ard wrote:
Hi David
Â
I just upgraded from 4.10.72 to
4.10.78 and noticed a build-up of files in the
/IMail/Declude/SNF directory with
names
Which virus scanner/s are you running ?
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 x 7007 office
978.988.1311 fax
[EMAIL PROTECTED]
-declude -dnsstuff
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferrell
Ard
Sent:
Are you running the Declude AVG or other virus scanner and you are
getting leakage?
Or do you not have any anti-virus running?
John
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Ferrell Ard
Sent: Tuesday, August 19, 2008 11:06 AM
To:
.
Ferrell
- Original Message -
From: John Doyle
To: declude.junkmail@declude.com
Sent: Tuesday, August 19, 2008 4:05 PM
Subject: RE: [Declude.JunkMail] Question about Declude
Are you running the Declude AVG or other virus scanner and you are getting
leakage?
Or do you not have
From: Ferrell Ard [EMAIL PROTECTED]
Sent: Tuesday, August 19, 2008 8:44 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Question about Declude
We have Declude AVG (sure hope I have it configured
correctly).
We also have Symantec
if it does not already exist.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry
vanderzand
Sent: Tuesday, April 29, 2008 4:32 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail
30, 2008 10:47 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Question on mailbox action...
I am not trying to re route the messages. What I want to do is place the
email in a spam folder for each user if the message exceeds a certain
weight. The mailbox action in declude
The answer to your question is yes, the mailbox is created automatically.
We use it all the time.
Ben
- Original Message -
From: Chuck Schick [EMAIL PROTECTED]
To: declude.junkmail@declude.com
Sent: Wednesday, April 30, 2008 7:47 AM
Subject: RE: [Declude.JunkMail] Question on mailbox
Chuck
I recall for that for Declude to move the message to a spam folder for
the user based on weight,
You need to use the declude MAILBOX action. So something like
WEIGHT20 MAILBOX Spam, as you have
below. (this may only work for Imail?)
However, I think you need to, for each domain, check the
It the mail box is [EMAIL PROTECTED]
And you say ROUTETO [EMAIL PROTECTED] THEN THE FOLDER SPAM GETS CREATED
AUTOMATICLY
Harry Vanderzand
NEW ADDRESS Effective Jan 24, 2008
Intown Internet
117 Ruskview Road
Kitchener, ON, N2M 4S1
519-741-1222
-Original Message-
From: [EMAIL PROTECTED]
I believe it starts immediately following the first double CFLF. I'm
not sure if the STARTSWITH filter for BODY is tweaked in any way, but if
it is it only ignores CRLF's and not other characters.
Matt
Kevin Bilbee wrote:
I have a problem I have been trying to solve. When a contains
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Question about filtering
I believe it starts immediately following the first double CFLF. I'm
not sure if the STARTSWITH filter for BODY is tweaked in any way, but if
it is it only ignores CRLF's and not other characters.
Matt
Kevin
I thought it replaced CRLF's with a space.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Monday, December 12, 2005 3:36 PM
Subject: Re: [Declude.JunkMail] Question about filtering
I believe it starts immediately following the first double
@declude.com
Subject: Re: [Declude.JunkMail] Question about filtering
I thought it replaced CRLF's with a space.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Monday, December 12, 2005 3:36 PM
Subject: Re: [Declude.JunkMail] Question about
PROTECTED]]On Behalf Of Matt
Sent: Monday, December 12, 2005 1:37 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Question about filtering
I believe it starts immediately following the first double CFLF. I'm
not sure if the STARTSWITH filter for BODY is tweaked in any way,
, December 12, 2005 4:43 PMTo:
Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail]
Question about filteringLet's clarify a couple of things
that might have been confused here.The original question was asking
where the BODY begins. That is what my response was
addressing.When
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matt
Sent: Monday, December 12, 2005 4:43 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Question about filtering
Let's clarify a couple of things that might have been confused here
Use SKIPIP
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Mark E. Smith
Sent: Saturday, June 25, 2005 3:02 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] Question about load balancers and
SKIPIP = new setting in Declude?
Sorry... Been off the list for a while.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Tolmachoff (Lists)
Sent: Saturday, June 25, 2005 6:52 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail
OOPS!
IPBYPASS
John T
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Mark E. Smith
Sent: Saturday, June 25, 2005 4:45 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Question about load
Does Declude/IMAIL care about the IP address that's making the
connection?
In other words, does it use that IP address for its tests? If
so, will HOP=1 fix this?
I have never used a Foundry Load Balancer so my response may be way off. I
am assuming it is not functioning as a MTA, but is
I have never used a Foundry Load Balancer so my response may
be way off. I am assuming it is not functioning as a MTA, but
is simply rewriting the source IP portion of packets.
Correct but it only does this at the IP level, not at the SMTP protocol
level.
In other words, Windows IP gets the
Could it be the NOLEGITCONTENT test?
- Original Message -
From: Imail Admin [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Tuesday, March 01, 2005 3:33 PM
Subject: [Declude.JunkMail] question on calculating weights
Hi All,
Hope you don't mind another simple question...
I have
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Katie
LaSalle-Lowery
Sent: Monday, December 13, 2004 10:57 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Hi Chris,
I suspect that you'll find that many of the Declude users are this list
Chris,
Sniffer will catch ~96% of all spam with 99.8% accuracy (on my system at
least). While building redundancies is important in any system, it is
the single most effective tool that is available to Declude users, and
it fulfills a large part of the content filtering that you have been
It looks like it scores pretty well...
http://www2.spamchk.com/public.html
Yes I can confirm this. (The results you can see on the link above are
results on my Mailserver)
I can highly recommend Messagesniffer because the rules are always up to
date (2 - 4 each day) and as you can see
Do you have to configure a service with FireDaemon to check every hour or
does it do it automatically by itself?
At 01:07 PM 12/13/2004, you wrote:
Hi,
It's highly recommended. I accounts for 70% of my hold weight and it is
very much on target with very few false positives.
Rules are updated in
I've never heard of it.
- Original Message -
From: Chris Ulrich [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 13, 2004 12:45 PM
Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Is anyone using this product as part of their filtering?
It looks like it scores pretty well...
http://www2.spamchk.com/public.html
That said, and I'm embarrassed to ask two questions in one day, but what
experiences have people had with
SpamChk as well? Are people running the stable version (dated 7/29/03)
or the beta (dated 1/31/04)
Doesn't seen
Ulrich
Sent: Monday, December 13, 2004 10:03 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
It looks like it scores pretty well...
http://www2.spamchk.com/public.html
That said, and I'm embarrassed to ask two questions in one day, but what
Hi,
It's highly recommended. I accounts for 70% of my hold weight and it is
very much on target with very few false positives.
Rules are updated in a rules file and I check for updates hourly.
It has really helped with dealing with new outbreaks of SPAM before the
Ips are on various
Hi Chris,
I suspect that you'll find that many of the Declude users are this list are
also using MessageSniffer. We only recently began using it and can tell you
that we saw a dramatic increase in spam catches when we did so.
If you look in your global.cfg file, you'll see there is already a
] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Chris Ulrich
Sent: Monday, December 13, 2004 11:17 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Do you have to configure a service with FireDaemon to check every hour or
does it do
Hello Markus,
Tuesday, November 9, 2004, 10:31:27 AM, you wrote:
MG I've to set up Imail/Declude on a Dell Poweredge 1750 with Dual 3 GHz Xeon
MG CPUs and 4 Ethernet Ports.
MG 2 x Intel NICs
MG 2 x Broadcom NetXtreme Gbit NICs
MG Now I have two questions:
MG 1.) Anyone has had the known
Absolutely put your spool on it's own partition and have Declude and any
other related application log to that partition. Both the IMail and
Declude logs cause an unbelievable amount of fragmentation, and if you
put these on your system partition, you will quickly diminish your
system's
I use the same systems for my two Imail/Declude mail gateways
Don't use the Broadcomm Nics! They will intermittently quit working!
Like Dan said, install Imail on the D drive, there is more than enough disk
space and horse power to deal with the other things you want to do.
Each of mine get
MG 1.) Anyone has had the known Imail-NIC problems with this
Ethernet ports?
Yep.
And your solution? Installing another NIC card (3Com) beside the other four
existing ethernet ports?
Don't do that. Create 2 more partitions with the rest of your
69G. One for Imail program files and one
1.) Anyone has had the known Imail-NIC problems with this
Ethernet ports?
We have 4 1750's using adapter teaming without any problem.
Although I've never heard of an application level issue with a NIC (in
WinNT+)
2.) The system is preconfigured with Win2003 Server on 2 x 80
GB RAID 1 SCSI
Disks generally maintain throughput in 20 GB chunks these days, which
leaves you with plenty of wiggle room. When creating partitions, the
system obviously goes first, then followed by your IMail Users and then
your Spool. The other partitions on your system shouldn't be accessed
with any
, November 02, 2004 1:43 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Question about Filters
After reviewing my Debug log, I found that the FromFiles are run first.
Obviously, most email is spoofed and therefore will not show up,
however, does Declude actually check fromfile for the mailfrom
Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson
Sent: Wednesday, November 03, 2004 2:38 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Question about Filters
Scott
Is there any size limitation (# of entries per file) imposed on
fromfiles or the number or fromfiles you can have listed in the
Global.cfg?
No.
Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles?
No.
-Scott
---
Declude JunkMail:
.
- Original Message -
From: Keith Johnson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 03, 2004 2:30 PM
Subject: RE: [Declude.JunkMail] Question about Filters
Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles?
-Original Message-
From: [EMAIL PROTECTED
After reviewing my Debug log, I found that the FromFiles are run first.
Obviously, most email is spoofed and therefore will not show up,
however, does Declude actually check fromfile for the mailfrom line or
what it shows up as the X-Declude-Sender line?
Both. The X-Declude-Sender: header
Title: Message
I
think this will do
Thank you all
Alex
V
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Scott FisherSent: Friday, October 15, 2004 1:33
PMTo: [EMAIL PROTECTED]Subject: Re:
[Declude.JunkMail] Question
You could
On 15 Oct 2004 at 12:49, Alejandro Valenzuela wrote:
Alex -
I would like to have a test
that checks if a message has been found on 3 or more black lists
Then if that is the case, assign more points to it...
Is this posible ??
Well I do not know how to count the number of failed tests but
The list gets 4-12 messages a day, sometimes goes a couple
of days with nothing.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Melissa
SheldonSent: Thursday, October 07, 2004 1:50 PMTo:
[EMAIL PROTECTED]Subject: [Declude.JunkMail]
Question
Hi,
I
This would be why she's not seeing
anything...LOL
Darin.
-
Content violation found in email message.From: [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject:
Re: [Declude.JunkMail] QuestionMatching Subject: *junk*
-
- Original
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, September 19, 2004 9:42 AM
Subject: Re: [Declude.JunkMail] Question about END operation
I ran into an unexpected behavior with END statements that I could use
some clarification on if you don't mind. Could you tell me which one
and Scott Fisher)
Andrew 8)
-Original Message-
From: Scott Fisher [mailto:[EMAIL PROTECTED]
Sent: Monday, September 20, 2004 7:17 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Question about END operation
Now that we've had two people wanting END to End with weight
I ran into an unexpected behavior with END statements that I could use
some clarification on if you don't mind. Could you tell me which one of
the following is the intended behavior:
* When an END condition is matched, the processing of the file will
stop and the current score of the
Thanks.
Matt
R. Scott Perry wrote:
I ran into an unexpected behavior with END statements that I could
use some clarification on if you don't mind. Could you tell me which
one of the following is the intended behavior:
* When an END condition is matched, the processing of the file
will
Matt, I believe it is #2, as the
intended function is to end the test. This is in conjunction with the various
body filters in use, such as GIBBERISH and so forth.
FYI, thats it for me today. Have
the rest of a good weekend.
John Tolmachoff
Engineer/Consultant/Owner
eServices
DANGER WILL ROBINSON!
Scott, that might not be good newbie advice to implement that config,
but thanks for the credit :)
I think what Matt should probably look first at what would be how to
configure the tests to do lookups from the same domain for all three
tests in order to be a tad bit
SBLl is a subset of SBL-XBL
sbl-xbl return code 127.0.0.2 = SBL
sbl-xbl return-code 127.0.0.6 = XBL from Blitzed-all
sbl-xbl return-code 127.0.0.4 = XBL from CBL
The blitzedall + CBL are referred to as the XBL
I use some of the ideas laid out by Matt with his configuration. He posted it in early
Matt,
Check this out http://www.spamhaus.org/xbl/index.lasso
The sbl-xbl.spamhaus.org is a combination of both the sbl.spamhaus.org data and
xbl.spamhaus.org data
You are checking some of the same data twice.
Stu
At 02:55 PM 07/06/2004 -0400, you wrote:
Hello All,
I am new to
But Imail doesn't understand port 587 Or does it? I can't find a thing
on their kbase about it.
-d
What I do think would work much better in the near term would be for
every mail server to support and require SMTP AUTH through port 587 as
proposed, and then have every ISP out there block
This brings up a good point, if I client is located in another part of the
US and we have no way to know what IP Address they might be using. How can
this be setup? For example, our server has around 16 IP's, 12.177.8.48 to
12.177.8.63, but we have clients that will not be connected within this
:44 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Question on SPF Setup. Was under You
**May** etc **May** etc
This brings up a good point, if I client is located in another part of the
US and we have no way to know what IP Address they might be using. How can
this be setup
If someone sends an email and it shows up on our server as a 64. address.
What about when the message is delivered to someone at AOL? Will it also
see the 64. address, therefore fail the SPF test on their end also?
No. AOL will only see the IP address of your server, and use that for
Sorry to butt in on this one...Yes, SPF would fail on other systems as
well in that situation.
If the client connects directly to AOL, SPF would fail. But if it is sent
through the mailserver, it should not fail.
As far as I can tell, SPF-PASS is not useful because there is nothing
stopping
R. Scott Perry wrote:
In this case, what you should do is use v=spf1 mx ?all. That says
If the E-mail is coming from an IP in our MX record, we authorize
it. If it is coming from any other IP, we can't say whether or not it
is legitimate -- treat it the same as if we have no SPF record.
In
: Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 30, 2004 11:24 AM
Subject: Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May**
etc **May** etc
Grant Griffith - Declude JM wrote:
If someone sends an email and it shows up on our server as a 64. address.
What about
The text filters check on BODY or SUBJECT,
What about the text on the HEADERS ??
Yes, the filters work fine on headers, such as:
HEADERS 5 CONTAINS EvilWord
Also, how can I put wildcards on filters ??
You cannot, but you can do things such as:
HEADERS 5 STARTSWITH EvilWord
to catch EvilWord*.
I'm finding this difficult to test and thought that I would ask it
instead. I've found some heavy obfuscation in some Nigerian stuff that
has be scratching my head about how to filter it. One such messages
contains the following:
THE OWNER OF THIS ACCOUNT LATE MR.DENNIS BR=
OWN ,HE DIED
Thanks.
. I'm sure it goes without saying that MIME decoding would be a nice
addition whenever that pops to the top of your to-do list. This one
message was clearly obfuscated using that technique, and the sender was
careful to find a free mail provider that would send quoted-printable
Scott,
The idea behind DUL-COMBO is that a dynamic/residential IP is a
dynamic/residential IP, so it doesn't make sense to variably score the
IP based on how many DUL tests it hits. What I did was test something
like 9 different DUL tests and I excluded the ones that had false
positives,
I seem to be having issues trying to filter subject or body lines for the
= symbol.
In my wordfilter file, there is a line such as:
BODY 8 CONTAINS style=font-size:1p
I'm not aware of any problems using the = sign in filters. I believe the
only restricted characters are the % sign (which are
We are running Pro, v1.78.
There are lines after this one (the = line rules are in the middle of a hundred or
so rules).
Let me run a manual test and see what happens.I may be taking a tech's word on
something that I should have checked firsthand
Thanks
Stan Lyzak
BSEE, CISSP,
Nevermind...sorry for the wasted bandwidth. It works like it should (why did I doubt
your app Scott?).
Now pardon me, I have a tech to strangle.
;)
Stan Lyzak
BSEE, CISSP, MCSE², CCNA, Security+, A+
Network Security Engineer
ASysTech, Inc.
-Original Message-
From: [EMAIL
The first message's source is well listed and should have been tagged
better if your tests were in the default configuration, and many would
probably have thrown every more at it.
http://www.dnsstuff.com/tools/ip4r.ch?ip=205.138.96.41
The second E-mail looks to be severely munged and has no
: [Declude.JunkMail] Question about MAILBOX action.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January 31, 2004 9:14 AM
Subject: Re: [Declude.JunkMail] Question about MAILBOX action.
Received: from SMTP32-FWD by joshie.com
(SMTP32) id A047C0052
Since that change I've noticed that spam (like the attached) that is to
[EMAIL PROTECTED] can end up in my inbox (I have jlevitsk as an alias to root
on the server) rather than it going in to my JunkMail folder.
Received: from SMTP32-FWD by joshie.com
(SMTP32) id A047C0052; Fri, 30 Jan 2004
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January 31, 2004 9:14 AM
Subject: Re: [Declude.JunkMail] Question about MAILBOX action.
Received: from SMTP32-FWD by joshie.com
(SMTP32) id A047C0052; Fri, 30 Jan 2004 20:31:00
Hey Josh,
MAILBOX follows the alias to the final destination. I believe that
IMail writes this to the Q* file when the E-mail is received. It would
not be a good idea to have it only work with the To address because
these things don't always point to real accounts (think nobody alias
and the
Is anyone getting on either of these lists getting slammed with
mailto:[EMAIL PROTECTED][EMAIL PROTECTED] virus?
Our customers are seeing Swen account for about 10% of the viruses
(excluding vulnerabilities).
Out Symantec AV is set to email the administrator warnings.
Reading through the
thought I'd mention itso people can check themselves if they so desire.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, January 26, 2004 11:02 AM
Subject: Re: [Declude.JunkMail] Question / interesting occurence
That would be an excellent combination. Much as SPAMCOP plus
SBL would be a very, very good combination. And SPAMCOP plus
SBL plus [insert favorite DYNA/DUL test] would be practically perfect.
I dont know if it was already suggested but as I can immagine it should be
easy to implement
I understand your position, but then whitelist AOL.
How can I do this?
I've the same problem now for over 5 months here on our server.
Telecom is one of the largest italian ISP I know about. As we and most of
our customers are from Italy we receive a lot of legit messages from their
mail
, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 16, 2004 9:40 AM
Subject: RE: [Declude.JunkMail] Question about Some Spam Tests
: Friday, January 16, 2004 9:40 AM
Subject: RE: [Declude.JunkMail] Question about Some Spam Tests
I understand your position, but then whitelist AOL.
How can I do this?
I've the same problem now for over 5 months here on our server.
Telecom is one of the largest italian ISP I know about. As we
Hi,
I don't use FiveTen. Here my one-day results with the same AHBL tests that
you were looking at (you notice that some don't get hits every day).
AHBLDOMAINS...1791.48%
AHBLEXEMPT1751.45%
AHBLPROXIES...7266.01%
I was thinking about this whole FP thing and was wondering... can you make
like...
BYPASSip4r PTRmail.aol.com
BYPASSip4r IP 64.81.214.12/24
BYPASSfilter PTR whatever.com
Something like the above that will make the ip4r tests not apply to a
I'd recommend all of them but FIVETEN-MULTISTAGE. Always start with a very
low weight, like 1. Then evaluate them in your own environment; my results
may be interesting, but it's yours that you care about.
I also recommend AHBL-EXEMPTIONS as a whitelisting test, e.g.
AHBL-GOOD ip4r
Andrew,
This is also particularly hurtful when a zombie sends E-mail through one
of these servers. I almost never see SpamCop blocking big ISP mail
servers, but I see zombies relaying through ISP mail servers every day.
This would actually be a good candidate for a combination test. You
become more sensitive to content inspection as well as
similar listing by other providers' DNS based tests.
YMM,
Andrew.
-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 15, 2004 3:52 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Question about
Yes, that would be a bad thing. I expect SpamCop to have higher
standards than SPEWS.
If a test is 99.99% reliable, it's probably safe to hold on or at least
score high. If a test is 99% reliable, it's only safe to give a few
points to, unless FP's have a high correlation with other tests, in
PROTECTED]
Subject: Re: [Declude.JunkMail] Question about Some Spam Tests
Andrew,
This is also particularly hurtful when a zombie sends E-mail through one
of these servers. I almost never see SpamCop blocking big ISP mail
servers, but I see zombies relaying through ISP mail servers every day
Andy Schmidt wrote:
Let's keep in mind, that Spamcop is percentage based. So - a few bad apples
will not spoil the huge volume of "good" mail that AOL will see. There is a
chance that the system is self-correcting.
That's not at all the case. SpamCop is currently listing the one of
Title: Message
Hm:
"In the past 772.9 days, it has been listed 19 times for a
total of 3.1 days"
Sound's like it works as designed - because of the volume of legit mail,
it is only listed for a few hours each time. A total of THREE days out of
roughly 800?
Again
- why not use a weighting
Does ALLOWADDR supports a partial match? Like ALLOWADDR @example.com?
No, it requires an exact match.
Any chance that you could increase the 20 ALLOWADDR limit? I've already
20 and I'm going to need more. I've many customers that have valid
reasons to send mail to hundreds of destinations,
I have used spamchk (an add on for declude) www.spamchk.com and its pretty
good at catching such emails, as long as the filters are configured
correctly.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha
Sent: Monday, October 06, 2003 3:15
I guess I might add more weight to SAL, maybe reduce the negative weight of
IPNOTINMX to start.
I have some of the following in a filter file to add little weight, I don't
know if it is a great idea but it usually helps.
HEADERS 0 CONTAIN Bargains.net
HEADERS 0 CONTAIN Bargain.net
HEADERS 0
Hello Samantha.
While the default WEIGHT10 and WEIGHT20 settings are good starting points, I
firmly believe that more granular control is needed.
This is accomplished using the weight range settings.
Example, here is my configuration:
WEIGHT9 IGNORE
WEIGHTRANGE10-14IGNORE
I have an Adult message with this entry in the headers:
X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL -
http://blackholes.easynet.nl/errors.html
Is easynet.nl one of the spamdomains that was taken down? Imail rules
caught this, not Declude. It says above that it is Blacklisted,
Below is the declude warnings from an email I got. I was wondering how
IPNOTINMX tripped when as per HELOBOGUS there are no MX or A records?
Since there is no MX record isn't it impossible for there to be an IP in a
record that doesn't exist?
If an E-mail fails the IPNOTINMX test, it means
Josh,
IPNOTINMX = IP NOT IN MX. As you said earlier there are no MX records for
the IP address of the server you received that mail from. Declude looks at
the senders mail from domain and compares it to the the IP address the
server received the mail from looking for an MX.
In this case
On Sep 21, 2003, at 11:03 AM, DLAnalyzer Support wrote:
With this test most people do not assign weight to this test because
it catches a lot of legit mail. Most apply reverse weight if it
passes (i.e. if the IP addresses matches a MX record for the senders
mail from domain.) This is ideally
I believe all tests are still run, just no action taken.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Friday, September
I am using a great 3rd-party Outlook add-on called PocketKnife Peek
(http://www.xintercept.com/pkpeek.htm) --which I highly recommend to anyone,
by the way--which allows me to view the plain text, html source and full
headers of any message (so I can avoid viruses and also see why filtering on
1 - 100 of 150 matches
Mail list logo
