Re: [Declude.JunkMail] Setting MAX Testing Weight
I thought the essence of the argument against this is the fact that such testing doesn't happen one at a time, but instead in unison with one another. So if 20 queries are sent out and the first 10 that come back to put the score high enough to fail, there isn't really that much overhead in waiting for the remaining 10 to come back considering that they have already been queried. I'm not sure exactly how the application handles the technical tests, but it would seem that many of them are done in unison as opposed to independent of one another just like the DNS-based tests. HELOBOGUS, SPAMHEADERS and BADHEADERS for instance all look at the same pieces of information, so it's probably not something that can be separated into individually triggered tests. I would think that by the time you caught a high enough score, the majority of the processing would already be finished and you would only be waiting on the remaining DNS queries to come back. Another issue is that score handling is only marked in the $default$.junkmail files, and you can have different settings for each domain and user depending on your version, yet there is only one global.config file that gets used for every user on a system. So knowing what score to stop on becomes overhead since the system doesn't need to keep track of handling information during testing as things stand, and beyond that a logic mess for a programmer. I guess that while what you suggest would be nice in some circumstances, it might not be practical programmatically??? I'm also going to guess that some of the newer tests that involve opening, parsing and execution of files like SPAMDOMAINS and SPAMCHECK would have a noticeable impact on the processor cycles needed, and that might be why you are seeing the increase that you are. Some DNS-based tests might also be slow in responding, and might also rarely return a match, in which case it would make sense to remove them if you are worried about processing time. I'm no expert on the details, but that's what makes sense from what I think I know :) Matt Todd - Smart Mail wrote: I brought this up last week.Anyone see the benefit beside me? The idea of being able to stop testing once a given Weight has been reached seems to have multiple benefits to me.My numbers indicate that about 45% of my spam would benefitfrom stopping testing at 4X my Hold Weight. I know that Declude is not a resource hog but my Decludetests have increased dramatically over the past couple months and I don't see them getting any less in the future. I've Added 2 x Subjectspaces Spamdomains 4 x Comments Spamcheck And a host of DNS tests. That's my CPU, Bandwidth, and other resources. Andas more and more people move to spam prevention it seems the DNS Blacklists will get more use. I guess my point is why continue to test and use resourcesonce you reach a certain point where you're3X,4Xor 5Xyour hold weight? Any thoughts? Todd Hunter Progressive Systems - Original Message - From: Todd - Smart Mail To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 10:04 AM Subject: Re: [Declude.JunkMail] Setting MAX Testing Weight John, As I mentioned, the order that you ran the tests would affect the outcome. Tests that generate a negative weight would need to be run first, such as IPNOTINMX, BONDEDSENDER, and other whitelist type of tests. Also the reason I suggested stopping testing at weigh 3x my HOLD weight. This gives some margin where test would continue to run. Todd - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 9:36 AM Subject: RE: [Declude.JunkMail] Setting MAX Testing Weight You do not want Declude to stop at a certain point. What if it stops, right before the next test which is a whitefilter type test? With the weighting system, it is important to run all tests to get the final weight. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Todd - Smart Mail Sent: Thursday, August 28, 2003 12:34 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Setting MAX Testing Weight My Declude config has grown since install. I am curious if it is possible determine a Weight at which Declude ceases running tests on an email. SayI have40 testsand after Declude runsthe first 10 of themit accumulates ascore of 300.IHOLD at 100.Further testing beyond 300uses additional resources to produce the same outcome with no additional benefits. Resources including
RE: [Declude.JunkMail] SORBS-SPAM
Also see: http://pinkbell.net/ Best Regards, Sr.Consultant / Phillip B. Holmes Media Resolutions Inc. Macromedia Alliance Partner http://www.mediares.com [EMAIL PROTECTED] 1-888-395-4678 |Ext. 101 972-889-0201 |Ext. 101 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Robertson Sent: Tuesday, September 02, 2003 2:01 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SORBS-SPAM Keith wrote: I plugged pink contracts into Google and here's the first link that came up... Well, doesn't that just suck? Hopefully the 2001 date on that post is indicative of a changed landscape, otherwise they're pretty much *all* in league with the devil. Matt Robertson [EMAIL PROTECTED] MSB Designs, Inc. http://mysecretbase.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] BEGIN:VCARD VERSION:2.1 N:Holmes;Phillip;B. FN:Phillip B. Holmes ([EMAIL PROTECTED]) ORG:Media Resolutions Inc.;IT TITLE:Sr. Consultant TEL;WORK;VOICE:(972) 889-0201 TEL;CELL;VOICE:214-995-6175 ADR;WORK;ENCODING=QUOTED-PRINTABLE:;1-888-395-4678;16415 Addison=0D=0ASuite 610;Addison;TX;75001;United States = of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:1-888-395-4678=0D=0A16415 Addison=0D=0ASuite 610=0D=0AAddison, TX 75001=0D= =0AUnited States of America EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20030910T014847Z END:VCARD
[Declude.JunkMail] Earthlink
I have a user that sends email from his earthlink account and recently the mail has been being caught by spam domains. I think the user made a configuration change and is using an alternate mail server. X-RBL-Warning: SPAMDOMAINS: Spamdomain 'earthlink.' found: Address of [EMAIL PROTECTED] sent from invalid smtp807.mail.sc5.yahoo.com. From this it looks like earthlink is using yahoo mail servers. Can anyone confirm??? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need aid on Declude Header rule
Since we house mulitple domains (using spam filtering) and this filter test is used in the Global file it seems it would fail every other domain email (i.e. 1000 weight) that we house on the same box?! Is there a way to only define it for use in the default config file for that domain (we have the pro version), thus not be used for other domains? Thanks again for the aid. Unfortunately, there isn't any way to have different weights applied to different domains. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Best practice for new config file
Title: Best practice for new config file Good morning, Up until now, when a new release of Declude comes out, I have just been upgrading the .exe file and not downloading the config file, due to lack of time to devote to the re-configuration. Lately, my old settings aren't working as well and I'd like to take advantage of some of the new tests. What is the best way to merge the new config file with the old one? Redo the new one using the old settings? Copy the new tests that I want to use to the old file? Advice/suggestions appreciated. Thanks, Sharyn
[Declude.JunkMail] [OT] Weird e-mails..
Anyone else seeing e-mails such as these:I've received a number of these and they're being caught by Declude as spam.. They also appear to be coming from more than one place, including rr.com.. __ Subject: How you been? Why hello ;) Whats been happening on your side of the woods? We haven't been doing much at all really! Anyways seeya tommorow. __ Received: from 12-217-117-164.client.mchsi.com [12.217.117.164] Subject: Hello Hey, How have you been? What have you been doing lately? Ive just been at home doing nothing :( bored at uni etc. Anyway's lets catch up soon, Luv, You know who ;) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need aid on Declude Header rule
Scott, Could this be done with some form of DNS based test where the test result(s) are only used in the $default$.junkmail for the specific domain? George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, September 03, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule Since we house mulitple domains (using spam filtering) and this filter test is used in the Global file it seems it would fail every other domain email (i.e. 1000 weight) that we house on the same box?! Is there a way to only define it for use in the default config file for that domain (we have the pro version), thus not be used for other domains? Thanks again for the aid. Unfortunately, there isn't any way to have different weights applied to different domains. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Setting MAX Testing Weight
As was mentioned here before, it's not a BAD idea to want Declude to stop after X has been reached, but, what if the whitelist came right after that X number? Scott, are there any plans to, or can Declude already, run the Whitelist tests FIRST, so that if they are whitelisted, forgoes any weight testing alltogether? I think that would be beneficial in this case. If we list the whitelist tests first, will they be run first? Paul - Original Message - From: Todd - Smart Mail To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 10:27 PM Subject: Re: [Declude.JunkMail] Setting MAX Testing Weight I brought this up last week.Anyone see the benefit beside me? The idea of being able to stop testing once a given Weight has been reached seems to have multiple benefits to me.My numbers indicate that about 45% of my spam would benefitfrom stopping testing at 4X my Hold Weight. I know that Declude is not a resource hog but my Decludetests have increased dramatically over the past couple months and I don't see them getting any less in the future. I've Added 2 x Subjectspaces Spamdomains 4 x Comments Spamcheck And a host of DNS tests. That's my CPU, Bandwidth, and other resources. Andas more and more people move to spam prevention it seems the DNS Blacklists will get more use. I guess my point is why continue to test and use resourcesonce you reach a certain point where you're3X,4Xor 5Xyour hold weight? Any thoughts? Todd Hunter Progressive Systems
RE: [Declude.JunkMail] [OT] Weird e-mails..
Yeah, I'm seeing them too. They seem to have an embedded ActiveX Control file with it. Fortunately, Declude is catching mine as well. Troy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeff Maze - Hostmaster Sent: Wednesday, September 03, 2003 8:52 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] [OT] Weird e-mails.. Anyone else seeing e-mails such as these:I've received a number of these and they're being caught by Declude as spam.. They also appear to be coming from more than one place, including rr.com.. __ Subject: How you been? Why hello ;) Whats been happening on your side of the woods? We haven't been doing much at all really! Anyways seeya tommorow. __ Received: from 12-217-117-164.client.mchsi.com [12.217.117.164] Subject: Hello Hey, How have you been? What have you been doing lately? Ive just been at home doing nothing :( bored at uni etc. Anyway's lets catch up soon, Luv, You know who ;) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Setting MAX Testing Weight
Scott, are there any plans to, or can Declude already, run the Whitelist tests FIRST, so that if they are whitelisted, forgoes any weight testing alltogether? I think that would be beneficial in this case. If we list the whitelist tests first, will they be run first? There is a new PREWHITELIST ON option that will run some of the whitelists before the tests are run. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Log message
Title: Log message I am seeing these in my logs Msg failed OSRELAY (Please stop using relays.osirusoft.com) Should I comment out that test? Sharyn
RE: [Declude.JunkMail] Log message
Title: Log message Yes. As of about 3 weeks ago or so. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Sharyn SchmidtSent: Wednesday, September 03, 2003 10:10 AMTo: Declude Junkmail ListSubject: [Declude.JunkMail] Log message I am seeing these in my logsĀ Msg failed OSRELAY (Please stop using relays.osirusoft.com) Should I comment out that test? Sharyn
RE: [Declude.JunkMail] Log message
Title: Log message I think we need to - I've read here on this list that the site is down but then again I've read here that it will come back up again sometime in the future. I guess we'll commit it out and see what happens. Greg -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Sharyn SchmidtSent: Wednesday, September 03, 2003 11:10 AMTo: Declude Junkmail ListSubject: [Declude.JunkMail] Log message I am seeing these in my logs Msg failed OSRELAY (Please stop using relays.osirusoft.com) Should I comment out that test? Sharyn
RE: [Declude.JunkMail] Log message
Sharyn, I am a little surprised. You usually keep up on things. Guess you have not seen any of the posts regarding OSRelay in the last 2 weeks? No, sorry everyone. I have been SWAMPED here with projects other than mail administration and most of the time I am lucky if I read mail that pertains to the projects! Apologies..and thanks! Sharyn We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships. For more information, please click (go to) htmla href=http://www.cruzanrums.com;www.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log message
Sharyn, I am a little surprised. You usually keep up on things. Guess you have not seen any of the posts regarding OSRelay in the last 2 weeks? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Sent: Wednesday, September 03, 2003 8:10 AM To: Declude Junkmail List Subject: [Declude.JunkMail] Log message I am seeing these in my logs. Msg failed OSRELAY (Please stop using relays.osirusoft.com) Should I comment out that test? Sharyn --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Setting MAX Testing Weight
There is a new PREWHITELIST ON option that will run some of the whitelists before the tests are run. Can you explain the some part? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best practice for new config file
Copy the new tests that I want to use to the old file? That would probably be best, as replacing the file would undo any tweaks you have done for your situation. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Setting MAX Testing Weight
There is a new PREWHITELIST ON option that will run some of the whitelists before the tests are run. Can you explain the some part? It currently just does the WHITELIST FROM and WHITELIST IP whitelist entries before running the spam tests. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] SPAManager question
Sorry... Username: [EMAIL PROTECTED] Password: blue (Forgot the cardinal rule for virtual domains!) -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test based on results of other tests
Folks, Is there a test that can be based on the results of 2 or more other specific tests? ex: an email that fails both HELOBOGUS and BADHEADERS would fail HELOHEAD and have x number of points added/deducted to it? Thanks Nick --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test based on results of other tests
Is there a test that can be based on the results of 2 or more other specific tests? ex: an email that fails both HELOBOGUS and BADHEADERS would fail HELOHEAD and have x number of points added/deducted to it? No, that is not possible. It is something that has been requested, but it looks like a feature that few people would use. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test based on results of other tests
Is there a test that can be based on the results of 2 or more other specific tests? ex: an email that fails both HELOBOGUS and BADHEADERS would fail HELOHEAD and have x number of points added/deducted to it? No, that is not possible. It is something that has been requested, but it looks like a feature that few people would use. Although I am not a programmer, the problem with having a test like that would require a redesign of declude.exe, so that the various junkmail tests are run in distinct separate sections. For example, it would have to say run all white tests, wait until finished, run all LP4R tests, wait until finished, run Filter tests, wait until finished, and so forth and then run iftestthentest last. That would slow the program down, and in an ISP scenario, that can cause problems when dealing with thousands of messages per hour. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAManager question
Sandy, I was also looking forward to seeing what you had up there, thanks for the login info. Question...how did you process the configuration changes? Are you just using IMail rules as the filter (configuring that by way of IMail's tags) or did you actually get their Web server to execute your own code to configure Declude directly? Thanks, Matt Sanford Whiteman wrote: Sorry... Username: [EMAIL PROTECTED] Password: blue (Forgot the cardinal rule for virtual domains!) -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude
So far so good - I really like what I see! Thanks, Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Todd - Smart Mail Sent: Tuesday, September 02, 2003 9:06 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude Greg, we have been using SpamCheck for about 1 1/2 months now and have had No problems with it. Pros 1. Easy to Install 2. Support has been good 3. Highly flexible 4. Catches a lot of spam that passes DNS and RFC tests 5. Allows you to give emails + or - weights 6. Cost $0 Cons 1. Config files can require a good deal of time and customization for your needs 2. I understand CPU utilization can be high - but they are working on that. 3. Its Beta(?) software so you take it As Is(Correct me if wrong on this anyone) 4. Did I mention it takes some time to get the config files setup :) I have not looked at any of the other external testing programs so I cannot say how it compares. For us SpamCheck has been Great. Todd Hunter Progressive Systems - Original Message - From: Greg Foulks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 12:26 PM Subject: RE: [Declude.JunkMail]Review of Spamchk - was More and more email getting past Declude Scott, What is your opinion of Spamchk? How well does it work with Declude and have you seen any issues with using? Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, September 02, 2003 1:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More and more email getting past Declude It just seems like that recently the spam we've been getting is clean. Which makes it hard for declude to block it when it passes all of the rules. That's because companies that feel that they are legitimate E-mailers (ones that technically *do* have your permission to send the mail!) are the ones that are very likely to have everything in order. Their mail isn't likely to have header problems, DNS problems, anti-filter devices, etc. For this type of spam, the best answer is often a content filtering program (such as Message Sniffer or Alligate) that can work in conjunction with Declude, which is better able to catch this type of spam. But, note that there's a fine line here in determining what is spam and what is not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- -- -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] -- [This E-mail was scanned for viruses by Declude Virus Scanner on mail.nfti.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AUTOWHITELIST ON
I have not used this feature (or should say told my clients about it) but I do have it turned on. I'm curious as to how much resources it needs to do this checking? I assume each email that comes in it has to check the aliases.txt file in that persons account. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] WEIGHT
In my something.junkmail file I have: WEIGHT10SUBJECT (SUSPECTED SPAM) I know I can add %WEIGHT% to the end if I want the weight to show up in the subject but how can I have theweight show up in the subject of ALL emails I receive even if they do not receive a weight? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AUTOWHITELIST ON
I have not used this feature (or should say told my clients about it) but I do have it turned on. I'm curious as to how much resources it needs to do this checking? I assume each email that comes in it has to check the aliases.txt file in that persons account. We haven't run any tests on it, but do not expect a noticeable impact on performance. It will use some extra resources, but not a lot more. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WEIGHT
In my something.junkmail file I have: WEIGHT10SUBJECT (SUSPECTED SPAM) I know I can add %WEIGHT% to the end if I want the weight to show up in the subject but how can I have theweight show up in the subject of ALL emails I receive even if they do not receive a weight? You could use: CATCHALLMAILS SUBJECT [Weight=%WEIGHT%] -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test based on results of other tests
Scott, This feature would be of GREAT use. Many simply haven't thought out the implications of allowing the ability to combine tests. One example: the gentleman that wants to filter for specific names, but only one one domain -- this should allow setting that up. Adding the ability to combine results from two lists would make many of the tests much more effective (but, of course, more complicated to maintain). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 03, 2003 1:35 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Test based on results of other tests Is there a test that can be based on the results of 2 or more other specific tests? ex: an email that fails both HELOBOGUS and BADHEADERS would fail HELOHEAD and have x number of points added/deducted to it? No, that is not possible. It is something that has been requested, but it looks like a feature that few people would use. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WEIGHT
I placed: CATCHALLMAILS SUBJECT [Weight=%WEIGHT%] in my something.junkmail file but the weight did not show up in the subject of a message that I just received. Do I need to add something to the global.cfg? I'm trying to do this on my own email and nothing else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 03, 2003 1:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] WEIGHT In my something.junkmail file I have: WEIGHT10SUBJECT (SUSPECTED SPAM) I know I can add %WEIGHT% to the end if I want the weight to show up in the subject but how can I have theweight show up in the subject of ALL emails I receive even if they do not receive a weight? You could use: CATCHALLMAILS SUBJECT [Weight=%WEIGHT%] -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test based on results of other tests
Actually, it could be a minor change to the processing -- at the $default$.junkmaillevel, rather than global.cfg -- as this is not a test, but a handling of the test results. It would mean order dependence, usually (or the processing of combining tests done first, then other handling done). The minor change being the ability to keep adding weight at this point in processing. Or, if no added weight were allowed, then a preprocessing of the $junkmail file could allow seeting pass/fail of combine tests, based on test results known at that point. The difficulty from a programming standpoint will depend on where it is implemented, what features are allowed (just failing a new test name or adding weight) and the modularity of the existing program code. As to slowing down the system -- you already have to wait until all tests and whitelist are processed for each message, before a final decision is made on the message. This should not make any difference there. -Original Message- From:John Tolmachoff Is there a test that can be based on the results of 2 or more other specific tests? ex: an email that fails both HELOBOGUS and BADHEADERS would fail HELOHEAD and have x number of points added/deducted to it? No, that is not possible. It is something that has been requested, but it looks like a feature that few people would use. Although I am not a programmer, the problem with having a test like that would require a redesign of declude.exe, so that the various junkmail tests are run in distinct separate sections. For example, it would have to say run all white tests, wait until finished, run all LP4R tests, wait until finished, run Filter tests, wait until finished, and so forth and then run iftestthentest last. That would slow the program down, and in an ISP scenario, that can cause problems when dealing with thousands of messages per hour. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WEIGHT
CATCHALLMAILS SUBJECT [Weight=%WEIGHT%] in my something.junkmail file but the weight did not show up in the subject of a message that I just received. Are you sure that the something.junkmail file was the one used to process the E-mail (aliases can cause Declude to use a different file than you expect)? Do I need to add something to the global.cfg? No, assuming that the CATCHALLMAILS catchallmails x x 0 0 line is in there (it is in the default config file). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WEIGHT
No, assuming that the CATCHALLMAILS catchallmails x x 0 0 line is in there (it is in the default config file). By default, it is commented out, no? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test based on results of other tests
Actually, it could be a minor change to the processing -- at the $default$.junkmaillevel, rather than Global.cfg -- as this is not a test, but a handling of the test results. It would mean order dependence, usually (or the processing of combining tests done first, then other handling done). The minor change being the ability to keep adding weight at this point in processing. It is declude.exe itself that would have to be altered. You actually reminded me of how complex this would be. Both the Global.cfg and appropriate .junkmail file would have to be loaded into memory, some tests run, consult the files, other tests run, consult the files, final tests run, consult the files and so forth. Right now, declude.exe loads the Global.cfg to determine what tests to run, the after tests have been run, consults the appropriate .junkmail file to determine what action to take. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WEIGHT
No, assuming that the CATCHALLMAILS catchallmails x x 0 0 line is in there (it is in the default config file). By default, it is commented out, no? It was originally, no longer is commented out with the default settings. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test based on results of other tests
You actually reminded me of how complex this would be. Both the Global.cfg and appropriate .junkmail file would have to be loaded into memory, some tests run, consult the files, other tests run, consult the files, final tests run, consult the files and so forth. You are trying to make this much more difficult. Yes, declude would have to change --- as it does whenever any new test type is added. But there would be absolutely no need to run tests, consult files, etc. As far as loading the files into memory -- that already takes place (or declude would not work at all). Once loaded, in the part of the program that processes the $junkmail file (whichever one is relevant), a scan could be done for special lines (eg, TWOTESTS COMBINEAND TEST1 TEST2 or TWOTESTS COMBINEXOR TEST1 TEST2 -- since OR is not really necessary, but XOR and AND would be good logical tests). The new tests are added to the list of tests (already in memory) with pass/fail info. Then processing continues as usual. Really, not an extrememly large amount of work. No starting, stopping, etc. All tests would run as they do now -- no need to change that. Adding weights would be different and more flexible for some purposes, but just the above would be an extreme jump forward in setting up tests --- one example: if an email has certain words, we isolate it, as it MAY be porn (they are reviewed and deleted or requeued). There are some ip4r tests that identify possible sporn IP's -- we use these to add weight, but don't hold (due to FP's). But, if the email msg fails both, we would probably delete them outright and hold/review the rest. Certain mailing lists also tend to fail the suspect porn list due to either their subject (for instance, this list) or the users there -- but we would ignore them if we had the ability to combine the two pieces of info. Adding weights: simple here as well. Scan global.cfg - strip out combine tests, run all other tests as done now, in parallel or serial, not relevant. when all results are back, before ending the thread, process the combine tests and add weights to them as indicated.then pass control to the part of the program that handles .junkmail. Right now, declude.exe loads the Global.cfg to determine what tests to run, the after tests have been run, consults the appropriate .junkmail file to determine what action to take. Which is exactly what it would continue to do, if the combine tests were done in the $junkmail file. Not to mention, this gives ever more flexibility for combining tests. Karen (who considers this such an obvious solution to a programmer, but suspects the patent office would issue a patent for such a technique, based on no one else has filed one for it yet!). --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] SPAManager question
Question...how did you process the configuration changes? Are you just using IMail rules as the filter... Nope. or did you actually get their Web server to execute your own code to configure Declude directly? In a sense. We use unused IMail configuration files (such as PLAN.IMA in the demo) in concert with Declude's REDIRECT command. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test based on results of other tests
I'm with you on how this would be accomplished, though it would probably be a somewhat laborious rewrite in how scoring was handled in comparison to how it is handled now. Just guessing of course. This was actually my first feature request to Scott after purchasing the application some time ago, and it's about the 5th time I've seen it talked about in the past few weeks. While I have almost absolute faith in just a few blacklists (SpamCop for example), I would definitely combine many other blacklists that I have less faith in as one test...in other words if a piece of mail failed both FIVETEN-SPAM and SORBS-SPAM, then I would use the combined test to add on a hefty penalty for an automatic fail. I could do the same for two different open relay tests, figuring that if two know about it, then it is more likely being used for spam and more likely to be fixed by a responsible administrator rather than having their E-mail blocked over a longer term. I would probably also apply this multi-test penalty to things like NOABUSE and NOPOSTMASTER because I generally see just one failed unless it is spam and I score them both very low individually. I might even do something like credit points on two technical tests that are often failed together, SPAMHEADERS and HELOBOGUS for instance, and that would let me increase the scores on each individually (I'd have to research this one more before I could claim it would be effective). Maybe it will be a treat for v2.0 :) And speaking of patents, anyone ever hear of this one? http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1Sect2=HITOFFd=PALLp=1u=/netahtml/srchnum.htmr=1f=Gl=50s1='6,368,227'.WKU.OS=PN/6,368,227RS=PN/6,368,227 Matt Karen D. Oland wrote: You actually reminded me of how complex this would be. Both the Global.cfg and appropriate .junkmail file would have to be loaded into memory, some tests run, consult the files, other tests run, consult the files, final tests run, consult the files and so forth. You are trying to make this much more difficult. Yes, declude would have to change --- as it does whenever any new test type is added. But there would be absolutely no need to run tests, consult files, etc. As far as loading the files into memory -- that already takes place (or declude would not work at all). Once loaded, in the part of the program that processes the $junkmail file (whichever one is relevant), a scan could be done for special lines (eg, TWOTESTS COMBINEAND TEST1 TEST2 or TWOTESTS COMBINEXOR TEST1 TEST2 -- since OR is not really necessary, but XOR and AND would be good logical tests). The new tests are added to the list of tests (already in memory) with pass/fail info. Then processing continues as usual. Really, not an extrememly large amount of work. No starting, stopping, etc. All tests would run as they do now -- no need to change that. Adding weights would be different and more flexible for some purposes, but just the above would be an extreme jump forward in setting up tests --- one example: if an email has certain words, we isolate it, as it MAY be porn (they are reviewed and deleted or requeued). There are some ip4r tests that identify possible sporn IP's -- we use these to add weight, but don't hold (due to FP's). But, if the email msg fails both, we would probably delete them outright and hold/review the rest. Certain mailing lists also tend to fail the suspect porn list due to either their subject (for instance, this list) or the users there -- but we would ignore them if we had the ability to combine the two pieces of info. Adding weights: simple here as well. Scan global.cfg - strip out "combine" tests", run all other tests as done now, in parallel or serial, not relevant. when all results are back, before ending the thread, process the combine tests and add weights to them as indicated.then pass control to the part of the program that handles .junkmail. Right now, declude.exe loads the Global.cfg to determine what tests to run, the after tests have been run, consults the appropriate .junkmail file to determine what action to take. Which is exactly what it would continue to do, if the combine tests were done in the $junkmail file. Not to mention, this gives ever more flexibility for combining tests. Karen (who considers this such an obvious solution to a programmer, but suspects the patent office would issue a patent for such a technique, based on "no one else has filed one for it yet!).
Re: [Declude.JunkMail] SPAManager question
Cute! I see how you did that now. I was really hoping though that you discovered some convoluted way to get IMail's Web server to run scripts...or maybe not depending on how convoluted it might have been. Thanks, Matt Sanford Whiteman wrote: Question...how did you process the configuration changes? Are you just using IMail rules as the filter... Nope. or did you actually get their Web server to execute your own code to configure Declude directly? In a sense. We use unused IMail configuration files (such as PLAN.IMA in the demo) in concert with Declude's REDIRECT command. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED]
Re: [Declude.JunkMail] Test based on results of other tests
Shoot, my link got munged. Here's what I was really talking about: Are patent methods patently absurd? http://news.com.com/2100-1023-962182.html " The patent office has granted patents for side-to-side swinging on a swing set and for making a peanut butter and jelly sandwich without a crust." Matt Matthew Bramble wrote: I'm with you on how this would be accomplished, though it would probably be a somewhat laborious rewrite in how scoring was handled in comparison to how it is handled now. Just guessing of course. This was actually my first feature request to Scott after purchasing the application some time ago, and it's about the 5th time I've seen it talked about in the past few weeks. While I have almost absolute faith in just a few blacklists (SpamCop for example), I would definitely combine many other blacklists that I have less faith in as one test...in other words if a piece of mail failed both FIVETEN-SPAM and SORBS-SPAM, then I would use the combined test to add on a hefty penalty for an automatic fail. I could do the same for two different open relay tests, figuring that if two know about it, then it is more likely being used for spam and more likely to be fixed by a responsible administrator rather than having their E-mail blocked over a longer term. I would probably also apply this multi-test penalty to things like NOABUSE and NOPOSTMASTER because I generally see just one failed unless it is spam and I score them both very low individually. I might even do something like credit points on two technical tests that are often failed together, SPAMHEADERS and HELOBOGUS for instance, and that would let me increase the scores on each individually (I'd have to research this one more before I could claim it would be effective). Maybe it will be a treat for v2.0 :) And speaking of patents, anyone ever hear of this one? http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1Sect2=HITOFFd=PALLp=1u=/netahtml/srchnum.htmr=1f=Gl=50s1='6,368,227'.WKU.OS=PN/6,368,227RS=PN/6,368,227 Matt Karen D. Oland wrote: You actually reminded me of how complex this would be. Both the Global.cfg and appropriate .junkmail file would have to be loaded into memory, some tests run, consult the files, other tests run, consult the files, final tests run, consult the files and so forth. You are trying to make this much more difficult. Yes, declude would have to change --- as it does whenever any new test type is added. But there would be absolutely no need to run tests, consult files, etc. As far as loading the files into memory -- that already takes place (or declude would not work at all). Once loaded, in the part of the program that processes the $junkmail file (whichever one is relevant), a scan could be done for special lines (eg, TWOTESTS COMBINEAND TEST1 TEST2 or TWOTESTS COMBINEXOR TEST1 TEST2 -- since OR is not really necessary, but XOR and AND would be good logical tests). The new tests are added to the list of tests (already in memory) with pass/fail info. Then processing continues as usual. Really, not an extrememly large amount of work. No starting, stopping, etc. All tests would run as they do now -- no need to change that. Adding weights would be different and more flexible for some purposes, but just the above would be an extreme jump forward in setting up tests --- one example: if an email has certain words, we isolate it, as it MAY be porn (they are reviewed and deleted or requeued). There are some ip4r tests that identify possible sporn IP's -- we use these to add weight, but don't hold (due to FP's). But, if the email msg fails both, we would probably delete them outright and hold/review the rest. Certain mailing lists also tend to fail the suspect porn list due to either their subject (for instance, this list) or the users there -- but we would ignore them if we had the ability to combine the two pieces of info. Adding weights: simple here as well. Scan global.cfg - strip out "combine" tests", run all other tests as done now, in parallel or serial, not relevant. when all results are back, before ending the thread, process the combine tests and add weights to them as indicated.then pass control to the part of the program that handles .junkmail. Right now, declude.exe loads the Global.cfg to determine what tests to run, the after tests have been run, consults the appropriate .junkmail file to determine what action to take. Which is exactly what it would continue to do, if the combine tests were done in the $junkmail file. Not to mention, this gives ever more flexibility for combining tests. Karen (who considers this such an obvious solution to a programmer, but suspects the patent office would issue a patent for such a technique, based on "no one else has filed one for it yet!).
Re: [Declude.JunkMail] Test based on results of other tests
Shoot, my link got munged. Here's what I was really talking about: Are patent methods patently absurd? http://news.com.com/2100-1023-962182.html " The patent office has granted patents for side-to-side swinging on a swing set and for making a peanut butter and jelly sandwich without a crust." Matt Matthew Bramble wrote: I'm with you on how this would be accomplished, though it would probably be a somewhat laborious rewrite in how scoring was handled in comparison to how it is handled now. Just guessing of course. This was actually my first feature request to Scott after purchasing the application some time ago, and it's about the 5th time I've seen it talked about in the past few weeks. While I have almost absolute faith in just a few blacklists (SpamCop for example), I would definitely combine many other blacklists that I have less faith in as one test...in other words if a piece of mail failed both FIVETEN-SPAM and SORBS-SPAM, then I would use the combined test to add on a hefty penalty for an automatic fail. I could do the same for two different open relay tests, figuring that if two know about it, then it is more likely being used for spam and more likely to be fixed by a responsible administrator rather than having their E-mail blocked over a longer term. I would probably also apply this multi-test penalty to things like NOABUSE and NOPOSTMASTER because I generally see just one failed unless it is spam and I score them both very low individually. I might even do something like credit points on two technical tests that are often failed together, SPAMHEADERS and HELOBOGUS for instance, and that would let me increase the scores on each individually (I'd have to research this one more before I could claim it would be effective). Maybe it will be a treat for v2.0 :) And speaking of patents, anyone ever hear of this one? http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1Sect2=HITOFFd=PALLp=1u=/netahtml/srchnum.htmr=1f=Gl=50s1='6,368,227'.WKU.OS=PN/6,368,227RS=PN/6,368,227 Matt Karen D. Oland wrote: You actually reminded me of how complex this would be. Both the Global.cfg and appropriate .junkmail file would have to be loaded into memory, some tests run, consult the files, other tests run, consult the files, final tests run, consult the files and so forth. You are trying to make this much more difficult. Yes, declude would have to change --- as it does whenever any new test type is added. But there would be absolutely no need to run tests, consult files, etc. As far as loading the files into memory -- that already takes place (or declude would not work at all). Once loaded, in the part of the program that processes the $junkmail file (whichever one is relevant), a scan could be done for special lines (eg, TWOTESTS COMBINEAND TEST1 TEST2 or TWOTESTS COMBINEXOR TEST1 TEST2 -- since OR is not really necessary, but XOR and AND would be good logical tests). The new tests are added to the list of tests (already in memory) with pass/fail info. Then processing continues as usual. Really, not an extrememly large amount of work. No starting, stopping, etc. All tests would run as they do now -- no need to change that. Adding weights would be different and more flexible for some purposes, but just the above would be an extreme jump forward in setting up tests --- one example: if an email has certain words, we isolate it, as it MAY be porn (they are reviewed and deleted or requeued). There are some ip4r tests that identify possible sporn IP's -- we use these to add weight, but don't hold (due to FP's). But, if the email msg fails both, we would probably delete them outright and hold/review the rest. Certain mailing lists also tend to fail the suspect porn list due to either their subject (for instance, this list) or the users there -- but we would ignore them if we had the ability to combine the two pieces of info. Adding weights: simple here as well. Scan global.cfg - strip out "combine" tests", run all other tests as done now, in parallel or serial, not relevant. when all results are back, before ending the thread, process the combine tests and add weights to them as indicated.then pass control to the part of the program that handles .junkmail. Right now, declude.exe loads the Global.cfg to determine what tests to run, the after tests have been run, consults the appropriate .junkmail file to determine what action to take. Which is exactly what it would continue to do, if the combine tests were done in the $junkmail file. Not to mention, this gives ever more flexibility for combining tests. Karen (who considers this such an obvious solution to a programmer, but suspects the patent office would issue a patent for such a technique, based on "no one else has filed one for it yet!). -- === Matthew S. Bramble President and
