Yes, and I am considering that or putting in a IIS front door (in addition
to my backup MX which is already IIS) and then using the other program that
I can not think of the name right now.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL
Interesting Spam Article
http://www.eweek.com/article2/0,1759,1608663,00.asp?kc=ewnws060904dtx1k0
700599
Samantha Bridges
Communications Technician
Macomb Intermediate School District
44001 Garfield Road
Clinton Township MI 48038-1100
(586) 228-3300
[EMAIL PROTECTED]
http://www.misd.net
Hi-
Many of my users are personnel agencies that send and receive a lot of
resumes as attachments. Some of these attachments are fairly large.
I'm having a growing problem with processor usage. Does Declude scan
attachments? Is there a way to turn that off?
-Dave Doherty
Skywaves, Inc.
---
That would be interesting. I see the surbl.org people are working with a phish url
list, that I sure wouldn't mind having the ability to scan against.
Scott Fisher
Director of IT
Farm Progress Companies
[EMAIL PROTECTED] 06/16/04 10:30PM
URL lookups.
Just a guess of course. I would prefer
Many of my users are personnel agencies that send and receive a lot of
resumes as attachments. Some of these attachments are fairly large.
I'm having a growing problem with processor usage. Does Declude scan
attachments? Is there a way to turn that off?
That shouldn't be an issue -- for example,
I was wondering is there a way to change what the Spam Hold button is
pointing to in Spam Review. I am currently running Declude Hijack v1.75
and the held e-mails are being sent to the Hold2 folder and not Hold. I
have not been using Spam Review much and wanted to start using it to
check if the
Hi Scott-
When this happens, I usually see about three Declude processes, each in the
25% - 30% neighborhood, and several more showing smaller percentages. Also,
I see the usual Sniffer, SMTP, POP, and IMAP, all much lower.
-d
- Original Message -
From: R. Scott Perry [EMAIL
I know others have mentioned higher CPU load with body searches and the
like, and most like searching through the entire attachment text for matches
to a filter?
Just a guess here.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent:
Yes I understand what Hijack is doing but I wanted to use Spam Review to
easily view the e-mails and send back to the spool folder if they are
valid instead of manually having to check each file individually.
Isaias Hernandez
Internet Tech Support
979-775-6239
[EMAIL PROTECTED]
-Original
I use a filter that searches for attachments and causes the email to bypass
further filter tests. For example my filter is called BYPASS and contains
lines like these:
BODY 0 CONTAINS .PDF
BODY 0 CONTAINS Content-type: application/msword
BODY 0 CONTAINS Content-Type: application/pdf
BODY 0
SpamReview is not intended to be used with Hijack, rather it is intended to
be used with Declude JunkMail.
Do you understand what Hijack is doing if there are messages in Hold2?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
When this happens, I usually see about three Declude processes, each in the
25% - 30% neighborhood, and several more showing smaller percentages. Also,
I see the usual Sniffer, SMTP, POP, and IMAP, all much lower.
Do you have a lot of BODY or ANYWHERE filters (the most CPU intensive tests
in
OK, it,s in place. Let's see what happens. Thanks!
-d
- Original Message -
From: Rick Davidson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:14 AM
Subject: Re: [Declude.JunkMail] Declude and attachments
I use a filter that searches for attachments and
I just watched it build, max out, and decline.
One instance of Declude, then two, then three, all in the 25%+ range. As
soon as it dropped to two Decludes, Queue Manager came right in at 30-40%,
then the cycles dropped as QueueManager dropped down.
-d
- Original Message -
From: R.
I have one BODY filter that is about 7K in size maybe 200 lines. That's it.
-d
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:27 AM
Subject: Re: [Declude.JunkMail] Declude and attachments
When this happens, I
Scott,
With Declue removing the data between the in HTML messages to get the
correct wording. Deasdsdasdadlude = Declude.
Would a test that counts and/or totals the number of characters between a
single asd or all the aaa's in a message be a viable ne test.
I notice a fair amount of spam
One instance of Declude, then two, then three, all in the 25%+ range. As
soon as it dropped to two Decludes, Queue Manager came right in at 30-40%,
then the cycles dropped as QueueManager dropped down.
It does sound like it is the large files that are causing the problem.
One option would be to
OK, the BODY filter is off.
If the problem continues, I'll set the log level to debug and turn the
filter back on.
-Dave
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 10:52 AM
Subject: Re: [Declude.JunkMail] Declude and
Scott,
I've got a lot more BODY filters than Dave has, though I don't feel that
they are excessive. I probably have about 1,500 BODY searches, but with
SKIPIFWEIGHT they only run about 25% of the time.
If Dave is using Declude Virus, I would also look there for the issue.
Anything besides
Hi, Matt-
We're running Declude JunkMail and Hijack. No AV on the mail server,
primarily to keep the load down. We have a firewall antivirus appliance and
a gateway server to take care of that.
-d
- Original Message -
From: Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday,
With Declue removing the data between the in HTML messages to get the
correct wording. Deasdsdasdadlude = Declude.
Would a test that counts and/or totals the number of characters between a
single asd or all the aaa's in a message be a viable ne test.
That is a good idea (and one we're already
Matt-
My body filters only catch about 4% of messages, but I don't know how often
they are run. Is htere a convenient way to tell?
-d
- Original Message -
From: Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 12:40 PM
Subject: Re: [Declude.JunkMail] Declude
I haven't found any easy way to tell. The information is in the logs at high level.
But I can chime in that SKIPIFWEIGHT bypasses about 80% of my e-mail that is obviously
spam. TESTSFAILED ENDS for friendly domains/revdns drop off about 8% of e-mail that
is most likely not spam, leaving about
Hey Matt:
One question - I know that you have been spending a lot of time programming
content filters.
I'm curious whether you are using Sniffer and whether you found that you
needed all those filters to improve detection over Sniffer rules (which then
makes me wonder why they are not made part
I am not sure which Imail release included the log anylizer, 8.1 I think, if
you have that version you can run the anylizer on your declude log files and
just select unknown log lines It is a dirty way to do it but it gives you
the info you are looking for
Rick Davidson
National Systems Manager
I've looked in the documentation and haven't found (can't find :-) if it
is possible to have a per user alert message. We need to build the
messages with custom values (fields) from a database.
TIA,
Rod
--
Roderick A. Anderson
Project Manager
Technology Services Management Group
Hi Scott-
My body filter runs last. It's set now to skip messages with attachments
(Thanks, Rick Davidson for that one!). SKIPIFWEIGHT is just above my delete
weight.
I tried to derive from the daily report and WAMLOG how many times the filter
runs, and my best guess is that it runs for around
Statistics will give you a general idea. We generally hold messages at
a score of 10 or 13, but we stop processing custom filters using
SKIPIFWEIGHT when the score reaches 25 and we separate those messages
from the others since we feel +99.99% confident that they are spam and
this allows us to
Is there a way to use the SKIPIFWEIGHT option for external tests? There
are some nice external plugins for JunkMail, but I would like not to run
them on mails that all ready meet our hold weight. Thanks!
Ken Weise
Econocaribe Consolidators, Inc.
---
[This E-mail was scanned for viruses by
Is there a way to use the SKIPIFWEIGHT option for external tests?
No, that option only applies to filters.
There are some nice external plugins for JunkMail, but I would like not to
run them on mails that all ready meet our hold weight. Thanks!
We are considering an option that would allow you
Andy,
I know I am not Matt, but I wanted to chime in here. We have a lot of body
filters and we use sniffer as well. Mostly because we can quickly code
rules to block spam that is coming in at that momemnt instead of waiting for
a rule base update. Also, not all of the spam we get ends up
Andy Schmidt wrote:
Hey Matt:
One question - I know that you have been spending a lot of time programming
content filters.
I'm curious whether you are using Sniffer and whether you found that you
needed all those filters to improve detection over Sniffer rules (which then
makes me wonder why they
- Original Message -
From: Matt [EMAIL PROTECTED]
I recommend that everyone buy Sniffer, and it's not just because I think
Pete is a swell guy :)
Ditto, and it is because I think that Pete's a swell guy and, well, Sniffer
is a pretty darn good product too! ;-)
Seriously, though,
I was wondering how reliable the ip4r lookups are. There seems to be a
lot of SPAM that is only failing one of the ip4r test (SORBS, SBL, AHBL,
etc) and no more of the test, hence delivering the SPAM. Is it safe to
increase the weight of all these test to my deletion weight in order to
stop them
On Thursday, June 17, 2004, 4:23:10 PM, Matt wrote:
snip/
M I recommend that everyone buy Sniffer, and it's not just because I think
M Pete is a swell guy :)
The check is in the mail ;-)
_M
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
Scott -
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
Thanks
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude Virus, you
could use the AVAFTERJM ON option to force Declude Virus to run after
Declude JunkMail, which also forces
Hi,
I have used filters to summarize categories of ip4r and other tests.
All the open relay tests will fail ONE filter. So whether one or 4
black-lists say it's an open relay - it will only get ONE weight.
All the DUL/DUHL will fail ONE filter. So, whether a dial-up or dynamic port
is listed
On 17 Jun 2004 at 17:47, R. Scott Perry wrote:
Perfect. Thanks!
-Nick
Is it possible to get Hijack to run after DJMP? This would help me
to better manage my backup mailserver -
The only way to do that would be if you are also running Declude
Virus, you could use the AVAFTERJM ON
I seen this post below and wanted to implement the TESTSFAILED to exit out
of one of my body filters based on if another test was already triggered.
Is the below line correct (assuming REVERSEDNSFILTER is one of my filters
that occurs before the filter I put the below line in)?
TESTSFAILED
I seen this post below and wanted to implement the TESTSFAILED to exit
out of one of my body filters based on if another test was already triggered.
Is the below line correct (assuming REVERSEDNSFILTER is one of my filters
that occurs before the filter I put the below line in)?
TESTSFAILED END
It depends on the IP4R tests. For example SBL/XBL is very reliable and I
weight them high. However, most the of the IP4R tests we weight low/medium.
Darrell
Check out
Scott,
How much extra processing to an e-mail does adding a bunch of weight
range statements like:
WEIGHT1019 weightrange x x 10 19
WEIGHT2029 weightrange x x 20 29
WEIGHT3034 weightrange x x 30 34
WEIGHT3539 weightrange x x 35 39
I really just want these just to report on from the logs
43 matches
Mail list logo