Re: [Declude.JunkMail] Version 1.80 Logfile Changes
Tuesday, September 28, 2004, 3:48:59 PM, R. Scott Perry [EMAIL PROTECTED] wrote: Details? Are you seeing the Message OK lines? Typical log entries: 09/28/2004 15:59:07 Qc28b026d0172aa34 L1 Message OK RSP Is this with LOG_OK NONE? That line should prevent this log file entry RSP from appearing. RSP The others, such as Subject/From/etc. should appear if you are using RSP LOGLEVEL HIGH, though (with or without LOG_OK NONE). RSP -Scott We're using LOG_OK NONE and LOGLEVEL MID. The Subject/From/etc. lines are still written to the log (That's good - NOT asking for that to change.) The only time we see the 'L1 Message OK' is when the e-mail did fail a test, but it either had a weight of 0 or it was whitelisted, and the Subject/From/etc. lines are also written (no prob there, either). I initially thought the Subject/From/etc. were taken out of Log MID and added to Log HIGH. Hope that wasn't the intent . . . Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] STOPALLTESTS in Global config?
Can STOPALLTESTS be used in place of the weight in the global config? For example: SENDERDB ip4r pub.senderdb.net 127.0.0.2 STOPALLTESTS 0 Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] STOPALLTESTS in Global config?
Can STOPALLTESTS be used in place of the weight in the global config? No, it only applies to filters. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 1.80 and e-mail notifications
On 28 Sep 2004 at 16:58, R. Scott Perry wrote: Scott - Thanks for pointing that out -- it should be fixed now. Does this mean we need to do something on our end or retreive an interim? Thanks -Nick The format used for the forging virus lookups was changed, and we had to also make a change on our end to reflect that (which was just made). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 1.80 and e-mail notifications
Thanks for pointing that out -- it should be fixed now. Does this mean we need to do something on our end or retreive an interim? No, it was entirely on our end. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Ip blacklist file
Hello, I have a question. I have a test that when a spam message comes through the filters and not caught, I add the whole /24 IP address range to a file so that if a message arrives from the IP range again, it's automatically set to a weight that gets the message forwarded to an e-mail account for review. Anyway, I would like to add the IP addresses of hotmail, etc. so that if a message comes through from the hotmail servers, I don't inadvertently block it. Can I just add a '#' before the IP address to 'rem' it out and Declude won't block it? Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ip blacklist file
Anyway, I would like to add the IP addresses of hotmail, etc. so that if a message comes through from the hotmail servers, I don't inadvertently block it. Can I just add a '#' before the IP address to 'rem' it out and Declude won't block it? That will work fine -- in that case, Declude JunkMail will ignore the line, so any E-mail from that IP won't fail the test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Version 1.80 Logfile Changes
Typical log entries: 09/28/2004 15:59:07 Qc28b026d0172aa34 L1 Message OK This one should not be appearing if you are using LOG_OK NONE. I have found the cause of this; it will be fixed in the next release. 09/28/2004 15:59:07 Qc28b026d0172aa34 Subject: MTA 09/28/2004 15:59:07 Qc28b026d0172aa34 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 10.60.213.59 ID: These are occurring because you are using LOGLEVEL MID. If people think that LOG_OK NONE should suppress this information that appears in LOGLEVEL MID, please speak up. 09/28/2004 15:59:07 Qc28b026d0172aa34 Tests failed [weight=0]: The next release will have this line honor LOG_OK NONE. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Stopatfirsthit and stopalltests
A few questions on these new options, the manual states that it will stop processing the filter or remaining filters but it doesnt say whether or not it will fail the test that triggers it. For example if I use BODY STOPALLTESTS CONTAINS spam verbiage does the match fail the test triggering whatever action in the junk.mail file? I tried this and spam started slipping through that would have failed prior to using that keyword If I add STOPATFIRSTHIT to the top of my holding filters will it fail the test on the first hit? Rick Davidson National Systems Manager North American Title Group - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Version 1.80 Logfile Changes
At 9/29/2004 02:34 PM, R. Scott Perry wrote: 09/28/2004 15:59:07 Qc28b026d0172aa34 Subject: MTA 09/28/2004 15:59:07 Qc28b026d0172aa34 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 10.60.213.59 ID: These are occurring because you are using LOGLEVEL MID. If people think that LOG_OK NONE should suppress this information that appears in LOGLEVEL MID, please speak up. I think that LOG_OK NONE should suppress all information about messages which don't fail any tests, regardless of LOGLEVEL. Thanks for the info on the other stuff. Elise --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Version 1.80 Logfile Changes
I would have to agree. I think that makes sense except for the debug level. All others should honor the config line. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Elise Lewis Sent: Wednesday, September 29, 2004 11:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Version 1.80 Logfile Changes At 9/29/2004 02:34 PM, R. Scott Perry wrote: 09/28/2004 15:59:07 Qc28b026d0172aa34 Subject: MTA 09/28/2004 15:59:07 Qc28b026d0172aa34 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 10.60.213.59 ID: These are occurring because you are using LOGLEVEL MID. If people think that LOG_OK NONE should suppress this information that appears in LOGLEVEL MID, please speak up. I think that LOG_OK NONE should suppress all information about messages which don't fail any tests, regardless of LOGLEVEL. Thanks for the info on the other stuff. Elise --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] filtering on sender name
I promised I read the manual. I'm wanting to handle mail based on sender name. Particularly I'm getting considerable spam from coups@ and sender@, among others. What I am thinking about is: GLOBAL.CFG JCFILTERfilter D:\decludefilters\jcfilters.txt x 0 0 $DEFAULT.JUNKMAIL$ JCFILTERHOLD JCFILTER.TXT MAILFROM0 STARTSWITH coups@ MAILFROM0 STARTSWITH sender@ (maybe use CONTAINS) Later on after testing, I would add score values to increase the weight score or just maybe outright delete. I delete at 20. Anybody see problems here? Thanks, John --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Version 1.80 Logfile Changes
There does seem to be a variety of needs and wants regarding logging. Scott, could you consider providing configurable logging instead of just logging levels or some degree of configurable logging within the levels? As in maybe: SHOWINLOG MAILFROM SHOWINLOG RECPT SHOWINLOG TESTFAILED etc., etc., wherein display order was predetermined or shown in order in config file. Keep current ok message suppression with LOG_OK NONE. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Elise Lewis Sent: Wednesday, September 29, 2004 1:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Version 1.80 Logfile Changes At 9/29/2004 02:34 PM, R. Scott Perry wrote: 09/28/2004 15:59:07 Qc28b026d0172aa34 Subject: MTA 09/28/2004 15:59:07 Qc28b026d0172aa34 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 10.60.213.59 ID: These are occurring because you are using LOGLEVEL MID. If people think that LOG_OK NONE should suppress this information that appears in LOGLEVEL MID, please speak up. I think that LOG_OK NONE should suppress all information about messages which don't fail any tests, regardless of LOGLEVEL. Thanks for the info on the other stuff. Elise --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Stopatfirsthit and stopalltests
A few questions on these new options, the manual states that it will stop processing the filter or remaining filters but it doesnt say whether or not it will fail the test that triggers it. For example if I use BODY STOPALLTESTS CONTAINS spam verbiage does the match fail the test triggering whatever action in the junk.mail file? I tried this and spam started slipping through that would have failed prior to using that keyword STOPALLTESTS will prevent the filter from being triggered (although any weights will be added). STOPATFIRSTHIT will stop the filter, but will not prevent it from being triggered. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Sender Blacklist wildcard?
Is there a wildcard character that can be used in the Sender Blacklist. Specifically I would like a character or number wildcard so that I could blacklist addresses like spam01.com spam02.com with and entry like spam##.com so that entries from spam00.com - spam99.com would be caught with one entry instead of 100 entries. _ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _ Everything that can be invented has been invented. - Charles H. Duell, Commissioner, U.S. Office of Patents, 1899. _ --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] filtering on sender name
John, There is an extra s in the path for the Global.cfg line that would cause the filter to not be run. This would likely also cause an error to be logged as well if you wanted to check that out. Everything else looks like it would do what you were trying to do. Matt John Carter wrote: I promised I read the manual. I'm wanting to handle mail based on sender name. Particularly I'm getting considerable spam from coups@ and sender@, among others. What I am thinking about is: GLOBAL.CFG JCFILTER filter D:\decludefilters\jcfilters.txt x 0 0 $DEFAULT.JUNKMAIL$ JCFILTERHOLD JCFILTER.TXT MAILFROM0 STARTSWITH coups@ MAILFROM0 STARTSWITH sender@ (maybe use CONTAINS) Later on after testing, I would add score values to increase the weight score or just maybe outright delete. I delete at 20. Anybody see problems here? Thanks, John --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Sender Blacklist wildcard?
Is there a wildcard character that can be used in the Sender Blacklist. No, there is not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Sender Blacklist wildcard?
What would be the possibility of having that function added? _ Scott Fosseen - Systems Engineer -Prairie Lakes AEA http://fosseen.us/scott _ Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein _ - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 2:43 PM Subject: Re: [Declude.JunkMail] Sender Blacklist wildcard? Is there a wildcard character that can be used in the Sender Blacklist. No, there is not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --- [This E-mail scanned for viruses by Declude Virus on the server aea8.k12.ia.us] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Order in which tests are run
I know that IP4R tests are run first, but is there any order to tests after that? In particular, I have two filter files and I'd like to run them in a particular order -- is that possible? Elise Elise Lewis mailto:[EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Order in which tests are run
great. Thanks. At 9/29/2004 04:57 PM, you wrote: I know that IP4R tests are run first, but is there any order to tests after that? In particular, I have two filter files and I'd like to run them in a particular order -- is that possible? Declude JunkMail has a specific hard-coded order that test *types* are run in (for example, all IP4R tests are run before filters). However, when there are multiple tests of the same type (such as two filters), they are run in the order listed in the \IMail\Declude\global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] Elise Lewis mailto:[EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Order in which tests are run
I know that IP4R tests are run first, but is there any order to tests after that? In particular, I have two filter files and I'd like to run them in a particular order -- is that possible? Declude JunkMail has a specific hard-coded order that test *types* are run in (for example, all IP4R tests are run before filters). However, when there are multiple tests of the same type (such as two filters), they are run in the order listed in the \IMail\Declude\global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Order in which tests are run
Follow-up please. Where do IPFILE and FromFile tests fit in the running mix? My guess on the run order is this: Declude Internal Tests IP4R External Filters - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 29, 2004 3:57 PM Subject: Re: [Declude.JunkMail] Order in which tests are run I know that IP4R tests are run first, but is there any order to tests after that? In particular, I have two filter files and I'd like to run them in a particular order -- is that possible? Declude JunkMail has a specific hard-coded order that test *types* are run in (for example, all IP4R tests are run before filters). However, when there are multiple tests of the same type (such as two filters), they are run in the order listed in the \IMail\Declude\global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Order in which tests are run
Follow-up please. Where do IPFILE and FromFile tests fit in the running mix? I believe fromfile test type is first, ipfile test type is second, with ip4r appearing later, and filters last. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] user to user on same domain
It's been a few days since I was working on this and I should have asked then but got pulled in another direction so this will have kind of vague proofs. Does mail going fro muser to user in the same domain (and on the same system) go through Declude.JunkMail? I was getting indications that is was slipping by. With this does anyone have a script or program that will backtrace a message through all the log files -- Declude and iMail -- given the message ID or some such? This way I can look up specifics of why the badheaders and spamheaders are being triggered. TIA, Rod -- Roderick A. Anderson Technology Services Management Group http://www.technologyservicesmanagementgroup.com/ Spokane WA, 99202 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] filtering on sender name
Thanks, didn't see the typo. I'm going to watch the results for several days. Just in the last hour or so have caught about 50 msgs and its 100% spam. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, September 29, 2004 2:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] filtering on sender name John, There is an extra s in the path for the Global.cfg line that would cause the filter to not be run. This would likely also cause an error to be logged as well if you wanted to check that out. Everything else looks like it would do what you were trying to do. Matt John Carter wrote: I promised I read the manual. I'm wanting to handle mail based on sender name. Particularly I'm getting considerable spam from coups@ and sender@, among others. What I am thinking about is: GLOBAL.CFG JCFILTER filter D:\decludefilters\jcfilters.txt x 0 0 $DEFAULT.JUNKMAIL$ JCFILTER HOLD JCFILTER.TXT MAILFROM 0 STARTSWITH coups@ MAILFROM 0 STARTSWITH sender@ (maybe use CONTAINS) Later on after testing, I would add score values to increase the weight score or just maybe outright delete. I delete at 20. Anybody see problems here? Thanks, John --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] STOPALLTESTS and STOPATFIRSTHIT vs MAXWEIGHT question
Two questions: 1) I'd like a clarify the STOPALLTESTS action. IfI had a line TESTSFAILED STOPALLTESTS CONTAINS GUARANTEED-NOTSPAM This would exclude any e-mail that met that criteria from this filter and all subsequent filters. If my understanding is correct, it would be interesting to have a SKIPIFWEIGHTALLTESTS340 option where this filter and all subsequent filters would be skipped for a certain weight. (this would save a lot of filter files from being opened). 2) I use a lot of Maxweight to limit my filter to one hit. What's more efficient? MAXWEIGHT 100 BODY 100 CONTAINSSPAM-URL BODY 100 CONTAINSSPAM-URL2 ... or STOPATFIRSTHIT BODY 100 CONTAINSSPAM-URL BODY 100 CONTAINSSPAM-URL2 ...
RE: [Declude.JunkMail] Order in which tests are run
Thanks for the order. It's helpful for us in optimizing the CPU performance. We are working to put the new optimization tests at the top of all our filter tests. Scott, do you know where the internal Declude tests fit in the lineup? For example: cmdspace, revdnsexists, spamdomains, envfromstrict, base64, etc. Thanks, David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, September 29, 2004 2:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Order in which tests are run Follow-up please. Where do IPFILE and FromFile tests fit in the running mix? I believe fromfile test type is first, ipfile test type is second, with ip4r appearing later, and filters last. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPF issue
I thought i had a handle on this SPF stuff, but i think i've got something wrong in my understanding. I've set up my SPF record for our domain with the following record: choicenet1.com v=spf1 ip4:207.170.239.11 ip4:207.170.239.4 a mx -all From my understanding of this, the ip4's are extra ip addy's that should be "allowed" to send email AS this domain. The mx entry states that the ip addy of the mx record(s) found for this domain are also "allowed" to send email AS this domain. Am I right so far? Now, my dialup customers are on a different subnet and log into our imail server using smtp auth. When they send emails out, shouldn't the ip addy of the email then take on the ip addy of the email server in the eyes of the receiving mail server? the reason i ask this is because of the following in my spf.log: 216.64.178.28 [EMAIL PROTECTED] [dona]: FAIL: v=spf1 ip4:207.170.239.11 ip4:207.170.239.4 a mx -all There are lots of failures in the log and the ip address on the far left is an ip addy in the ip pool of our max tnt for our dial up customers, not the ip addy of the email server. I see this for just about every one of my users, so for now, i've turned off SPF. Can someone explain why/where i am going wrong? Is this a case of standard version vs. pro version and declude is just logging all "outbound" attempts and throwing me off? that makes me wonder though, why am i even seeing these since they are "leaving" my mail server to go to others. it should be in their log files.right? thanks for any help provided! (running Junkmail Standard version 1.79) David Dresler
Re: [Declude.JunkMail] SPF issue
Now, my dialup customers are on a different subnet and log into our imail server using smtp auth. When they send emails out, shouldn't the ip addy of the email then take on the ip addy of the email server in the eyes of the receiving mail server? No. Otherwise, it would defeat the purpose of SPF: A spammer could connect to your mailserver and send out spam. What you can do in this case (if you are running IMail v8) is add a line WHITELIST AUTH to your \IMail\Declude\global.cfg file, to whitelist all users that authenticate. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] STOPALLTESTS and STOPATFIRSTHIT vs MAXWEIGHT question
1) I'd like a clarify the STOPALLTESTS action. If I had a line TESTSFAILEDSTOPALLTESTS CONTAINSGUARANTEED-NOTSPAM This would exclude any e-mail that met that criteria from this filter and all subsequent filters. If my understanding is correct, it would be interesting to have a SKIPIFWEIGHTALLTESTS 340 option where this filter and all subsequent filters would be skipped for a certain weight. (this would save a lot of filter files from being opened). For that, you could use SKIPIFWEIGHT 340 at the beginning of all filters. Not quite as efficient (as the filters will be started), but there is little overhead to starting the filters. 2) I use a lot of Maxweight to limit my filter to one hit. What's more efficient? MAXWEIGHT 100 BODY 100 CONTAINS SPAM-URL BODY 100 CONTAINS SPAM-URL2 ... or STOPATFIRSTHIT BODY 100 CONTAINS SPAM-URL BODY 100 CONTAINS SPAM-URL2 ... Both will have nearly identical performance. Specifically, in each case, only the first BODY comparison will be made (and it is those BODY/CONTAINS combinations that eat up CPU time). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF issue
No, the probem you are having is with your own mail server catching messages from your subscribers sending mail. If you do not allow mail relay and only auth then you can whitelist your dial up ip address of your users within declude. Now if they are not connecting from one of your dial up ranges then they will be caught with the SPF record. Many features of declude are muted by not using WHITELIST AUTH and not being on the 8.x version of imail. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, September 29, 2004 4:09 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF issue Unfortunately i'm running imail 7.07 and it doesn't look like we'll be going to 8.x anytime soon. So, if i change my spf record to include the ip pool of my dialup users, i should be ok, correct? That would be fine. or, i could change the -all to ~all, correct? That could work, although it has two drawbacks: many SPF systems don't support softfail yet, and it reduces the effectiveness of your SPF record. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] user to user on same domain
R. Scott Perry wrote: Does mail going fro muser to user in the same domain (and on the same system) go through Declude.JunkMail? Yes, it should (with the exception of E-mail sent by web messaging on IMail v7 and earlier). Thanks. I'll have to sort this out when I can get back to the project. With this does anyone have a script or program that will backtrace a message through all the log files -- Declude and iMail -- given the message ID or some such? This way I can look up specifics of why the badheaders and spamheaders are being triggered. Unfortunately, I am not aware of such a tool. Hum. Potential there. It is a problem often enough for us I'll probably write one. Has there been any message threads on the files (logs) and the key fields in them to chase them down? Rod -- Roderick A. Anderson Technology Services Management Group http://www.technologyservicesmanagementgroup.com/ Spokane WA, 99202 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Forwarded messages
When a e-mail is forwarded, is the e-mail again processed by Declude? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.