Search Google and you'll see that many others seem to think they're viri
only too.
And of the legit zips I examined on my system they don't have those
sequences.
Irregardless I block all executable attachments anyways at my mx. This was
strictly for the ones that are bypassing my mx records and
Jim,
I think everyone here will agree that Declude is largely a hands-on
product, at least until you get it tweaked right. I used to fool around
with it almost daily, although in recent weeks this tinkering is much
less necessary thanks to the hard work and generosity of some other list
members
Does WHITELISTFILE allow entries for IP, TODOMAIN, and/or ANYWHERE
whitelisting? Or are only from addresses/domains allowed?
If it doesn't, is there conflict in having some WHITELIST IP and
WHITELIST TODMAIN entries in the global.cfg and a WHITELISTFILE entry in
the $default$.junkmail?
BTW, have
Does WHITELISTFILE allow entries for IP, TODOMAIN, and/or ANYWHERE
whitelisting? Or are only from addresses/domains allowed?
Only from addresses are currently allowed.
If it doesn't, is there conflict in having some WHITELIST IP and
WHITELIST TODMAIN entries in the global.cfg and a WHITELISTFILE
Currently I have my ip4r tests running first, then the rhsbl's, then the
badheaders, base64, comments (etc.) tests. Then come the fromfiles and
last come the filters.
Is there a more efficient way to order this, or do I have it wired, more
or less? The way its set up now the filters often go
Currently I have my ip4r tests running first, then the rhsbl's, then the
badheaders, base64, comments (etc.) tests. Then come the fromfiles and
last come the filters.
Do you mean that is the order they are listed in in one of your config
files? That will not affect the order they are run in.
Scott,
I found this website and thought that it would be really cool if you
guys could write a program like this challenge/response that worked with
Declude spam. I would absolutely pay for it!
http://about.mailblocks.com/features/challenge.aspx
Greg
---
[This E-mail was scanned for viruses
The challenge/response has some fundamental problems. These include auto
notifications, newsletters, automated website ordering acknowledgments and
so forth.
I think the consensus is it is not acceptable to use.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original
I found this website and thought that it would be really cool if you guys
could write a program like this challenge/response that worked with
Declude spam. I would absolutely pay for it!
http://about.mailblocks.com/features/challenge.aspx
We actually started work on this a while back, but
Greg:
Just one word... NO Please don't do it and don't ask for it.
C/R systems, in my opinion, will soon kill online commerce - either
automatic receipts have to be changed or C/R system has to go.
At our company we started blocking EarthLink C/R systems.. Imagine getting
500+ C/R's from people
Hi,
I think the consensus is it is not acceptable
Then let mine be the only opposing voice.
I think because of Declude's weight features, Challenge/Response would be a
very valuable and very usable option.
Any messages with LOW weight pass. This addresses your concern of breaking
Yes, that's the order they are in in global.cfg
I had totally forgotten about running those tests in parallel.
Thx for the info!
Matt Robertson [EMAIL PROTECTED]
MSB Designs, Inc. http://mysecretbase.com
- - - - - - - - - - - -
I guess what I'm trying to say is that I like the concept I also
agree with all of con's that have presented. It would be nice if there
was someway we could automate the whitelist.
What about this spin? What if Declude took the email address that the
internal user was sending to and put it
That is what AutoWhite for Declude does.
However, that does not lesson any of the problems with C/R software.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Greg Foulks
I can see it as a viable option for grey items using weighting, but it
still doesn't answer the licensing problem.
You could also use the existing action of bounce (I know it has
changed), just let them know that the mail is rejected, or you can use
attach. There are options that already exist in
I guess what I'm trying to say is that I like the concept I also
agree with all of con's that have presented. It would be nice if there
was someway we could automate the whitelist.
You may want tolookatJohnT.'sAutoWhite
So if I wanted to BOUNCE after a certain weight is there a way to
incorporate the FORGED check that Declude viruses uses.
This way if the return address is forged the bounce is not sent out.
Greg
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
If a messages is quarantined or deleted by Declude Virus, JunkMail will
never see it.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Greg Foulks
Sent: Wednesday, January
What are the best test weights to use for scanning e-mails
from AOL and Yahoo. We are catching many valid e-mails and many SPAM
e-mails are going through. We have been getting many complaints from
customers about blocking valid e-mails that we have been temporarily
whitelisted the domains.
How does AUTOFORGE work? How does it know that the senders email address
is forged?
That is a Declude Virus option that checks with a server here to see if the
virus that was detected is a forging virus. Since spam caught by Declude
JunkMail does not contain a virus, it is does not apply to
It is only used in Virus when a virus is found that is known to forge via
the virus.cfg file listing FORGINGVIRUS. Please review the virus manual for
more information.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
Let me rephrase...
How does AUTOFORGE work? How does it know that the senders email address
is forged?
Greg
John Tolmachoff (Lists) wrote:
If a messages is quarantined or deleted by Declude Virus, JunkMail will
never see it.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
Would you mind posting your global.cfg? Redact whatever you want
private. With that maybe some good suggestions can be made
-Nick Hayer
From: TC Online Support [EMAIL PROTECTED]
To: Declude.JunkMail [EMAIL PROTECTED]
Subject:
This is our global.cfg file.
Isaias Hernandez
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Wednesday, January 28, 2004 3:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Best Test for SPAM from AOL, Yahoo
Would you mind
I've no experience
on setting up a ip4r list but maybe it's an idea to create a list of IP-Adresses
that are known to send out virus-warnings back to forged
recipients.
So we have a chance
to filter out part of this unnecessary NDRs and Virus warnings with declude
junkmail.
Such a system
I've no experience on setting up a ip4r list but maybe it's an idea to
create a list of IP-Adresses that are known to send out virus-warnings
back to forged recipients.
So we have a chance to filter out part of this unnecessary NDRs and Virus
warnings with declude junkmail.
FIVETENKLEZ does
Great idea Markus. Thanks for stepping
forward to set it up and host it. ;-)
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Wednesday,
January 28, 2004
Isaias:
You did not say what weights you hold and delete on.
But here are a few things.
You need to really clean up your global.cfg file
1.) osirusoft.com is dead I believe - you may want to replace these with
SORBs
2.) Monkeys.com is also dead
3.) Wirehub is also dead.
4.) IPNOTINMX should be
Isaias,
I suggest you start with a fresh global cfg.. many tests you have
listed are now dead.
http://www.declude.com/Release/177/GLOBAL.CFG
[I am assuming you are running the latest beta]
Add in your filters that you had created and I believe you will see a
great improvement.
All mail from our domain is failing with the following message:
X-RBL-Warning: DSN: Not supporting null originator (DSN) how do I get this
cleaned up. Our server is accepting null senders??
Kurt
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
What would cause extra CR in the middle of a line in the Virus or
Declude log files or incomplete line entries? We have a Parser that
runs through to pull out info, however, at times it will encounter the
above and have to skip the entries. Thanks for the info.
Keith
---
[This E-mail was
I've been building a content filter for this myself, the only problem
is that my friends don't tend to get viruses and therefore I don't tend
to get any sent directly to my account.
The way that I am dealing with this is giving any positive identifiers
a weight equal to our hold weight so
All mail from our domain is failing with the following message:
X-RBL-Warning: DSN: Not supporting null originator (DSN) how do I get this
cleaned up. Our server is accepting null senders??
That test is not run in real time (as it would be wasteful of
resources). You can go to
What would cause extra CR in the middle of a line in the Virus or
Declude log files or incomplete line entries? We have a Parser that
runs through to pull out info, however, at times it will encounter the
above and have to skip the entries. Thanks for the info.
That would depend on what log
http://www.rfc-ignorant.org/tools/detail.php?domain=lakesnet.netsubmitted=1
070148902table=dsn
This is why, although I was able to send to your postmaster account with a
null sender from the command line.
- Tony
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf
Is it true that AutoWhite only works on WebMail?
Could someone elaborate on the AutoWhite functionality, because I must
have missed something to think would cover these C/R issues.
I do like the idea of C/R only for grey area messages. This would
virtually eliminate the complaints of
There are 2 different items.
AUTOWHITELIST is a Declude feature that works with a users address list that
is kept in Web Messaging.
AutoWhite for Declude is an external program that is designed for Declude
JunkMail as an external test.
John Tolmachoff
Engineer/Consultant/Owner
eServices For
Todd,
Two things.
1) AutoWhite != AUTOWHITELIST ON
2) You don't want to have an auto-responder that handles messages that
might come from forged addresses.
I think the bottom line here is that although you don't mean to do
this, C/R would create a problem for other administrators that are
When I have gone and checked my F-Prot to see if the most recent version of
Mydoom is covered with the most recent virus definitions it only shows
Mydoom.a in the virus list. Is there another way to find out if the
definitions are fully up to date? I have the DOS version and it is update
every
Wanted to see if anybody could make any sense of this email that came
through. It had no subject, no from and no recipient. We have Declude
set to mark the subject with SPAM: if a weight of 20 is reached.
Didn't mark it at all. We have been received a couple of these over the
last couple of weeks.
40 matches
Mail list logo