Yep, a configuration of WEIGHT10 DELETE and a WEIGHT20 HOLD would indeed
delete a message with a weight of 21.
Something you mentioned earlier prompts me to point out another thing; the
veterans in the list generally regard HOLD messages not as something they
have to check out several times a day
Yep, also 0x20, also #20
Andrew 8)
-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 20, 2004 10:47 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] OT: ASCII code
A space is %20, correct?
John Tolmachoff
Engineer/Consultant/Owner
Good tip!
This is what the web page is using:
http://netsecurity.about.com/cs/generalsecurity/a/aa021504.htm
to download a file it creates called C:\Program Files\Internet
Explorer\Iesearch.exe
by downloading and rename the file http://68.192.132.122:8067/mstasks.dat
which my latest Trend
OK if I am right the US Treasury Department needs help!
Very much so:
They identified themselves as 10.0.7.238 instead of a host.domain !!??
This is very bad.
There are actually 3 problems with this:
[1] They did not identify themselves using a host name, which is the
standard method.
[2] They
To paraphrase you JunkMail looks through all the actions of all the
tests that have been tripped starting with the most severe (strict)
DELETE and working down the list.
That's another way of looking at it. In this case, if there is a conflict
with an action that has already been taken, the one
The header of my message to the list is showing
X-Weight: -17 (FIVETENIGNORE, SPFPASS, CURRENT, HEUR3, SPAMCHK)
X-Declude-Sender: [EMAIL PROTECTED] [208.154.200.6]
Scott, would you please comment on the last 4 : SPFPASS, CURRENT, HEUR3,
SPAMCHK
I suppose that i am now passing SPF? but why did
Hi all
any help appreciated
Is this specific for this sender ? or a problem with my server/DNS configs ?
I do not see AOL acknowledging my IP adress anywhere .
TIA
Here is my log
20040414 082409 127.0.0.1 SMTP (0884048F) processing
F:\Imail\spool\Qf19c0a01026e5656.SMD
20040414 082411
these would be scott's logs, since these test where done on his server
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 21, 2004 5:51 AM
Subject: RE: [Declude.JunkMail] Scott's tests
Scott, would you please comment on the last
any help appreciated
Is this specific for this sender ? or a problem with my server/DNS configs ?
I do not see AOL acknowledging my IP adress anywhere .
This:
20040414 082414 127.0.0.1 SMTP (0884048F) 220-rly-xk06.mx.aol.com
ESMTP mail_relay_in-xk6.10; Wed, 14 Apr 2004 04:24:14 -0500
on 4/20/04 3:16 PM, Matt wrote:
NOTCONTAINS would be incredibly helpful for lots of filters, though of course
all forms of NOT filters would be good addition, but NOTCONTAINS is the most
flexible and therefore capable, especially to defeat a counterbalancing filter
so that it doesn't credit
Yeah, I got sick of modifying my setups for others mistakes.. I've just
ended up forwarding them the message with the internet headers telling them
what the problem is, how to fix it, and that messages from them will be
blocked/reviewed until the problems are fixed.. Haven't gotten any
Just a question.. The message below (internet headers listed only) got
through and only failed on the CMDSPACE test.. But one of the X-Notes
states the there was a timeout looking up the IP address (it's
24-51-32-177.kntnny.adelphia.net)..
Anyway, I was wondering if there was a test could be
Correct...
Darrell
John Tolmachoff (Lists) writes:
A space is %20, correct?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
Goran Jovanovic wrote:
This is parts of a header I received and I just want to check a few
things
So the spammer thought that he would use my IP address in the HELO line
205.150.108.8 to identify his domain, even though his real IP address is
220.185.227.109?
Obviously an IP address is not a
Hello, All,
Could someone tell me where I might find the list
of RHSBL tests which used to be listed at the bottom of this page the old List
of all Known DNS-Based Spam Databsaes? The new document is here, http://www.declude.com/Articles.asp?ID=97,
but the RHSBL information seems to be have
Could someone tell me where I might find the list of RHSBL tests which
used to be listed at the bottom of this page the old List of all Known
DNS-Based Spam Databsaes? The new document is here,
http://www.declude.com/Articles.asp?ID=97http://www.declude.com/Articles.asp?ID=97,
but the RHSBL
Well, I well mention his first name, blast shields up first. (He has a way
of irritating people.)
Len Conrad, most often seen on the Imail list.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL
Hello Sysadmin,
it would be nice, if you could use a real name.
We're an ISP and we believe we can't whitelist our addresses and we
definitely can't require authentication.
Why not?
We do the same job, and I thought the same.
But if all would think so, we will never get of the spammers.
So
We're an ISP and we believe we can't whitelist our addresses and we
definitely can't require authentication.
If you haven't your own network (ISP backbone) or users connecting from a
defined range of IP's you SHOULD switch to SMTP-AUTH and you CAN prepare
some usefull how-to pages, then
on 4/21/04 11:17 AM, John Tolmachoff (Lists) wrote:
Why are you so much different than other ISPs that you can not force
authentication?
Try to imagine having to contact thousands of subscribers and walk them
through changing their settings. Even if we only took a minute to help each
If the following is in the Global.cfg file, is it true that
dnsbl.sorbs.net will be queried once and the result will be
evaluated 8 times?
SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0
SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0
SORBS-MISC ip4r
Why are you so much different than other ISPs that you can not force
authentication?
Try to imagine having to contact thousands of subscribers and walk them
through changing their settings. Even if we only took a minute to help
each
subscriber (and I can guarantee you a minute isn't even
John,
Dial-up ISP's, especially smaller ones, are very unlikely to be
targeted by spammers due to the dynamic nature of the IP space. There
one minute, gone the next...and the bandwidth sucks. Almost all
viruses don't use mail servers to spread, so SMTP AUTH won't stop them
either, but
That means
that any one using one of those addresses can send out millions of spam
e-mails through your server and there is nothing you can do about it.
How is that statement correct? We scan all outgoing messages for spam and
viruses and delete them if a message contains one or both.
I
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
System Administrator
Sent: 21. april 2004 20:20
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] New test
on 4/21/04 1:40 PM, John Tolmachoff (Lists) wrote:
I assume you are relaying
Well I read the manual and searched the archives, but my efforts to filter
outgoing mail are not working. We have the pro version of Declude.
in the filter...
BODY0 CONTAINS flibbertygibbet
SUBJECT 0 CONTAINS flibbertygibbet
in the Declude config file (last two entries) ...
OUTGO
Hi,
My log analysis and test check scripts are available for download at:
http://www.botany.gu.se/download/decludescript/LOG_analysis.zip
http://www.botany.gu.se/download/decludescript/TEST_check.zip
The first script creates a list with the number of hits for each
test, number of messages that
Anyone know if there's anything similar to declude for MS Exchange server?
thanks,
Larry Craddock
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
Title: Message
I just saved some processing
power..
One of my most important text filters is the BODY
search for URL stuff. But it's quite big. To keep my loglevels in
check, I use LOGLEVEL MID, which doesn't log the individual lines
triggered. But whether I use MID or HIGH, the line
On 21 Apr 2004 at 21:24, Roger Eriksson wrote:
*very* nice job Roger -
Thanks!
-Nick Hayer
Hi,
My log analysis and test check scripts are available for download at:
http://www.botany.gu.se/download/decludescript/LOG_analysis.zip
My Body URL observations:
I've noticed that using SURBL filter has dramatically cut down on the hits of my 5 URL
Body filters. My five filters are for .biz, .info, .com, .net and other, it's just
easier for me to maintain them that way.
So I've moved the SURBL filter higher in my list of test
Scott I thought if there was a DNS failure that SPAMDOMAINS would not fail
but pass the email??? This message failed Spam domains when there was a DNS
failure on Microsofts end?
Declude Version 1.78i18
*** Declude Log ***
04/21/2004 11:36:34 Qbf301a5d024003e8 Msg failed REVDNS (This
Scott I thought if there was a DNS failure that SPAMDOMAINS would not fail
but pass the email??? This message failed Spam domains when there was a DNS
failure on Microsofts end?
It depends on the failure:
An error occurred: Server dns1.sj.msft.net is reporting a server failure (it
is probably
OK I get that. I was under the assumption that if there was a DNS failure
that DNS based tests would not fail.
So I am assuming I am correct and Incorrect. If the DNS server that Imail is
configureed to communicate with has failed it will pass the tests but if the
remote server that is
OK I think I was somehow reversed in my tinking
Goran Jovanovic
The LAN Shoppe
Goran Jovanovic wrote:
This is parts of a header I received and I just want to check a few
things
So the spammer thought that he would use my IP address in the HELO
line
205.150.108.8 to
If you run SPAMCHK, it logs out all of the URL's it finds.
...if the Log level is set high enough.
Note that it logs any URL regardless if identified as spam or legit message.
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
I sent an email from within our domain (containing that word in both the
subject and body) to an external account. Then checked the Declude log.
Nothing.
That's what I suspected -- that means that there is a problem with the way
that the test is set up.
Are you sure that the filter file is
OK I get that. I was under the assumption that if there was a DNS failure
that DNS based tests would not fail.
If there is a timeout, Declude JunkMail will not fail the test. But if it
gets a response back that doesn't include an answer, it will fail the test.
FYI -
There is not a DNS failure on Microsoft's end. Microsoft for some reason
has no reverse dns for a whole bunch of their mail servers causing mail from
MSN and Hotmail to fail both spamdomains and revdns. I have contacted
Microsoft and they said it would be fixed yesterday. What a mess.
If you are using Spamchk, you can use an external file there. That is what I
do with my body URL filter. It is much quicker to parse from Spamchk than as
a filter in Declude.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
40 matches
Mail list logo