RE: [Declude.JunkMail] Spam not scanned by JunkMail, found out why
Yes, and I am considering that or putting in a IIS front door (in addition to my backup MX which is already IIS) and then using the other program that I can not think of the name right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, June 16, 2004 9:41 PM To: John Tolmachoff (Lists) Subject: Re: [Declude.JunkMail] Spam not scanned by JunkMail, found out why For the last couple of days, 2 of my clients that my Imail server is a gateway for their Exchange servers have been getting hit with dictionary attack type spam. John, have you checked out exchange2aliases in my sig? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/downloa d/re lease/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Interesting Spam Article
Interesting Spam Article http://www.eweek.com/article2/0,1759,1608663,00.asp?kc=ewnws060904dtx1k0 700599 Samantha Bridges Communications Technician Macomb Intermediate School District 44001 Garfield Road Clinton Township MI 48038-1100 (586) 228-3300 [EMAIL PROTECTED] http://www.misd.net CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude and attachments
Hi- Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ideas on Unique New SPAM Test
That would be interesting. I see the surbl.org people are working with a phish url list, that I sure wouldn't mind having the ability to scan against. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 06/16/04 10:30PM URL lookups. Just a guess of course. I would prefer having the banned extension bouncing capabilities modified before that though :) Matt Scott Fisher wrote: Anyone want to speculate on the Unique New SPAM Test coming soon! advertised on the www.declude.com webpage? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? That shouldn't be an issue -- for example, with a 1MB file attachment, Declude will only scan about the first 5% of it. What processes are using the CPU time? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude and Spam Review
I was wondering is there a way to change what the Spam Hold button is pointing to in Spam Review. I am currently running Declude Hijack v1.75 and the held e-mails are being sent to the Hold2 folder and not Hold. I have not been using Spam Review much and wanted to start using it to check if the held e-mails in hold2 are Spam or not. Also I wanted to get some opinions on how Spam Review is working for other people. Isaias Hernandez Internet Tech Support 979-775-6239 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
Hi Scott- When this happens, I usually see about three Declude processes, each in the 25% - 30% neighborhood, and several more showing smaller percentages. Also, I see the usual Sniffer, SMTP, POP, and IMAP, all much lower. -d - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 9:32 AM Subject: Re: [Declude.JunkMail] Declude and attachments Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? That shouldn't be an issue -- for example, with a 1MB file attachment, Declude will only scan about the first 5% of it. What processes are using the CPU time? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and attachments
I know others have mentioned higher CPU load with body searches and the like, and most like searching through the entire attachment text for matches to a filter? Just a guess here. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Thursday, June 17, 2004 10:23 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude and attachments Hi Scott- When this happens, I usually see about three Declude processes, each in the 25% - 30% neighborhood, and several more showing smaller percentages. Also, I see the usual Sniffer, SMTP, POP, and IMAP, all much lower. -d - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 9:32 AM Subject: Re: [Declude.JunkMail] Declude and attachments Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? That shouldn't be an issue -- for example, with a 1MB file attachment, Declude will only scan about the first 5% of it. What processes are using the CPU time? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and Spam Review
Yes I understand what Hijack is doing but I wanted to use Spam Review to easily view the e-mails and send back to the spool folder if they are valid instead of manually having to check each file individually. Isaias Hernandez Internet Tech Support 979-775-6239 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, June 17, 2004 9:26 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Declude and Spam Review SpamReview is not intended to be used with Hijack, rather it is intended to be used with Declude JunkMail. Do you understand what Hijack is doing if there are messages in Hold2? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of TCOnline Internet Support Sent: Thursday, June 17, 2004 7:11 AM To: Declude.JunkMail Subject: [Declude.JunkMail] Declude and Spam Review I was wondering is there a way to change what the Spam Hold button is pointing to in Spam Review. I am currently running Declude Hijack v1.75 and the held e-mails are being sent to the Hold2 folder and not Hold. I have not been using Spam Review much and wanted to start using it to check if the held e-mails in hold2 are Spam or not. Also I wanted to get some opinions on how Spam Review is working for other people. Isaias Hernandez Internet Tech Support 979-775-6239 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
I use a filter that searches for attachments and causes the email to bypass further filter tests. For example my filter is called BYPASS and contains lines like these: BODY 0 CONTAINS .PDF BODY 0 CONTAINS Content-type: application/msword BODY 0 CONTAINS Content-Type: application/pdf BODY 0 CONTAINS Content-Type: application/rtf BODY 0 CONTAINS Content-Type: application/vnd.ms-excel BODY 0 CONTAINS X-MS-Attachment: Then I have this line at the top of all my filters: TESTSFAILED END CONTAINS BYPASS Run the bypass filter before any other filter tests run, this has eliminated alot of false positives for me especially with PDF files. You can recover alot of CPU processing time by running your tests in a logical order, run all your filters that hold or delete mail first and then use the TESTSFAILED END to stop the filtering process on any messages that are already flagged for holding or deletion Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Dave Doherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 8:18 AM Subject: [Declude.JunkMail] Declude and attachments Hi- Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and Spam Review
SpamReview is not intended to be used with Hijack, rather it is intended to be used with Declude JunkMail. Do you understand what Hijack is doing if there are messages in Hold2? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of TCOnline Internet Support Sent: Thursday, June 17, 2004 7:11 AM To: Declude.JunkMail Subject: [Declude.JunkMail] Declude and Spam Review I was wondering is there a way to change what the Spam Hold button is pointing to in Spam Review. I am currently running Declude Hijack v1.75 and the held e-mails are being sent to the Hold2 folder and not Hold. I have not been using Spam Review much and wanted to start using it to check if the held e-mails in hold2 are Spam or not. Also I wanted to get some opinions on how Spam Review is working for other people. Isaias Hernandez Internet Tech Support 979-775-6239 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
When this happens, I usually see about three Declude processes, each in the 25% - 30% neighborhood, and several more showing smaller percentages. Also, I see the usual Sniffer, SMTP, POP, and IMAP, all much lower. Do you have a lot of BODY or ANYWHERE filters (the most CPU intensive tests in Declude JunkMail)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
OK, it,s in place. Let's see what happens. Thanks! -d - Original Message - From: Rick Davidson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 10:14 AM Subject: Re: [Declude.JunkMail] Declude and attachments I use a filter that searches for attachments and causes the email to bypass further filter tests. For example my filter is called BYPASS and contains lines like these: BODY 0 CONTAINS .PDF BODY 0 CONTAINS Content-type: application/msword BODY 0 CONTAINS Content-Type: application/pdf BODY 0 CONTAINS Content-Type: application/rtf BODY 0 CONTAINS Content-Type: application/vnd.ms-excel BODY 0 CONTAINS X-MS-Attachment: Then I have this line at the top of all my filters: TESTSFAILED END CONTAINS BYPASS Run the bypass filter before any other filter tests run, this has eliminated alot of false positives for me especially with PDF files. You can recover alot of CPU processing time by running your tests in a logical order, run all your filters that hold or delete mail first and then use the TESTSFAILED END to stop the filtering process on any messages that are already flagged for holding or deletion Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Dave Doherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 8:18 AM Subject: [Declude.JunkMail] Declude and attachments Hi- Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? -Dave Doherty Skywaves, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
I just watched it build, max out, and decline. One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. -d - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 9:32 AM Subject: Re: [Declude.JunkMail] Declude and attachments Many of my users are personnel agencies that send and receive a lot of resumes as attachments. Some of these attachments are fairly large. I'm having a growing problem with processor usage. Does Declude scan attachments? Is there a way to turn that off? That shouldn't be an issue -- for example, with a 1MB file attachment, Declude will only scan about the first 5% of it. What processes are using the CPU time? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
I have one BODY filter that is about 7K in size maybe 200 lines. That's it. -d - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 10:27 AM Subject: Re: [Declude.JunkMail] Declude and attachments When this happens, I usually see about three Declude processes, each in the 25% - 30% neighborhood, and several more showing smaller percentages. Also, I see the usual Sniffer, SMTP, POP, and IMAP, all much lower. Do you have a lot of BODY or ANYWHERE filters (the most CPU intensive tests in Declude JunkMail)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New Test possibility
Scott, With Declue removing the data between the in HTML messages to get the correct wording. Deasdsdasdadlude = Declude. Would a test that counts and/or totals the number of characters between a single asd or all the aaa's in a message be a viable ne test. I notice a fair amount of spam that may contain a very common phrase that may be hard to block ought right like want extra income that is broken up with a large number of characters between the Since Declude is removing the characters between the to combine the phrase possibly counting the characters and adding it as a test may help with some spam. Just a thought Stu - CSOnline Technical Support Normal hours - Monday thru Saturday 8am - 12pm CSOnline Technical Support Numbers Seneca814-677-2447 Clarion 814-227-3638 Cochranton 814-425-1696 Parker724-399-1158 GremLan 814-337-7060 http://www.csonline.net http://www.cshowcase.com http://www.learncenter.com http://www.gremlan.org - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
OK, the BODY filter is off. If the problem continues, I'll set the log level to debug and turn the filter back on. -Dave - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 10:52 AM Subject: Re: [Declude.JunkMail] Declude and attachments One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
Scott, I've got a lot more BODY filters than Dave has, though I don't feel that they are excessive. I probably have about 1,500 BODY searches, but with SKIPIFWEIGHT they only run about 25% of the time. If Dave is using Declude Virus, I would also look there for the issue. Anything besides F-Prot and ClamAV in daemon mode will chug a server on a large attachment and it will use up far more processing than Declude JunkMail, but it will keep the Declude instance alive for longer. On about 65,000 messages a day currently, we generally see from 2 to 10 Declude processes running at one time with both F-Prot and AVG enabled (much less with just F-Prot). Disabling AVG results in our average processor utilization dropping by 1/3 to 1/2 on heavy load hours. Matt R. Scott Perry wrote: One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
Hi, Matt- We're running Declude JunkMail and Hijack. No AV on the mail server, primarily to keep the load down. We have a firewall antivirus appliance and a gateway server to take care of that. -d - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 12:40 PM Subject: Re: [Declude.JunkMail] Declude and attachments Scott, I've got a lot more BODY filters than Dave has, though I don't feel that they are excessive. I probably have about 1,500 BODY searches, but with SKIPIFWEIGHT they only run about 25% of the time. If Dave is using Declude Virus, I would also look there for the issue. Anything besides F-Prot and ClamAV in daemon mode will chug a server on a large attachment and it will use up far more processing than Declude JunkMail, but it will keep the Declude instance alive for longer. On about 65,000 messages a day currently, we generally see from 2 to 10 Declude processes running at one time with both F-Prot and AVG enabled (much less with just F-Prot). Disabling AVG results in our average processor utilization dropping by 1/3 to 1/2 on heavy load hours. Matt R. Scott Perry wrote: One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New Test possibility
With Declue removing the data between the in HTML messages to get the correct wording. Deasdsdasdadlude = Declude. Would a test that counts and/or totals the number of characters between a single asd or all the aaa's in a message be a viable ne test. That is a good idea (and one we're already working on). We already calculate the percentage of hidden characters (HTML code) to the total number of characters, but aren't doing anything with it yet (except logging it at the debug level). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
Matt- My body filters only catch about 4% of messages, but I don't know how often they are run. Is htere a convenient way to tell? -d - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 12:40 PM Subject: Re: [Declude.JunkMail] Declude and attachments Scott, I've got a lot more BODY filters than Dave has, though I don't feel that they are excessive. I probably have about 1,500 BODY searches, but with SKIPIFWEIGHT they only run about 25% of the time. If Dave is using Declude Virus, I would also look there for the issue. Anything besides F-Prot and ClamAV in daemon mode will chug a server on a large attachment and it will use up far more processing than Declude JunkMail, but it will keep the Declude instance alive for longer. On about 65,000 messages a day currently, we generally see from 2 to 10 Declude processes running at one time with both F-Prot and AVG enabled (much less with just F-Prot). Disabling AVG results in our average processor utilization dropping by 1/3 to 1/2 on heavy load hours. Matt R. Scott Perry wrote: One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
I haven't found any easy way to tell. The information is in the logs at high level. But I can chime in that SKIPIFWEIGHT bypasses about 80% of my e-mail that is obviously spam. TESTSFAILED ENDS for friendly domains/revdns drop off about 8% of e-mail that is most likely not spam, leaving about 12% of the e-mail that I run body filters on. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 06/17/04 12:03PM Matt- My body filters only catch about 4% of messages, but I don't know how often they are run. Is htere a convenient way to tell? -d - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 12:40 PM Subject: Re: [Declude.JunkMail] Declude and attachments Scott, I've got a lot more BODY filters than Dave has, though I don't feel that they are excessive. I probably have about 1,500 BODY searches, but with SKIPIFWEIGHT they only run about 25% of the time. If Dave is using Declude Virus, I would also look there for the issue. Anything besides F-Prot and ClamAV in daemon mode will chug a server on a large attachment and it will use up far more processing than Declude JunkMail, but it will keep the Declude instance alive for longer. On about 65,000 messages a day currently, we generally see from 2 to 10 Declude processes running at one time with both F-Prot and AVG enabled (much less with just F-Prot). Disabling AVG results in our average processor utilization dropping by 1/3 to 1/2 on heavy load hours. Matt R. Scott Perry wrote: One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Content Rules plus/vs. Sniffer?
Hey Matt: One question - I know that you have been spending a lot of time programming content filters. I'm curious whether you are using Sniffer and whether you found that you needed all those filters to improve detection over Sniffer rules (which then makes me wonder why they are not made part of Sniffer) - or whether you are trying to substitute Sniffer? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
I am not sure which Imail release included the log anylizer, 8.1 I think, if you have that version you can run the anylizer on your declude log files and just select unknown log lines It is a dirty way to do it but it gives you the info you are looking for Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 1:19 PM Subject: Re: [Declude.JunkMail] Declude and attachments I haven't found any easy way to tell. The information is in the logs at high level. But I can chime in that SKIPIFWEIGHT bypasses about 80% of my e-mail that is obviously spam. TESTSFAILED ENDS for friendly domains/revdns drop off about 8% of e-mail that is most likely not spam, leaving about 12% of the e-mail that I run body filters on. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 06/17/04 12:03PM Matt- My body filters only catch about 4% of messages, but I don't know how often they are run. Is htere a convenient way to tell? -d - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 12:40 PM Subject: Re: [Declude.JunkMail] Declude and attachments Scott, I've got a lot more BODY filters than Dave has, though I don't feel that they are excessive. I probably have about 1,500 BODY searches, but with SKIPIFWEIGHT they only run about 25% of the time. If Dave is using Declude Virus, I would also look there for the issue. Anything besides F-Prot and ClamAV in daemon mode will chug a server on a large attachment and it will use up far more processing than Declude JunkMail, but it will keep the Declude instance alive for longer. On about 65,000 messages a day currently, we generally see from 2 to 10 Declude processes running at one time with both F-Prot and AVG enabled (much less with just F-Prot). Disabling AVG results in our average processor utilization dropping by 1/3 to 1/2 on heavy load hours. Matt R. Scott Perry wrote: One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Per-user alert messages
I've looked in the documentation and haven't found (can't find :-) if it is possible to have a per user alert message. We need to build the messages with custom values (fields) from a database. TIA, Rod -- Roderick A. Anderson Project Manager Technology Services Management Group http://www.technologyservicesmanagementgroup.com/ Spokane WA, 99202 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and attachments
Hi Scott- My body filter runs last. It's set now to skip messages with attachments (Thanks, Rick Davidson for that one!). SKIPIFWEIGHT is just above my delete weight. I tried to derive from the daily report and WAMLOG how many times the filter runs, and my best guess is that it runs for around 25% of the messages. It would be nice to know if that is even close. Sounds like it might be if SKIPIFWEIGHT drops 80% of yours before the filter runs. -d - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 1:19 PM Subject: Re: [Declude.JunkMail] Declude and attachments I haven't found any easy way to tell. The information is in the logs at high level. But I can chime in that SKIPIFWEIGHT bypasses about 80% of my e-mail that is obviously spam. TESTSFAILED ENDS for friendly domains/revdns drop off about 8% of e-mail that is most likely not spam, leaving about 12% of the e-mail that I run body filters on. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 06/17/04 12:03PM Matt- My body filters only catch about 4% of messages, but I don't know how often they are run. Is htere a convenient way to tell? -d - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 12:40 PM Subject: Re: [Declude.JunkMail] Declude and attachments Scott, I've got a lot more BODY filters than Dave has, though I don't feel that they are excessive. I probably have about 1,500 BODY searches, but with SKIPIFWEIGHT they only run about 25% of the time. If Dave is using Declude Virus, I would also look there for the issue. Anything besides F-Prot and ClamAV in daemon mode will chug a server on a large attachment and it will use up far more processing than Declude JunkMail, but it will keep the Declude instance alive for longer. On about 65,000 messages a day currently, we generally see from 2 to 10 Declude processes running at one time with both F-Prot and AVG enabled (much less with just F-Prot). Disabling AVG results in our average processor utilization dropping by 1/3 to 1/2 on heavy load hours. Matt R. Scott Perry wrote: One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The
Re: [Declude.JunkMail] Declude and attachments
Statistics will give you a general idea. We generally hold messages at
a score of 10 or 13, but we stop processing custom filters using
SKIPIFWEIGHT when the score reaches 25 and we separate those messages
from the others since we feel +99.99% confident that they are spam and
this allows us to concentrate on reviewing the small amount that gets
held but scores lower. It's clear that after the RBL's and Sniffer run
over 90% of the spam is already beyond this weight, and our legitimate
message volume is less than 15%, so saying that our filters are run 25%
of the time is an understatement, it's more like 18% on our system.
YYMV of course. We take extra steps to move obvious patterns and
sources from our hold range to a score at or above 25 in order to
lighten the load of reviewing.
Since custom filters in Declude are the costliest in terms of
processing power, having a tight system and using a safe SKIPIFWEIGHT
value (beta/interim releases only) can save you at least 75% of the
load of JunkMail. We have probably about 8,000 lines of custom filters
presently and it only appears to cause spikes on large legitimate
messages which aren't common enough to be problematic at our current
volume. AV scanning however is a problem, one that could be helped
immensely by optimizations within Declude Virus, but that isn't your
problem.
Matt
Dave Doherty wrote:
Matt-
My body filters only catch about 4% of messages, but I don't know how often
they are run. Is htere a convenient way to tell?
-d
- Original Message -
From: "Matt" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 17, 2004 12:40 PM
Subject: Re: [Declude.JunkMail] Declude and attachments
Scott,
I've got a lot more BODY filters than Dave has, though I don't feel that
they are excessive. I probably have about 1,500 BODY searches, but with
SKIPIFWEIGHT they only run about 25% of the time.
If Dave is using Declude Virus, I would also look there for the issue.
Anything besides F-Prot and ClamAV in daemon mode will chug a server on
a large attachment and it will use up far more processing than Declude
JunkMail, but it will keep the Declude instance alive for longer. On
about 65,000 messages a day currently, we generally see from 2 to 10
Declude processes running at one time with both F-Prot and AVG enabled
(much less with just F-Prot). Disabling AVG results in our average
processor utilization dropping by 1/3 to 1/2 on heavy load hours.
Matt
R. Scott Perry wrote:
One instance of Declude, then two, then three, all in the 25%+ range.
As
soon as it dropped to two Decludes, Queue Manager came right in at
30-40%,
then the cycles dropped as QueueManager dropped down.
It does sound like it is the large files that are causing the problem.
One option would be to temporarily disable the BODY filter with the
200 lines in it, to see if that prevents the problem with the high CPU
usage in Declude JunkMail. That could indeed be causing the problem.
The other would be to use the debug mode ("LOGLEVEL DEBUG" in the
\IMail\Declude\global.cfg file) and waiting for one of these files to
be sent. We can look at the debug log file entries to get a better
idea of where the high CPU usage is occurring.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail
mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in
mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
[Declude.JunkMail] SKIPIFWEIGHT for external tests
Is there a way to use the SKIPIFWEIGHT option for external tests? There are some nice external plugins for JunkMail, but I would like not to run them on mails that all ready meet our hold weight. Thanks! Ken Weise Econocaribe Consolidators, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SKIPIFWEIGHT for external tests
Is there a way to use the SKIPIFWEIGHT option for external tests? No, that option only applies to filters. There are some nice external plugins for JunkMail, but I would like not to run them on mails that all ready meet our hold weight. Thanks! We are considering an option that would allow you to bypass external tests under certain conditions. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Content Rules plus/vs. Sniffer?
Andy, I know I am not Matt, but I wanted to chime in here. We have a lot of body filters and we use sniffer as well. Mostly because we can quickly code rules to block spam that is coming in at that momemnt instead of waiting for a rule base update. Also, not all of the spam we get ends up in the sniffer database. We use our filters to compliment sniffer. Darrell - Check out http://www.invariantsystems.com for utilities for Declude and Imail. Andy Schmidt writes: Hey Matt: One question - I know that you have been spending a lot of time programming content filters. I'm curious whether you are using Sniffer and whether you found that you needed all those filters to improve detection over Sniffer rules (which then makes me wonder why they are not made part of Sniffer) - or whether you are trying to substitute Sniffer? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Content Rules plus/vs. Sniffer?
Andy Schmidt wrote: Hey Matt: One question - I know that you have been spending a lot of time programming content filters. I'm curious whether you are using Sniffer and whether you found that you needed all those filters to improve detection over Sniffer rules (which then makes me wonder why they are not made part of Sniffer) - or whether you are trying to substitute Sniffer? I'm not trying to substitute Sniffer, but I see no reason to be heavily dependent on it either. Sniffer is a critical component on our system and it hits 94% to 97% of the messages that we block on a daily basis. The results on pure spam is probably a bit higher, but for instance we are blocking about 2% of our volume as Joe-Job bounces and there are other things that get blocked that aren't technically spam, but is garbage, and while Sniffer does hit on much of this stuff, it does in lower numbers. I consider Sniffer primarily to be my substitute for content filtering. Instead of tagging the wordage, it tags the links primarily (some exceptions of course). When combined with other filters, it is much more powerful than both alone, and the same thing goes of our custom filters. So for instance, if we get a DUL hit plus Sniffer hit, the confidence in it being spam goes up and we add extra points for that condition as well as many others, this also allows us to lower the scores on both Sniffer and DUL hits (and others) because combination filters are like multipliers, and they often hit in combination. At the same time however we were finding that a good deal of obvious DUL stuff wasn't hitting on the DNSBL's that we use so we started creating our own DUL filters based on reverse DNS entries using the new NOTCONTAINS functionality (required for this sort of work). We are now tagging 20% more DUL hits as a result, and doing it more reliably than before in fact (we defeat the filter when IPNOTINMX is not hit, meaning that an MX record has been created for the domain to point to that DUL space, thus allowing servers from such space to connect without punishment). I actually consider most of my filters to be technical heuristics instead of content filters because I'm looking for patterns in almost all of them and not words or phrases. I've gotten serious about pushing a business model for spam blocking in recent months and word-of-mouth combined with old-fashioned sales has brought us a good deal of business for a company that hasn't even launched a site or done any advertising. Our spam blocking percentage is about 99.7% on our Medium setting (Hold at 13). While that is definitely much better than the big players and impossible to beat measureably, I figure that over time the big players will catch up or come a lot closer. What makes us special though is that we have managed to segregate the blocked messages so that 99% of it lands in what we call Drop (score of 25+) and 1% of it lands in Hold (score of 10 or 13-24), and along with that comes other associated capabilities. We are able to review our Hold file for every one of our customers on a daily basis because the work load is so little, for instance yesterday out of just over 52,000 blocked messages, only 465 landed in our Hold range (0.89%). We advise our customers to review this themselves and by not mixing in 100% of the spam for them to review, it makes it much more likely that they will do so. Naturally not all false positives will land in our Hold range, but I have never seen a personal message land in our Drop range, and it's generally very gray stuff that lands in Drop such as some newsletter that uses the services of a company that primarily engages in spamming (I've only caught this 3 times in Drop, but it should be more than 99.99% accurate). We try to get all mixed sources to land in Hold however, but sometimes Sniffer helps to push some over the top and of course we also make mistakes. Yesterday we found and reprocessed 9 false positives (personal E-mail and newsletters) out of 52,000 messages blocked, and we resolved the conditions that created every one of them so that they would no longer have issues. There was some additional advertising content that is questionable that was blocked as well but those things generally require more research and are not handled immediately as they are not missed. Without Sniffer our accuracy would go down and the size of our hold file would go up, and we would leak more spam, but we would survive and that's important because we can't become completely dependent on any single source of data as that represents a liability. Sniffer has played a major role in our ability to do all of this, but on it's own it's just another tool, albeit one that hits the vast majority of spam, and it's up to the administrator to make as much as they can of it. By creating pattern filters and also our own RBL, we are able to achieve better differentiation between spam and
Re: [Declude.JunkMail] Content Rules plus/vs. Sniffer?
- Original Message - From: Matt [EMAIL PROTECTED] I recommend that everyone buy Sniffer, and it's not just because I think Pete is a swell guy :) Ditto, and it is because I think that Pete's a swell guy and, well, Sniffer is a pretty darn good product too! ;-) Seriously, though, Declude JunkMail and Sniffer is as an awesome spam-stopping combination! Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IP4R DNS lookup
I was wondering how reliable the ip4r lookups are. There seems to be a lot of SPAM that is only failing one of the ip4r test (SORBS, SBL, AHBL, etc) and no more of the test, hence delivering the SPAM. Is it safe to increase the weight of all these test to my deletion weight in order to stop them from being delivered or are there some false positives that may be caught? Isaias Hernandez TC Online Internet Support 979-775-6239 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Content Rules plus/vs. Sniffer?
On Thursday, June 17, 2004, 4:23:10 PM, Matt wrote: snip/ M I recommend that everyone buy Sniffer, and it's not just because I think M Pete is a swell guy :) The check is in the mail ;-) _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Scott - Is it possible to get Hijack to run after DJMP? This would help me to better manage my backup mailserver - Thanks -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
Is it possible to get Hijack to run after DJMP? This would help me to better manage my backup mailserver - The only way to do that would be if you are also running Declude Virus, you could use the AVAFTERJM ON option to force Declude Virus to run after Declude JunkMail, which also forces Declude Hijack to run last (since Declude Hijack always runs after Declude Virus). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IP4R DNS lookup
Hi, I have used filters to summarize categories of ip4r and other tests. All the open relay tests will fail ONE filter. So whether one or 4 black-lists say it's an open relay - it will only get ONE weight. All the DUL/DUHL will fail ONE filter. So, whether a dial-up or dynamic port is listed in one or many black-lists - it will only get ONE weight. This technique allowed me to check against MORE blacklists AND define a higher weight for each class of blacklist. I don't have to fear that just because a dial-up port is widely known it will suddenly fail JUST on that. Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Hijack question
On 17 Jun 2004 at 17:47, R. Scott Perry wrote: Perfect. Thanks! -Nick Is it possible to get Hijack to run after DJMP? This would help me to better manage my backup mailserver - The only way to do that would be if you are also running Declude Virus, you could use the AVAFTERJM ON option to force Declude Virus to run after Declude JunkMail, which also forces Declude Hijack to run last (since Declude Hijack always runs after Declude Virus). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] TESTSFAILED END Question
I seen this post below and wanted to implement the TESTSFAILED to exit out of one of my body filters based on if another test was already triggered. Is the below line correct (assuming REVERSEDNSFILTER is one of my filters that occurs before the filter I put the below line in)? TESTSFAILED END CONTAINS REVERSEDNSFILTER [2] When that line is matched does it show in the logs? Darrell - Check out http://www.invariantsystems.com for utilities for Declude and Imail. Scott Fisher writes: I haven't found any easy way to tell. The information is in the logs at high level. But I can chime in that SKIPIFWEIGHT bypasses about 80% of my e-mail that is obviously spam. TESTSFAILED ENDS for friendly domains/revdns drop off about 8% of e-mail that is most likely not spam, leaving about 12% of the e-mail that I run body filters on. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 06/17/04 12:03PM Matt- My body filters only catch about 4% of messages, but I don't know how often they are run. Is htere a convenient way to tell? -d - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 12:40 PM Subject: Re: [Declude.JunkMail] Declude and attachments Scott, I've got a lot more BODY filters than Dave has, though I don't feel that they are excessive. I probably have about 1,500 BODY searches, but with SKIPIFWEIGHT they only run about 25% of the time. If Dave is using Declude Virus, I would also look there for the issue. Anything besides F-Prot and ClamAV in daemon mode will chug a server on a large attachment and it will use up far more processing than Declude JunkMail, but it will keep the Declude instance alive for longer. On about 65,000 messages a day currently, we generally see from 2 to 10 Declude processes running at one time with both F-Prot and AVG enabled (much less with just F-Prot). Disabling AVG results in our average processor utilization dropping by 1/3 to 1/2 on heavy load hours. Matt R. Scott Perry wrote: One instance of Declude, then two, then three, all in the 25%+ range. As soon as it dropped to two Decludes, Queue Manager came right in at 30-40%, then the cycles dropped as QueueManager dropped down. It does sound like it is the large files that are causing the problem. One option would be to temporarily disable the BODY filter with the 200 lines in it, to see if that prevents the problem with the high CPU usage in Declude JunkMail. That could indeed be causing the problem. The other would be to use the debug mode (LOGLEVEL DEBUG in the \IMail\Declude\global.cfg file) and waiting for one of these files to be sent. We can look at the debug log file entries to get a better idea of where the high CPU usage is occurring. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] TESTSFAILED END Question
I seen this post below and wanted to implement the TESTSFAILED to exit out of one of my body filters based on if another test was already triggered. Is the below line correct (assuming REVERSEDNSFILTER is one of my filters that occurs before the filter I put the below line in)? TESTSFAILED END CONTAINS REVERSEDNSFILTER That should work fine. [2] When that line is matched does it show in the logs? No, it does not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IP4R DNS lookup
It depends on the IP4R tests. For example SBL/XBL is very reliable and I weight them high. However, most the of the IP4R tests we weight low/medium. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: TCOnline Internet Support [EMAIL PROTECTED] To: Declude.JunkMail [EMAIL PROTECTED] Sent: Thursday, June 17, 2004 4:57 PM Subject: [Declude.JunkMail] IP4R DNS lookup I was wondering how reliable the ip4r lookups are. There seems to be a lot of SPAM that is only failing one of the ip4r test (SORBS, SBL, AHBL, etc) and no more of the test, hence delivering the SPAM. Is it safe to increase the weight of all these test to my deletion weight in order to stop them from being delivered or are there some false positives that may be caught? Isaias Hernandez TC Online Internet Support 979-775-6239 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Weight Ranges
Scott, How much extra processing to an e-mail does adding a bunch of weight range statements like: WEIGHT1019 weightrange x x 10 19 WEIGHT2029 weightrange x x 20 29 WEIGHT3034 weightrange x x 30 34 WEIGHT3539 weightrange x x 35 39 I really just want these just to report on from the logs rather than take action on them during e-mail processing. My guess is that it should not take too much CPU. Also if I so not want these tests to show up in the %TESTSFAILED% variable then would I add HIDETESTS WEIGHT1019 WEIGHT2029.. And would I need to put in the $default$.junkmail file WEIGHT1019 LOG I do not want to bother putting a line in the headers but I want to have them in the log file for reporting. Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
