If this works it's a slick hack!
Well tested Sandy?
Well, _production_ tested ;). . . looks good to me so far.
Of course, anyone using this (and SPAMC32's '-sw' switch as well)
needs to remember that apparent hit rates are strongly affected when
you don't pass all messages through a
I'm tinkering around with SPAMCHK and it recommends moving to a 0-100 scale.
Has anyone done this before? If so, should I just increase my current
weights proportionally from 0-20 to 0-100?
Thanks
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
On Wednesday, October 20, 2004, 8:36:48 AM, Mark wrote:
MES I'm tinkering around with SPAMCHK and it recommends moving to a 0-100 scale.
MES Has anyone done this before? If so, should I just increase my current
MES weights proportionally from 0-20 to 0-100?
That works.
_M
---
[This E-mail was
Scott -
Is there a limit to how many tests that can be hidden? Do all the
tests that are listed have to be on a single line?
Thanks!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
Is there a limit to how many tests that can be hidden? Do all the
tests that are listed have to be on a single line?
They do all have to be on the same line. The only limit is that Declude
JunkMail only looks at the first 1,000 or so characters of the line, so a
*very* long line could get cut
Hi,
I have never seen a server identify it self this way, my guess is that
this breaks many rules. Can you whitelist the FROM it is
From: [EMAIL PROTECTED]://list.novell.com
Or do I have to whitelist the 137.65.175.10 incoming IP address?
Thanx
Headers:
Received: from
I would whitelist the IP or Subnet.
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 20, 2004 9:58 AM
Subject: [Declude.JunkMail] Can this be whitelisted?
Hi,
I have never seen a server identify it self this way, my guess is that
Hi,
We use Imail and Declude and need to implement a way to flag bounced emails
and remove them from our newsletter lists. I found an article about
Variable Envelope Return Paths, here:
http://cr.yp.to/proto/verp.txt
Has anyone implemented this or something similar that you would recommend?
If
- Original Message -
From: Chris Hickey [EMAIL PROTECTED]
We use Imail and Declude and need to implement a way to flag bounced
emails
and remove them from our newsletter lists. I found an article about
Variable Envelope Return Paths, here:
http://cr.yp.to/proto/verp.txt
Has anyone
Does anyone have a decent filter for Newsletters, Yahoo/Google News Alerts,
etc?
We've re-worked out filters and everything's working well now except the
Requested Bulk email (Newsletters, automated mailings, etc).
Thanks
---
[This E-mail was scanned for viruses by Declude Virus
Hi -
Sorry for the OT post, but I am in need of assistance.
I have 200,000 + TIFF (70 GB Worth)images on an external USB 2.0 hard
drive that I need to copy to my local hard drive. It is taking
forever.
Does anyone know what the fastest way to do this is ?
Drag and Drop ?? Cut and Paste ??
Goran Jovanovic wrote:
I am doing gateway anti-spam scanning for a school which has GroupWise
as the e-mail system. We are seeing many e-mails going to students that
are not there anymore which then creates an NDR at their end which then
floods their system .
Now is it possible to do one of
I don't know the answer you are specifically looking for, but you might take
the drive out of the USB case and mount it directly into the PC as a slave
drive. Copying (regardless of method) should go much more quickly then.
Paul Navarre
-Original Message-
From: [EMAIL PROTECTED]
Depending upon the drive there may not be a great way. Got this from a web
page on USB2:
Unfortunately, the phrase USB 2.0 does not necessarily mean 480Mbps of
throughput. USB 2.0 now has three different signaling rates: Low Speed
(1.5Mbps),
Does the computer/server you're connecting your external hard drive to have
USB 2.0 ports? I usually get about 650MB/minute with this kind of
setup. A 70GB should take about 2 hours.
Mike
At 01:59 PM 10/20/2004, you wrote:
Hi -
Sorry for the OT post, but I am in need of assistance.
I have
Jeff Pereira wrote:
What's killing me is not so much the amount of data, but the fact that
there are so many small files. I'm gonna have to try XCOPY on the
next folder and see how that works.
I can't remember but do TIFF files compress well? Might be worth it to
ZIP them and copy that over.
I can't remember but do TIFF files compress well? Might be worth it to
ZIP them and copy that over.
In this case that won't work. To zip them will require copying them over
the USB 2.0 connection anyway and that appears to be the bottleneck.
Using xcopy should be the most efficient, but
Since the fromfiles are loaded first and weight assigned after it gets a
hit, even before RBL's, can I use the skipifweight or STOPATFIRSTHIT
option in the fromfiles? Thanks for the aid.
Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
Graphic files as a general rule don't compress well.
Mike
At 03:26 PM 10/20/2004, you wrote:
Jeff Pereira wrote:
What's killing me is not so much the amount of data, but the fact that
there are so many small files. I'm gonna have to try XCOPY on the
next folder and see how that works.
I can't
It looks like spammers are starting to randomize their helo strings I just
received this as a helo
rnddg[2].rnddg[2].rnddg[2].rnddg[2]
Looks like it is trying to create a random ipaddress for the helo.
Kevin Bilbee
---
[This E-mail was scanned for viruses by Declude Virus
I believe that you could do this with a program alias and sub-mailbox
functionality. The Mail From would need to begin with your program
alias address followed by a dash, and then your list and recipient
information inserted into the sub-mailbox portion of the address. The
program alias
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
It looks like spammers are starting to randomize their helo strings I just
received this as a helo
rnddg[2].rnddg[2].rnddg[2].rnddg[2]
Looks like it is trying to create a random ipaddress for the helo.
DNSBLs use client IP
I think the point was not what to do with this broken one, but that spammers
are using random digits for their HELO. One of the HELOISIP plugins should
handle those nicely, though...with appropriate weighting.
Darin.
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL
Huh? The logic flaw in trying to zip first, then copy aside (since the file
would have to first be copied into RAM, then zipped, then stored back onto
the USB drive...better just to copy)... uncompressed TIFFs (TIFFs have had
an option for LZW compression since the mid 90s) compress pretty well
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
I think the point was not what to do with this broken one, but that
spammers
are using random digits for their HELO. One of the HELOISIP plugins
should
handle those nicely, though...with appropriate weighting.
Precisely my
Hmmm...I think we all care. Knowing what the spammers are doing helps us
block it. It's one thing to have a test that identifies it. It's another
to know what the spammers are doing and use that info wisely.
I think the point is to watch your incoming for the possibility of
increasing the
Darin got it correct I was pointing this out becuse some on this list
suggested the blocking an email that has an ip for its hello is not a good
way to block spam. I personally think it is.
Using HELOISIP or CONTAINSIP is a valid blocking method. If the ip is well
formed [x.x.x.x] I check it
Bill,
There is great value in knowing these patterns, and simply having a
bogus HELO is not enough to consider something as being spam.
When spammers randomize header elements, they actually create patterns
that can be tracked. This is ever evolving. Clearly we know about the
use of the MX's
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
Hmmm...I think we all care. Knowing what the spammers are doing helps us
block it. It's one thing to have a test that identifies it. It's another
to know what the spammers are doing and use that info wisely.
I think the point
- Original Message -
From: Matt [EMAIL PROTECTED]
There is great value in knowing these patterns, and simply having a
bogus HELO is not enough to consider something as being spam.
In this case I think it is good enough to consider it spam. It is not an
RFC compliant helo hostname,
Because we see a lot of legitimate mail that fails HELO/EHLO, we cannot
block on this alone. You're extremely lucky if you've found that all bogus
HELOs are spam. There's a thread in the IMail forum right now discussing MS
mail clients that send machine names without FQDN, and would thus fail
Bill,
Please remember the old thing about YYMV, and also that different
people have different standards.
Your suggestion to block invalid HELO's would create big issues for my
system, in fact I only weight HELOBOGUS at about 25% of my hold
weight. For instance, have you ever seen a message
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
Darin got it correct I was pointing this out becuse some on this list
suggested the blocking an email that has an ip for its hello is not a good
way to block spam. I personally think it is.
Using HELOISIP or CONTAINSIP is a
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
Because we see a lot of legitimate mail that fails HELO/EHLO, we cannot
block on this alone. You're extremely lucky if you've found that all
bogus
HELOs are spam. There's a thread in the IMail forum right now discussing
MS
mail
Brackets are perfectly valid in the host name if they wrap an ip address.
[xxx.xxx.xxx.xxx]. I have seen this only from valid sources and if I
remember correctly HELOBOGUS will pass a wellformed ip address.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Because we don't know it's spam. Web scripts and MS clients often have bad
HELO strings. Yes, it would be nice if we could block just on this, but we
can't as we see legit mail with bad HELO info.
I suspect you're probably blocking some legit mail as well...but maybe not.
Might want to look at
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 20, 2004 5:53 PM
Subject: RE: [Declude.JunkMail] Random Helo strings
Brackets are perfectly valid in the host name if they wrap an ip address.
[xxx.xxx.xxx.xxx]. I have seen this
- Original Message -
From: Matt [EMAIL PROTECTED]
Please remember the old thing about YYMV, and also that different people
have different standards.
Your suggestion to block invalid HELO's would create big issues for my
system, in fact I only weight HELOBOGUS at about 25% of my hold
I guess my rules aren't quite to the point where I can clearly separate the
legit mail with bogus HELOs from the spamwithout relying on other tests
in a weighting system. That's why it wouldn't work for me to block on this
alone.
Perhaps you have some better rules in place that some of us
Why do I need further validation. Because mail admins have different levels
of abilities and mail server may or may not force proper configuration. Can
you name one mail server that verifies that it is setup properly.
It would be great if mail servers had preset rolls and they verified their
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
Because we don't know it's spam. Web scripts and MS clients often have
bad
HELO strings. Yes, it would be nice if we could block just on this, but
we
can't as we see legit mail with bad HELO info.
I suspect you're probably
I was replying to your comment that you block helo strings thar are ip
addresses. Look at your previous post.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bill Landry
Sent: Wednesday, October 20, 2004 6:00 PM
To: [EMAIL PROTECTED]
My point of posting it was that it is a spammers intent to randomize the
HELO string as different ip addresses. Not to ask if it is valid. The
messages was clearly spam from a bulk mailer.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
I think we're missing the point here. Kevin wasn't asking about how to
block this particular HELO string, or even its pattern, but instead pointing
out that spammers have code in place to randomly generate numbers for the
IP. This spammer had a failure that revealed the code...it looks like in
Yes, obviously...but Kevin was sharing so we could all understand not this
particular example, but that some spammers are using code to generate random
IPs of the form ##.##.##.##.
What we have here is a failure to communicate...grin
Darin.
- Original Message -
From: Bill Landry
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
I guess my rules aren't quite to the point where I can clearly separate
the
legit mail with bogus HELOs from the spamwithout relying on other
tests
in a weighting system. That's why it wouldn't work for me to block on
this
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
I was replying to your comment that you block helo strings thar are ip
addresses. Look at your previous post.
Nope, never said that and have never done that. The only exception, like I
said, is if the connecting mail server
No Postfix, but something I may think about.
I've been meaning to for a while, but it seems I really need to upgrade to
Pro, huh? grin
Darin.
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, October 20, 2004 9:21 PM
Subject: Re:
Ok this is what I was responding to. You are correct you did not say that
but [] are valid in the HELO string if they are in the form of a well formed
IP. We have a few customers that send mail with the HELO being a wellformed
IP.
In this case I think it is good enough to consider it spam. It
Gotcha. Specific customer set, specific needs and configuration. Ours is
more general, so we can't be quite that strict. Fortunately there's more
than one way to skin a cat ... nothing against cats, I have two...and
wouldn't dream of skinning them...most of the time...grin
Darin.
-
I agree about the cat thisn that is why we named out cat PITA.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday, October 20, 2004 6:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Random Helo
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
No Postfix, but something I may think about.
I block about 60,000 messages per day at each of my two Postfix gateways
using a combination of client, hostname, header checks and greylisting
filter rules. Obviously this takes a huge
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
Ok this is what I was responding to. You are correct you
did not say that but [] are valid in the HELO string if they
are in the form of a well formed IP. We have a few customers
that send mail with the HELO being a
Thanx Bud,
I think a script will be necessary since there are about 800 legitimate
addresses. The aliases are in the registry so with some simple scripting
I could import a list into the registry.
Just to make sure I understand, you would not add any users to the iMail
domain you would just add
I think the question was about zipping graphic files, which as a general
rule, don't get much smaller after they're zipped (as compared to text
files, etc.). I wasn't taking about the compression contained in a
particular graphic format. I get about 15%-25% reduction zipping the
uncompressed
55 matches
Mail list logo
