[Declude.JunkMail] Beginner configuration?
Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Failing my own MAILFROM test
On 3-3-05, Andy Wrote Query THOSE DNS servers to see if they have MX/A records. Sometimes people have an internal DNS server for the AD domain that doesn't have the public records. That was it. Thanks Andy! --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Joey, Declude is very effective when tweaked. Not to mention the default global.cfg ships without all of the RBL's that most of us use (XBL, UCE, MAIL-POLICE, SENDERDB). Also, there are other 3rd patry utilties which are very effective at catching spam like like invURIBL and Message Sniffer. Both of those applications have trial versions. Are you still using the default scale? Since you have been working with your global.cfg you might want to post it to the list for us to look over it and see what you have done so far as to make suggestions. For your clients that you are not in control of I would imagine that you know the ip blocks they come from or the firewall ip that they are behind that. You can whitelist that ip so that them failing the cmdspace will not be a factor. CMDSPACE is very effective but direct connects from clients using outlook will set that off. For SPAMHEADERS I use LOOSENSPAMHEADERS ON this relaxes the spamheaders test so that it does not trigger on missing message ID emails. Hope that helps, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 7 0 #MTLDB ip4rmtldb.declude.com 127.0.0.2 3 0 BONDEDSENDERip4rquery.bondedsender.org 127.0.0.10 -10 0 #ADDITIONAL USED RBL IP4R TESTS #FIVETENSRC ip4rblackholes.five-ten-sg.com 127.0.0.2 2 0 #JAMMDNSBL ip4rdnsbl.jammconsulting.com127.0.0.2 2 0 #= RHBSL TESTS == DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 3 0 #NOABUSErhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 #NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 1 0 #= OTHER TESTS == BADHEADERS badheaders x x 8 0 BASE64 base64 x x 4 0 CMDSPACEcmdspacex x 8 0 COMMENTScommentsx x 7 0 HELOBOGUS helovalid x x 4 0 MAILFROMenvfrom x x 12 0 PERCENT percent x x 10 0 REVDNS revdnsexistsx x 4 0 ROUTING spamrouting x x 2 0 SPAMHEADERS spamheaders x x 3 0 SPFFAIL spffail x x 3 0 SPFPASS spfpass x x -3 0 #BCCbcc 20 x 5 0 NONENGLISH nonenglish x x 0 0 #SUBJECTCHARS subjectchars50 x 0 0 #SUBJECTSPACES subjectspaces 12 x 5 0 #=== FILTERS === #SUBJECTfilter [path]\Filters\Subject.txt x
Re: [Declude.JunkMail] Beginner configuration?
Some stats on how rate their test performances: Marcus: http://www.zcom.it/decludeupdater/spam_stats.htm Sort Monster: http://www.sortmonster.com/MDLP/ Mine: http://it.farmprogress.com/declude/declude.htm Andrew posted a filter that removes quite a few false positives for CMDSPACE: http://www.mail-archive.com/declude.junkmail@declude.com/msg23396.html I think you'd be best off adding some content checking. Either invuribl or Message Sniffer. - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 7:13 AM Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Joey, If you go here http://declude.mydomain.com/ (where mydomain.com is the domain I use in my from address) you can see the part of our Declude JunkMail Config which we make public. Thanks, Dan - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:13 AM Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Joey, A couple of thoughts. 1.) Look at adding a content test like invURIBL or Message Sniffer. Both have trials. 2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers can easily setup SPF records. 3.) Add a few of the other RBL style tests. make sure you adjust the weight for your system and add the corresponding entries in the $default$.junkmail file. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 12 0 XBL(ALL) ip4r sbl-xbl.spamhaus.org 127.0.0.4 4 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 6 0 UCEPROTECT-ALL ip4r dnsbl-1.uceprotect.net 127.0.0.2 2 0 SENDERDB-BLACK ip4r pub.senderdb.net 127.0.0.2 10 0 SENDERDB-SUSPICIOUS ip4r pub.senderdb.net 127.0.0.4 4 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com 127.0.0.2 10 0 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 7 0 #MTLDB ip4rmtldb.declude.com 127.0.0.2 3 0 BONDEDSENDERip4rquery.bondedsender.org 127.0.0.10 -10 0 #ADDITIONAL USED RBL IP4R TESTS #FIVETENSRC ip4rblackholes.five-ten-sg.com 127.0.0.2 2 0 #JAMMDNSBL ip4rdnsbl.jammconsulting.com127.0.0.2 2 0 #= RHBSL TESTS == DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 3 0 #NOABUSErhsbl abuse.rfc-ignorant.org 127.0.0.4 2 0 #NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 1 0 #= OTHER TESTS ==
RE: [Declude.JunkMail] Declude 2.x
Right, so they have to make it so that we can account for this which is what they didn't do when they made the change in 2.0 as we do know what the account name is, however, if you don't have pro version that is even a bigger issue. Not a problem for me, but perhaps others. --- Network Administrator [EMAIL PROTECTED] -- Original Message -- From: Kevin Bilbee [EMAIL PROTECTED] Reply-To: Declude.JunkMail@declude.com Date: Thu, 3 Mar 2005 14:48:31 -0800 The copy all account is added before the message is passed ot declude so declude should not know the difference. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ncl Admin Sent: Thursday, March 03, 2005 2:34 PM To: Declude.JunkMail@declude.com; Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Declude 2.x At 04:40 PM 3/3/2005 -0500, Andy Schmidt wrote: I generally agree that the new function is desirable. Now we just need to figure out how to implement it robustly. E.g., when Declude modifies the envelope to the new route-to address, it may have to remember that new recipient so that it can reference it in case it later encounters a DELETE action. Or, to reverse that logic, let the ROUTETO remember the new recipient - but don't actually update the envelope until Spam processing for that user is complete. The problem is the COPYALL account as it will always be HELD rather than have SPAM deleted as it always fails enough HOLD actions prior to DELETE weight. And as the COPYALL isn't a real part of the envelope it most likely causes more problems since it is added somewhere in IMAIL as a seperate addressee. [This E-mail scanned for viruses by F-Prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [This E-mail scanned for viruses by F-Prot] [This E-mail scanned for viruses by F-Prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude 2.x
I expect to re-route email that fails WEIGHT10 but to simply delete email when it fails the higher weight because the probability of spam there is much higher and I do not want to waste my time checking it. The problem is that the WEIGHT10 ROUTETO action removes me as a recipient and replaces me with [EMAIL PROTECTED]; when the DELETE action is triggered, it tries to delete me as a recipient, but I have already been replaced, so the deletion does not occur. Wow, that is REALLY NOT how this should be working. The clear and obvious mistake was to let the ROUTETO action change the recipient for which the actions were being applied. If you don't see the err in this, please chime up because I could write a book about how this is bad and will have many unintended consequences. I have not been following the thread in detail, but if some one that is having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure there are no overlappings, I have a feeling the at least part of the problem might be resolved. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Thanks Dan, Is it generally frowned upon to use another company's spam setup, like yours? My feelings are that I'm not very experienced with this and you seem to have a very nice setup. I know I'd have to change a few things to reflect our system, but it would take me years to learn enough about spam and mail servers to setup something like that. Mail is only a fraction of what I do here...I need as much a plug and play system as I can :) Thanks. Joey At 10:29 AM 3/4/2005, you wrote: Joey, If you go here http://declude.mydomain.com/ (where mydomain.com is the domain I use in my from address) you can see the part of our Declude JunkMail Config which we make public. Thanks, Dan - Original Message - From: Joey Proulx [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:13 AM Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 2.x
John Tolmachoff (Lists) wrote: I have not been following the thread in detail, but if some one that is having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure there are no overlappings, I have a feeling the at least part of the "problem" might be resolved. No, this isn't an appropriate solution. The change makes ROUTETO the final action, and now it has precedence over DELETE. If you have a filter called BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it fails something that has a ROUTETO action, it will not be deleted. This change removes our ability to override ROUTETO in special circumstances. While most issues will be fixed by preventing the overlapping of weight ranges and the actions, that only applies to weight based things, and this ties our hands when it comes to taking actions regardless of weight. That's completely unacceptable, and I also assume that it was unintentional; the result of an oversight. If DELETE is to be changed in the way that they did, they must make it be able to target a recipient that has already been tagged with ROUTETO. It makes no sense to use the changed ROUTETO address for determining further actions. This will also be very difficult to troubleshoot in some circumstances and also difficult to keep track of. Declude needs to make sure that the actions are not applied based on the ROUTETO address' config, but instead the original recipient's config. If they did that, all problems would be solved, including the overlapping weight range issue that seemingly has stung so many here. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Beginner configuration?
Chipping in my two cents, I'd say you've received excellent advice for tuning Declude so far. As a busy sysadmin myself, I'll add some less specific advice from the field. Hopefully others will see fit to add their observations. Go with the weighted system. You're busy, but resist the urge to go for need a bigger hammer solutions. The worst thing you can do is create a filter or ramp up the weight for a specific blacklist, or make a DELETE action on a single test. Living with some spam is better than spending all of your time fighting it and fishing false positives out of your spam folder. Start with Declude 2.x, the organization of the log file makes it far more readable than previous versions. Your users will call you about missing mail (false positives). Get specific information from them about who sent it to whom and when. Write down your procedure for finding these missing emails and how to re-queue them. grep is your friend. Use find.exe if you're more comfortable, but if you have large logs or a slow computer, you'll love using grep instead. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joey Proulx Sent: Friday, March 04, 2005 5:14 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Beginner configuration? Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude 2.x
We use weightrange and do not use per user configurations. Also the messages that were over our delete weight and not deleted did not contain a routto action?? Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of MattSent: Friday, March 04, 2005 9:17 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude 2.xJohn Tolmachoff (Lists) wrote: I have not been following the thread in detail, but if some one that is having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure there are no overlappings, I have a feeling the at least part of the "problem" might be resolved.No, this isn't an appropriate solution. The change makes ROUTETO the final action, and now it has precedence over DELETE. If you have a filter called BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it fails something that has a ROUTETO action, it will not be deleted. This change removes our ability to override ROUTETO in special circumstances. While most issues will be fixed by preventing the overlapping of weight ranges and the actions, that only applies to weight based things, and this ties our hands when it comes to taking actions regardless of weight. That's completely unacceptable, and I also assume that it was unintentional; the result of an oversight.If DELETE is to be changed in the way that they did, they must make it be able to target a recipient that has already been tagged with ROUTETO. It makes no sense to use the changed ROUTETO address for determining further actions. This will also be very difficult to troubleshoot in some circumstances and also difficult to keep track of.Declude needs to make sure that the actions are not applied based on the ROUTETO address' config, but instead the original recipient's config. If they did that, all problems would be solved, including the overlapping weight range issue that seemingly has stung so many here.Matt-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Declude 2.x
Title: Message Hi Nick, John, Eric, Fritz, Kevin, Dan, NCL Admin, et al: This change removes our ability to override ROUTETO in special circumstances. I recommendyou sit tight just a little longer. The "new" behavior apparently was not intended and I'm certain, Declude will be made "downward" compatible. It may help to check your configurations to whether you can company specific (= per domain) actions. If you areusing either of these two features: - \Domain.com\$default$.junkmail- REDIRECT @domain.com then this may explain the (unexpected/temporarily) changed handling of DELETE, HOLD and other actions. Again, I believe this will be corrected. Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/ -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Friday, March 04, 2005 12:17 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude 2.xJohn Tolmachoff (Lists) wrote: I have not been following the thread in detail, but if some one that is having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure there are no overlappings, I have a feeling the at least part of the "problem" might be resolved.No, this isn't an appropriate solution. The change makes ROUTETO the final action, and now it has precedence over DELETE. If you have a filter called BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it fails something that has a ROUTETO action, it will not be deleted. This change removes our ability to override ROUTETO in special circumstances. While most issues will be fixed by preventing the overlapping of weight ranges and the actions, that only applies to weight based things, and this ties our hands when it comes to taking actions regardless of weight. That's completely unacceptable, and I also assume that it was unintentional; the result of an oversight.If DELETE is to be changed in the way that they did, they must make it be able to target a recipient that has already been tagged with ROUTETO. It makes no sense to use the changed ROUTETO address for determining further actions. This will also be very difficult to troubleshoot in some circumstances and also difficult to keep track of.Declude needs to make sure that the actions are not applied based on the ROUTETO address' config, but instead the original recipient's config. If they did that, all problems would be solved, including the overlapping weight range issue that seemingly has stung so many here.Matt-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = attachment: HMSoftSmall.jpg
Re: [Declude.JunkMail] Declude 2.x
Kevin, A per-domain config can also have an effect. This very well might not be the case with your issue, but in this context I believe that I should explain further just in case. If you have a message sent to [EMAIL PROTECTED] that fails tests that result in both a ROUTETO and DELETE action for example.com, it might not actually get deleted, instead after failing the ROUTETO action, it will use the config for whatever per-domain/per-user config the ROUTETO was pointed at. So if it was ROUTETO [EMAIL PROTECTED], then Declude would pull the config for otherdomain.com or [EMAIL PROTECTED] and only execute actions based on that, or at least that is what I understand. If it didn't fail a DELETE test in otherdomain.com, it would simply be delivered to the ROUTETO address. While most issues that this creates can be worked around, it is unwieldy, excessively complicated, and clearly leads to unexpected results, especially in a multiple domain environment with per-domain configs, or those with per-user configs. From a high level view, the fix is simple, they just shouldn't use the ROUTETO address's config for determining actions. They should only use the final recipient in IMail, prior to reaching Declude, for determining all actions. If you post more of your circumstance, maybe one of us can come up with an idea as to what is happening. Matt Kevin Bilbee wrote: We use weightrange and do not use per user configurations. Also the messages that were over our delete weight and not deleted did not contain a routto action?? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Friday, March 04, 2005 9:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude 2.x John Tolmachoff (Lists) wrote: I have not been following the thread in detail, but if some one that is having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure there are no overlappings, I have a feeling the at least part of the "problem" might be resolved. No, this isn't an appropriate solution. The change makes ROUTETO the final action, and now it has precedence over DELETE. If you have a filter called BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it fails something that has a ROUTETO action, it will not be deleted. This change removes our ability to override ROUTETO in special circumstances. While most issues will be fixed by preventing the overlapping of weight ranges and the actions, that only applies to weight based things, and this ties our hands when it comes to taking actions regardless of weight. That's completely unacceptable, and I also assume that it was unintentional; the result of an oversight. If DELETE is to be changed in the way that they did, they must make it be able to target a recipient that has already been tagged with ROUTETO. It makes no sense to use the changed ROUTETO address for determining further actions. This will also be very difficult to troubleshoot in some circumstances and also difficult to keep track of. Declude needs to make sure that the actions are not applied based on the ROUTETO address' config, but instead the original recipient's config. If they did that, all problems would be solved, including the overlapping weight range issue that seemingly has stung so many here. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Declude 2.x
Title: Message And also: If you have the COPY ALL EMAIL active in Imail.. the DELETE action does does not work. In our setup, we do not use any ROUTETO in any of our config files. And you can not setup a per domain/user for that copy all email account. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Friday, March 04, 2005 6:17 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude 2.xJohn Tolmachoff (Lists) wrote: I have not been following the thread in detail, but if some one that is having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure there are no overlappings, I have a feeling the at least part of the "problem" might be resolved.No, this isn't an appropriate solution. The change makes ROUTETO the final action, and now it has precedence over DELETE. If you have a filter called BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it fails something that has a ROUTETO action, it will not be deleted. This change removes our ability to override ROUTETO in special circumstances. While most issues will be fixed by preventing the overlapping of weight ranges and the actions, that only applies to weight based things, and this ties our hands when it comes to taking actions regardless of weight. That's completely unacceptable, and I also assume that it was unintentional; the result of an oversight.If DELETE is to be changed in the way that they did, they must make it be able to target a recipient that has already been tagged with ROUTETO. It makes no sense to use the changed ROUTETO address for determining further actions. This will also be very difficult to troubleshoot in some circumstances and also difficult to keep track of.Declude needs to make sure that the actions are not applied based on the ROUTETO address' config, but instead the original recipient's config. If they did that, all problems would be solved, including the overlapping weight range issue that seemingly has stung so many here.Matt-- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Declude 2.x
On 4 Mar 2005 at 12:51, Andy Schmidt wrote: Hi Nick, John, Eric, Fritz, Kevin, Dan, NCL Admin, et al: I recommendyou sit tight just a little longer. Done!. I'm chilled. No problem. Really. Honest! :) The only thing that slightly ticked me off was lack of communication about this bug. Now that has been addressed in detail I have no issues. No question it will get resolved now. Time to move on. -Nick --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beginner configuration?
You mention that he should adjust for the weight of his system, but you do not let him know what weighting system you are using. Can you expand on that? I.e. Hold at 10, Delete at 20 Thanks. John Olden Systems Administrator Champaign Park District -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 9:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, A couple of thoughts. 1.) Look at adding a content test like invURIBL or Message Sniffer. Both have trials. 2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers can easily setup SPF records. 3.) Add a few of the other RBL style tests. make sure you adjust the weight for your system and add the corresponding entries in the $default$.junkmail file. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 12 0 XBL(ALL)ip4rsbl-xbl.spamhaus.org127.0.0.4 4 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 6 0 UCEPROTECT-ALL ip4rdnsbl-1.uceprotect.net 127.0.0.2 2 0 SENDERDB-BLACK ip4rpub.senderdb.net127.0.0.2 10 0 SENDERDB-SUSPICIOUS ip4rpub.senderdb.net127.0.0.4 4 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUDrhsbl fraud.rhs.mailpolice.com127.0.0.2 10 0 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net 127.0.0.2 7 0 #MTLDB ip4rmtldb.declude.com 127.0.0.2 3 0
RE: [Declude.JunkMail] Beginner configuration?
I found yesterday that MAILPOLICE Bulk and Porn have been combined into Block (although there may be legitimate reasons to do separate lookups.) http://rhs.mailpolice.com/usage.php One page says fraud is in there too, but they are not consistent with that. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 9:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, A couple of thoughts. [un-needed content cut out] MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUDrhsbl fraud.rhs.mailpolice.com127.0.0.2 10 0 Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Beginner configuration?
Sorry about that. Subject Tag 12 Hold 20 Delete 30+ Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. John Olden writes: You mention that he should adjust for the weight of his system, but you do not let him know what weighting system you are using. Can you expand on that? I.e. Hold at 10, Delete at 20 Thanks. John Olden Systems Administrator Champaign Park District -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 9:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, A couple of thoughts. 1.) Look at adding a content test like invURIBL or Message Sniffer. Both have trials. 2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers can easily setup SPF records. 3.) Add a few of the other RBL style tests. make sure you adjust the weight for your system and add the corresponding entries in the $default$.junkmail file. XBL(LAST) dnsbl %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4 12 0 XBL(ALL) ip4r sbl-xbl.spamhaus.org 127.0.0.4 4 0 UCEPROTECT-LAST dnsbl %IP4R%.dnsbl-1.uceprotect.net 127.0.0.2 6 0 UCEPROTECT-ALL ip4r dnsbl-1.uceprotect.net 127.0.0.2 2 0 SENDERDB-BLACK ip4r pub.senderdb.net 127.0.0.2 10 0 SENDERDB-SUSPICIOUS ip4r pub.senderdb.net 127.0.0.4 4 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 9 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 12 0 MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com 127.0.0.2 10 0 Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Thank you for the response. Here is my global.cfg file: #=ADVANCED OPTIONS = CONSOLE ON #IPBYPASS 192.0.2.25 HOP 0 #HOPHIGH1 #DNS127.0.0.1 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT CATCHALLMAILS catchallmails x x 0 0 NOLEGITCONTENT nolegitcontent x x 0 -5 IPNOTINMX ipnotinmx x x 0 -3 #=WHITELISTS === #WHITELIST HABEAS #AUTOWHITELIST ON PREWHITELISTON WHITELIST AUTH # - Domain Example - WHITELISTFROM @declude.com WHITELISTFROM @munis.com # - User Example - WHITELISTFROM [EMAIL PROTECTED] # - TO Example - #WHITELIST TO postmaster@ #WHITELIST TO abuse@ #=BLACKLISTS === #BLACKLIST fromfile[path]\Filters\blacklist.txtx 10 0 #BLACKIPipfile [path]\Filters\blackip.txt x 10 0 #= RBL IP4R TESTS == # 1. Definitions of the tests to use (do not edit unless you know what you are doing). These must come before the actions. # 2. First is the name of the check, then the type of check (ip4r is a DNS lookup using the reverse of the IP address). # 3. For type ip4r, 'matchstring' is the string to look for, or * for anything. AHBLip4rdnsbl.ahbl.org * 6 0 BLITZEDALL ip4ropm.blitzed.org * 7 0 CBL ip4rcbl.abuseat.org 127.0.0.2 6 0 DSBLip4rlist.dsbl.org * 6 0 ORDBip4rrelays.ordb.org * 5 0 SBL ip4rsbl.spamhaus.org* 7 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 #SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 SPAMCOP ip4rbl.spamcop.net
Re: [Declude.JunkMail] Kodak EZ Share (headers)
Thanks for your help...I will figure it out... Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, March 02, 2005 3:23 PM Subject: RE: [Declude.JunkMail] Kodak EZ Share (headers) Hi Richard: Well ONE copy came through (with the subject Sent Best For Email). I appears to have a good reverse DNS, a good HELO. It is using YOUR email address as the MAIL FROM - which is fine, unless your postfix mail gateway does not allow email from the outside to have your domain name? I can't be certain, whether the Message ID is there's or whether it was missing and inserted by Imail (that could trigger Declude). DNSstuff.com is down - so I can't tell how bad that IP address is - but it appears that it is black-listed with FIVETEN. I have not seen your second email - I'll have to chase it in the logs. Received: from snj-us-pcwp-703.kodak.com [63.240.114.202] by hm-software.com with ESMTP (SMTPD32-8.15) id A6B51D1202A8; Wed, 02 Mar 2005 14:40:37 -0500 Received: from picturecd.kodak.com (0-1pool96-192.nas1.paducah1.ky.us.da.qwest.net [65.137.96.192]) by snj-us-pcwp-703.kodak.com (8.11.7p2/8.11.7) with SMTP id j22JJA214188; Wed, 2 Mar 2005 19:19:11 GMT Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Sent Best for Email Date: Wed, 02 Mar 2005 13:19:16 -0600 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=1_boundary X-Declude: Version 2.0.4.2; D16b51d1202a86d98.SMD from snj-us-pcwp-703-att.kodak.com [63.240.114.202] X-Countries: UNITED STATES-destination Return-Path: [EMAIL PROTECTED] X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 409773178 Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris Sent: Wednesday, March 02, 2005 02:52 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Kodak EZ Share (headers) I just sent a 2 copies to Andy at [EMAIL PROTECTED] so we will see what he says...one copy is Original 1.4 Mb and the other is Best for Email .68 Mb I know that most are not interested in this but it is really bugging me why the pictures won't come thru.. thanxs for your help.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet - Original Message - From: Marc Catuogno [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, March 02, 2005 1:27 PM Subject: RE: [Declude.JunkMail] Kodak EZ Share (headers) Here are the headers - I have something with Kodak in my negative headers to try to let this stuff through. Received: from snj-us-pcwp-708.us.kodak.com [63.240.114.217] by mail.prudentialrand.com with ESMTP (SMTPD32-8.05) id A37246900BC; Wed, 02 Mar 2005 14:26:42 -0500 Received: from picturecd.kodak.com (ool-182cf376.dyn.optonline.net [24.44.243.118]) by snj-us-pcwp-708.us.kodak.com (8.11.7p2/8.11.7) with SMTP id j22JDa617939 for [EMAIL PROTECTED]; Wed, 2 Mar 2005 19:13:37 GMT Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 3/02/05 Date: Wed, 02 Mar 2005 14:13:38 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=1_boundary X-RBL-Warning: IPNOTINMX: X-Declude-Sender: [EMAIL PROTECTED] [63.240.114.217] X-Declude-Spoolname: D1372046900bcd817.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, NOLEGITCONTENT, NEGATIVEHEADERS, SPAMDOMAINS1, GIBBERISH, ANTI-GIBBERISH [-10] X-Country-Chain: X-Note: This E-mail was sent from snj-us-pcwp-708-att.kodak.com ([63.240.114.217]). X-IMAIL-SPAM-HTML-FEATURES: (Image Tag) X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 387273370 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, March 02, 2005 11:46 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Kodak EZ Share All these get held on my system because you send it from your e-mail address without authenticating, so it never gets whitelisted with Whitelist Auth and it fails my spam domains test. But if you aren't seeing them at all, I'd guess it is the attachment size. Marc - can you post the headers from the held message file. You mention it fails the spam domains test - for all we know there are other factors (such as the sending IP, or the HELO string) that cause his Postfix spam gateway to block the messages... Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 - Original Message - From: Marc Catuogno To: Declude.JunkMail@declude.com Sent: Wednesday, March 02, 2005 7:01 AM
[Declude.JunkMail] OT: Clock Time on Declude Support
Is just my browser, or is Declude's clock on: https://www.declude.com/SearchResults.asp?Cat=5 Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM EST when it should be showing 9:15PM EST. .hope this doesn't reflect in their 2.0 programming code. ;-) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Clock Time on Declude Support
Actually, it shows -4 hours. GMTas I write thisis 01:46 The code they use on the pagesubtracts five hours, which results in a value of -4 for the hours. They need to add a line to add 24 if the result is negative. I'm sure it looks fine 19 hours a day, though... And no, it does not giveme a lot of confidence, either, but now that we've aired the problem and the cure, let's see how long it takes to fix... -d SCRIPTfunction tick() {var hours, minutes, seconds, ap;var intHours, intMinutes, intSeconds;var today;today = new Date();intHours = today.getUTCHours()-5;intMinutes = today.getUTCMinutes();intSeconds = today.getUTCSeconds(); //add this: if (intHours 0) { intHours += 24 } if (intHours == 0) { hours = "12:"; ap = "EST Midnight";} else if (intHours 12) {hours = intHours+":";ap = " AM EST is the current time for Declude Support Personnel";} else if (intHours == 12) {hours = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours = intHours + ":";ap = "PM EST is the current time for Declude Support Personnel";}if (intMinutes 10) {minutes = "0"+intMinutes+":";} else {minutes = intMinutes+":";}if (intSeconds 10) {seconds = "0"+intSeconds+" ";} else {seconds = intSeconds+" ";}timeString = hours+minutes+seconds+ap;Clock.innerHTML = timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT - Original Message - From: "Erik" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:25 PM Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM EST..hope this doesn't reflect in their 2.0 programming code. ;-)---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Clock Time on Declude Support
Hm, What am I missing - it's stating Via Ticket System (and I've seen others refer to ticket numbers) but WHERE on that page does it let me open a ticket. The only thing that I see is email to [EMAIL PROTECTED] - but that doesn't respond with a ticket (at least not when I had used it earlier this week?) Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Sent: Friday, March 04, 2005 08:26 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on: https://www.declude.com/SearchResults.asp?Cat=5 Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM EST when it should be showing 9:15PM EST. .hope this doesn't reflect in their 2.0 programming code. ;-) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] catchallmails question
Title: Message Hey Scott, This is really a question for you about JM. The JM log file lists "passed" messages as "L1 Message OK", so it's only the failed messages that list the actual tests failed. However, isn't catchallmails supposed to fail for all messages? So it must be the JM ignores the catchallmails failure when listing a message as "OK." Is this understanding correct? I'm just trying to understand the behavior in the log files. Should all "failed" messages always list catchallmails? If so, does that mean the a count of the number of catchallmails-failed messages in the log should equal the number of messages that failed some (other) test? For example, if I have a log of 10,000 messages, and I know that 7,000 of them list the catchallmails option in their list of failed messages, that should mean there were 7,000 messages (70%) that failed some other test. Thanks, Ben BC Web - Original Message - From: Imail Admin To: Declude.JunkMail@declude.com Sent: Thursday, March 03, 2005 12:15 PM Subject: Re: [Declude.JunkMail] catchallmails question Thanks, Darrell. This at least sets me on the right path. I don't believe "Whitelist AUTH" is something we use because we're running IMail 7.15, which, I believe, doesn't support that option. However, there must be other,similar causes for being skipped. So, does anyone know a list of reasons why messages would be skipped? Obviously, a whitelist of address, domains, and IPs, would be one possibility. For that matter, does anyone have a utility that would analyze messages being skipped? It would seem an obvious thing to review, in case a whitelisted source (AUTH, address, etc.) becomes hijacked. Perhaps this would be a good addition for DLAnalyzer. Ben - Original Message - From: Darrell ([EMAIL PROTECTED]) To: Declude.JunkMail@declude.com Sent: Wednesday, March 02, 2005 6:56 PM Subject: Re: [Declude.JunkMail] catchallmails question Ben, There are various conditions that can account for messages being picked up without being marked with the "CATCHALLMAILS" test. A good bulk of these instances occur because a message under certain conditions will not loga "Test failed" line. One example is "Whitelist AUTH" in this particular example the only line that is logged in the Declude log for that particular message is this. 02/28/2004 00:01:59 Q57371524c9ad Skipping E-mail from authenticated user [EMAIL PROTECTED]; whitelisted. In regards to DLAnalyzer it will count this as a message (as it should), but there will be no tests associated with it like "catchallmails" because the "Tests failed" line is not logged. There are other situations where this also occurs, but that one stuck into my head. Hope that helps. Darrell ---Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Imail Admin To: Declude.JunkMail@declude.com Sent: Wednesday, March 02, 2005 7:54 PM Subject: [Declude.JunkMail] catchallmails question Hi, I have a strange question, which once against my astounding ignorance. I just tried using DLAnalyzer Lite on our latest Declude JM log. For the sample I tested, I got these results: Total Messages Processed: 11,234Messages That Failed Defined Test(s): 10,153Percentage That Failed Defined Test(s): 90.38%Average Message Weight: 4Average Message Weight/Failed: 5 TEST # FAILED PercentageWEIGHT10...6,308...56.15%CATCHALLMAILS..5,393...48.01%NOLEGITCONTENT.4,361...38.82%IPNOTINMX..4,237...37.72%WEIGHT53,856...34.32%WEIGHT10S..3,564...31.73%WEIGHT20...3,509...31.24%WEIGHT73,465...30.84%SNIFFER3,451...30.72%SPAMCOP3,006...26.76% You can ignore the Weight tests; those are just weight ranges and not real tests. Here's the thing: Catchallmails also is not a real test; it's supposed to catch all emails. So why doesn't the Catchallmails statistic above show 100%? The system is telling me that Catchallmails only caught 48%. I should mention that Catchallmails comes in the global.cfg file after the regular tests, and after the weight ranges, but before a handful of whitelisted IPs. Help, please? Ben BC Web
RE: [Declude.JunkMail] Beginner configuration?
Does LOOSENSPAMHEADERS ON have to go in the global.cfg? What if I want to do this for one domain but not for others? Is there any way to accomplish this? Thanks, Evans Martin -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 8:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, Declude is very effective when tweaked. Not to mention the default global.cfg ships without all of the RBL's that most of us use (XBL, UCE, MAIL-POLICE, SENDERDB). Also, there are other 3rd patry utilties which are very effective at catching spam like like invURIBL and Message Sniffer. Both of those applications have trial versions. Are you still using the default scale? Since you have been working with your global.cfg you might want to post it to the list for us to look over it and see what you have done so far as to make suggestions. For your clients that you are not in control of I would imagine that you know the ip blocks they come from or the firewall ip that they are behind that. You can whitelist that ip so that them failing the cmdspace will not be a factor. CMDSPACE is very effective but direct connects from clients using outlook will set that off. For SPAMHEADERS I use LOOSENSPAMHEADERS ON this relaxes the spamheaders test so that it does not trigger on missing message ID emails. Hope that helps, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Clock Time on Declude Support
Thank you for your feedback. Ihave fixed it.Friday night 10:30 pm. What we do too please our customers ;) As for the website it is my responsibility and not that of our programmers, so you can be confident that this does not reflect our programmers skills. David B www.declude.com - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:53 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Actually, it shows -4 hours. GMTas I write thisis 01:46 The code they use on the pagesubtracts five hours, which results in a value of -4 for the hours. They need to add a line to add 24 if the result is negative. I'm sure it looks fine 19 hours a day, though... And no, it does not giveme a lot of confidence, either, but now that we've aired the problem and the cure, let's see how long it takes to fix... -d SCRIPTfunction tick() {var hours, minutes, seconds, ap;var intHours, intMinutes, intSeconds;var today;today = new Date();intHours = today.getUTCHours()-5;intMinutes = today.getUTCMinutes();intSeconds = today.getUTCSeconds(); //add this: if (intHours 0) { intHours += 24 } if (intHours == 0) { hours = "12:"; ap = "EST Midnight";} else if (intHours 12) {hours = intHours+":";ap = " AM EST is the current time for Declude Support Personnel";} else if (intHours == 12) {hours = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours = intHours + ":";ap = "PM EST is the current time for Declude Support Personnel";}if (intMinutes 10) {minutes = "0"+intMinutes+":";} else {minutes = intMinutes+":";}if (intSeconds 10) {seconds = "0"+intSeconds+" ";} else {seconds = intSeconds+" ";}timeString = hours+minutes+seconds+ap;Clock.innerHTML = timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT - Original Message - From: "Erik" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:25 PM Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM EST..hope this doesn't reflect in their 2.0 programming code. ;-)---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005
Re: [Declude.JunkMail] OT: Clock Time on Declude Support
Hi David- Problem solved. Now that's what I call service! (Thanks for the credit...) -d - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:33 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Thank you for your feedback. Ihave fixed it.Friday night 10:30 pm. What we do too please our customers ;) As for the website it is my responsibility and not that of our programmers, so you can be confident that this does not reflect our programmers skills. David B www.declude.com - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:53 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Actually, it shows -4 hours. GMTas I write thisis 01:46 The code they use on the pagesubtracts five hours, which results in a value of -4 for the hours. They need to add a line to add 24 if the result is negative. I'm sure it looks fine 19 hours a day, though... And no, it does not giveme a lot of confidence, either, but now that we've aired the problem and the cure, let's see how long it takes to fix... -d SCRIPTfunction tick() {var hours, minutes, seconds, ap;var intHours, intMinutes, intSeconds;var today;today = new Date();intHours = today.getUTCHours()-5;intMinutes = today.getUTCMinutes();intSeconds = today.getUTCSeconds(); //add this: if (intHours 0) { intHours += 24 } if (intHours == 0) { hours = "12:"; ap = "EST Midnight";} else if (intHours 12) {hours = intHours+":";ap = " AM EST is the current time for Declude Support Personnel";} else if (intHours == 12) {hours = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours = intHours + ":";ap = "PM EST is the current time for Declude Support Personnel";}if (intMinutes 10) {minutes = "0"+intMinutes+":";} else {minutes = intMinutes+":";}if (intSeconds 10) {seconds = "0"+intSeconds+" ";} else {seconds = intSeconds+" ";}timeString = hours+minutes+seconds+ap;Clock.innerHTML = timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT - Original Message - From: "Erik" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:25 PM Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM EST..hope this doesn't reflect in their 2.0 programming code. ;-)---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005
Re: [Declude.JunkMail] Beginner configuration?
Evan. It is my understanding that is a global command and is only supported in the global.cfg file. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Evans Martin [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:17 PM Subject: RE: [Declude.JunkMail] Beginner configuration? Does LOOSENSPAMHEADERS ON have to go in the global.cfg? What if I want to do this for one domain but not for others? Is there any way to accomplish this? Thanks, Evans Martin -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, March 04, 2005 8:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Beginner configuration? Joey, Declude is very effective when tweaked. Not to mention the default global.cfg ships without all of the RBL's that most of us use (XBL, UCE, MAIL-POLICE, SENDERDB). Also, there are other 3rd patry utilties which are very effective at catching spam like like invURIBL and Message Sniffer. Both of those applications have trial versions. Are you still using the default scale? Since you have been working with your global.cfg you might want to post it to the list for us to look over it and see what you have done so far as to make suggestions. For your clients that you are not in control of I would imagine that you know the ip blocks they come from or the firewall ip that they are behind that. You can whitelist that ip so that them failing the cmdspace will not be a factor. CMDSPACE is very effective but direct connects from clients using outlook will set that off. For SPAMHEADERS I use LOOSENSPAMHEADERS ON this relaxes the spamheaders test so that it does not trigger on missing message ID emails. Hope that helps, Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Joey Proulx writes: Hello, Just downloaded the demo version of Junkmail Pro, and I was curious about the basic setup. For the last two days I've monitored and tweaked and held and redirected and spent hours upon hours looking over the junkmail setup and rules and whatnot. I'm wondering if I'm reinventing the wheel. I work for a school district with a big spam problem, but as any of you in gov't know, if I tell them we should buy something I need to make sure it works. I was just wondering if there are any tried and true setups that any of you are using to cut down on the spam. I'm seeing that this system works, but I'm also still running the built-in Imail filter, and I've seen quite a few messages that get caught by Imail, but have a Declude score of 0, that should NOT have made it through. Do you all still run the builtin Imail spam as well? Any filters I should definitely setup? I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) from some local clients (I don't control all my clients, so I don't think I can make them authenticate). Should I do away with these tests, or can I fix these two issues on the server side? Thanks for all your help. _ Joey Proulx SAU #21 Technology Support Staff 2 Alumni Drive Hampton, NH 03842 (603) 926-8992, ext 115 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
Re: [Declude.JunkMail] OT: Clock Time on Declude Support
FYI...your clock script flickers needlessly... Instead of refreshing every 1/10 of a second, you might want to change the following line in your clock script window.setTimeout("tick();", 100); Torefresh every second... window.setTimeout("tick();", 1000); or even strip off the seconds and just display minutes. Many web developers put this in for the "cool" factor, or because they can, butseconds provide little value in this case. Darin. - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:33 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Thank you for your feedback. Ihave fixed it.Friday night 10:30 pm. What we do too please our customers ;) As for the website it is my responsibility and not that of our programmers, so you can be confident that this does not reflect our programmers skills. David B www.declude.com - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:53 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Actually, it shows -4 hours. GMTas I write thisis 01:46 The code they use on the pagesubtracts five hours, which results in a value of -4 for the hours. They need to add a line to add 24 if the result is negative. I'm sure it looks fine 19 hours a day, though... And no, it does not giveme a lot of confidence, either, but now that we've aired the problem and the cure, let's see how long it takes to fix... -d SCRIPTfunction tick() {var hours, minutes, seconds, ap;var intHours, intMinutes, intSeconds;var today;today = new Date();intHours = today.getUTCHours()-5;intMinutes = today.getUTCMinutes();intSeconds = today.getUTCSeconds(); //add this: if (intHours 0) { intHours += 24 } if (intHours == 0) { hours = "12:"; ap = "EST Midnight";} else if (intHours 12) {hours = intHours+":";ap = " AM EST is the current time for Declude Support Personnel";} else if (intHours == 12) {hours = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours = intHours + ":";ap = "PM EST is the current time for Declude Support Personnel";}if (intMinutes 10) {minutes = "0"+intMinutes+":";} else {minutes = intMinutes+":";}if (intSeconds 10) {seconds = "0"+intSeconds+" ";} else {seconds = intSeconds+" ";}timeString = hours+minutes+seconds+ap;Clock.innerHTML = timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT - Original Message - From: "Erik" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:25 PM Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM EST..hope this doesn't reflect in their 2.0 programming code. ;-)---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005
Re: [Declude.JunkMail] OT: Clock Time on Declude Support
Darin, Check now - is that better? I noticed the flicker seemed to only occur in FireFox not IE. David B www.declude.com - Original Message - From: Darin Cox To: Declude.JunkMail@declude.com Sent: Saturday, March 05, 2005 12:20 AM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support FYI...your clock script flickers needlessly... Instead of refreshing every 1/10 of a second, you might want to change the following line in your clock script window.setTimeout("tick();", 100); Torefresh every second... window.setTimeout("tick();", 1000); or even strip off the seconds and just display minutes. Many web developers put this in for the "cool" factor, or because they can, butseconds provide little value in this case. Darin. - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:33 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Thank you for your feedback. Ihave fixed it.Friday night 10:30 pm. What we do too please our customers ;) As for the website it is my responsibility and not that of our programmers, so you can be confident that this does not reflect our programmers skills. David B www.declude.com - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:53 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Actually, it shows -4 hours. GMTas I write thisis 01:46 The code they use on the pagesubtracts five hours, which results in a value of -4 for the hours. They need to add a line to add 24 if the result is negative. I'm sure it looks fine 19 hours a day, though... And no, it does not giveme a lot of confidence, either, but now that we've aired the problem and the cure, let's see how long it takes to fix... -d SCRIPTfunction tick() {var hours, minutes, seconds, ap;var intHours, intMinutes, intSeconds;var today;today = new Date();intHours = today.getUTCHours()-5;intMinutes = today.getUTCMinutes();intSeconds = today.getUTCSeconds(); //add this: if (intHours 0) { intHours += 24 } if (intHours == 0) { hours = "12:"; ap = "EST Midnight";} else if (intHours 12) {hours = intHours+":";ap = " AM EST is the current time for Declude Support Personnel";} else if (intHours == 12) {hours = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours = intHours + ":";ap = "PM EST is the current time for Declude Support Personnel";}if (intMinutes 10) {minutes = "0"+intMinutes+":";} else {minutes = intMinutes+":";}if (intSeconds 10) {seconds = "0"+intSeconds+" ";} else {seconds = intSeconds+" ";}timeString = hours+minutes+seconds+ap;Clock.innerHTML = timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT - Original Message - From: "Erik" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:25 PM Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM EST..hope this doesn't reflect in their 2.0 programming code. ;-)---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005 No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005
Re: [Declude.JunkMail] OT: Clock Time on Declude Support
Ok, you got it. Darin. - Original Message - From: Darin Cox To: Declude.JunkMail@declude.com Sent: Saturday, March 05, 2005 1:10 AM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support You're up late g. Looks good. You may want to remove the trailing colon, though. Darin. - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Saturday, March 05, 2005 12:58 AM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Darin, Check now - is that better? I noticed the flicker seemed to only occur in FireFox not IE. David B www.declude.com - Original Message - From: Darin Cox To: Declude.JunkMail@declude.com Sent: Saturday, March 05, 2005 12:20 AM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support FYI...your clock script flickers needlessly... Instead of refreshing every 1/10 of a second, you might want to change the following line in your clock script window.setTimeout("tick();", 100); Torefresh every second... window.setTimeout("tick();", 1000); or even strip off the seconds and just display minutes. Many web developers put this in for the "cool" factor, or because they can, butseconds provide little value in this case. Darin. - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:33 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Thank you for your feedback. Ihave fixed it.Friday night 10:30 pm. What we do too please our customers ;) As for the website it is my responsibility and not that of our programmers, so you can be confident that this does not reflect our programmers skills. David B www.declude.com - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:53 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Actually, it shows -4 hours. GMTas I write thisis 01:46 The code they use on the pagesubtracts five hours, which results in a value of -4 for the hours. They need to add a line to add 24 if the result is negative. I'm sure it looks fine 19 hours a day, though... And no, it does not giveme a lot of confidence, either, but now that we've aired the problem and the cure, let's see how long it takes to fix... -d SCRIPTfunction tick() {var hours, minutes, seconds, ap;var intHours, intMinutes, intSeconds;var today;today = new Date();intHours = today.getUTCHours()-5;intMinutes = today.getUTCMinutes();intSeconds = today.getUTCSeconds(); //add this: if (intHours 0) { intHours += 24 } if (intHours == 0) { hours = "12:"; ap = "EST Midnight";} else if (intHours 12) {hours = intHours+":";ap = " AM EST is the current time for Declude Support Personnel";} else if (intHours == 12) {hours = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours = intHours + ":";ap = "PM EST is the current time for Declude Support Personnel";}if (intMinutes 10) {minutes = "0"+intMinutes+":";} else {minutes = intMinutes+":";}if (intSeconds 10) {seconds = "0"+intSeconds+" ";} else {seconds = intSeconds+" ";}timeString = hours+minutes+seconds+ap;Clock.innerHTML = timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT - Original Message - From: "Erik" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:25 PM Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM EST..hope this doesn't reflect in their 2.0 programming code. ;-)---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005 No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005
Re: [Declude.JunkMail] OT: Clock Time on Declude Support
You're up late g. Looks good. You may want to remove the trailing colon, though. Darin. - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Saturday, March 05, 2005 12:58 AM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Darin, Check now - is that better? I noticed the flicker seemed to only occur in FireFox not IE. David B www.declude.com - Original Message - From: Darin Cox To: Declude.JunkMail@declude.com Sent: Saturday, March 05, 2005 12:20 AM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support FYI...your clock script flickers needlessly... Instead of refreshing every 1/10 of a second, you might want to change the following line in your clock script window.setTimeout("tick();", 100); Torefresh every second... window.setTimeout("tick();", 1000); or even strip off the seconds and just display minutes. Many web developers put this in for the "cool" factor, or because they can, butseconds provide little value in this case. Darin. - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 10:33 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Thank you for your feedback. Ihave fixed it.Friday night 10:30 pm. What we do too please our customers ;) As for the website it is my responsibility and not that of our programmers, so you can be confident that this does not reflect our programmers skills. David B www.declude.com - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:53 PM Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude Support Actually, it shows -4 hours. GMTas I write thisis 01:46 The code they use on the pagesubtracts five hours, which results in a value of -4 for the hours. They need to add a line to add 24 if the result is negative. I'm sure it looks fine 19 hours a day, though... And no, it does not giveme a lot of confidence, either, but now that we've aired the problem and the cure, let's see how long it takes to fix... -d SCRIPTfunction tick() {var hours, minutes, seconds, ap;var intHours, intMinutes, intSeconds;var today;today = new Date();intHours = today.getUTCHours()-5;intMinutes = today.getUTCMinutes();intSeconds = today.getUTCSeconds(); //add this: if (intHours 0) { intHours += 24 } if (intHours == 0) { hours = "12:"; ap = "EST Midnight";} else if (intHours 12) {hours = intHours+":";ap = " AM EST is the current time for Declude Support Personnel";} else if (intHours == 12) {hours = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours = intHours + ":";ap = "PM EST is the current time for Declude Support Personnel";}if (intMinutes 10) {minutes = "0"+intMinutes+":";} else {minutes = intMinutes+":";}if (intSeconds 10) {seconds = "0"+intSeconds+" ";} else {seconds = intSeconds+" ";}timeString = hours+minutes+seconds+ap;Clock.innerHTML = timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT - Original Message - From: "Erik" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, March 04, 2005 8:25 PM Subject: [Declude.JunkMail] OT: Clock Time on Declude Support Is just my browser, or is Declude's clock on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM EST..hope this doesn't reflect in their 2.0 programming code. ;-)---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005 No virus found in this incoming message.Checked by AVG Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 3/1/2005