[Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Joey Proulx 
Hello,
Just downloaded the demo version of Junkmail Pro, and I was curious about 
the basic setup.  For the last two days I've monitored and tweaked and held 
and redirected and spent hours upon hours looking over the junkmail setup 
and rules and whatnot.  I'm wondering if I'm reinventing the wheel.  I work 
for a school district with a big spam problem, but as any of you in gov't 
know, if I tell them we should buy something I need to make sure it 
works.  I was just wondering if there are any tried and true setups that 
any of you are using to cut down on the spam.  I'm seeing that this system 
works, but I'm also still running the built-in Imail filter, and I've seen 
quite a few messages that get caught by Imail, but have a Declude score of 
0, that should NOT have made it through.  Do you all still run the builtin 
Imail spam as well?  Any filters I should definitely setup?

I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) 
from some local clients (I don't control all my clients, so I don't think I 
can make them authenticate).  Should I do away with these tests, or can I 
fix these two issues on the server side?

Thanks for all your help.
_
Joey Proulx
SAU #21 Technology Support Staff
2 Alumni Drive
Hampton, NH 03842
(603) 926-8992, ext 115
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Failing my own MAILFROM test

2005-03-04 Thread Bill Green dfn Systems 
On 3-3-05, Andy Wrote
Query THOSE DNS servers to see if they have MX/A records.  Sometimes people
have an internal DNS server for the AD domain that doesn't have the 
public
records.
That was it.
Thanks Andy!


---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Darrell \([EMAIL PROTECTED]) 
Joey, 

Declude is very effective when tweaked.  Not to mention the default 
global.cfg ships without all of the RBL's that most of us use (XBL, UCE, 
MAIL-POLICE, SENDERDB).  Also, there are other 3rd patry utilties which are 
very effective at catching spam like like invURIBL and Message Sniffer.  
Both of those applications have trial versions. 

Are you still using the default scale?  Since you have been working with 
your global.cfg you might want to post it to the list for us to look over it 
and see what you have done so far as to make suggestions. 

For your clients that you are not in control of I would imagine that you 
know the ip blocks they come from or the firewall ip that they are behind 
that.  You can whitelist that ip so that them failing the cmdspace will not 
be a factor.  CMDSPACE is very effective but direct connects from clients 
using outlook will set that off. 

For SPAMHEADERS I use LOOSENSPAMHEADERS   ON this relaxes the spamheaders 
test so that it does not trigger on missing message ID emails. 

Hope that helps,
Darrell

Check out http://www.invariantsystems.com for utilities for Declude And 
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG 
Integration, and Log Parsers. 


Joey Proulx writes: 

Hello, 

Just downloaded the demo version of Junkmail Pro, and I was curious about 
the basic setup.  For the last two days I've monitored and tweaked and 
held and redirected and spent hours upon hours looking over the junkmail 
setup and rules and whatnot.  I'm wondering if I'm reinventing the wheel.  
I work for a school district with a big spam problem, but as any of you in 
gov't know, if I tell them we should buy something I need to make sure it 
works.  I was just wondering if there are any tried and true setups that 
any of you are using to cut down on the spam.  I'm seeing that this system 
works, but I'm also still running the built-in Imail filter, and I've seen 
quite a few messages that get caught by Imail, but have a Declude score of 
0, that should NOT have made it through.  Do you all still run the builtin 
Imail spam as well?  Any filters I should definitely setup? 

I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) 
from some local clients (I don't control all my clients, so I don't think 
I can make them authenticate).  Should I do away with these tests, or can 
I fix these two issues on the server side? 

Thanks for all your help. 

_
Joey Proulx
SAU #21 Technology Support Staff
2 Alumni Drive
Hampton, NH 03842
(603) 926-8992, ext 115
[EMAIL PROTECTED] 

 

---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)] 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Joey Proulx 
Thank you for the response.  Here is my global.cfg file:
#=ADVANCED 
OPTIONS   =

CONSOLE ON
#IPBYPASS   192.0.2.25
HOP 0
#HOPHIGH1
#DNS127.0.0.1
HIDETESTS   CATCHALLMAILS IPNOTINMX NOLEGITCONTENT
CATCHALLMAILS   catchallmails   x   x   0   0
NOLEGITCONTENT  nolegitcontent  x   x   0   -5
IPNOTINMX   ipnotinmx   x   x   0   -3
#=WHITELISTS 
===

#WHITELIST  HABEAS
#AUTOWHITELIST  ON
PREWHITELISTON
WHITELIST   AUTH
# - Domain Example -
WHITELISTFROM   @declude.com
WHITELISTFROM   @munis.com
# - User Example -
WHITELISTFROM   [EMAIL PROTECTED]
# - TO  Example -
#WHITELIST  TO  postmaster@
#WHITELIST  TO  abuse@
#=BLACKLISTS 
===

#BLACKLIST  fromfile[path]\Filters\blacklist.txtx   10 
0
#BLACKIPipfile  [path]\Filters\blackip.txt  x   10 
0

#=   RBL IP4R 
TESTS   ==
# 1. Definitions of the tests to use (do not edit unless you know what you 
are doing). These must come before the actions.
# 2. First is the name of the check, then the type of check (ip4r is a DNS 
lookup using the reverse of the IP address).
# 3. For type ip4r, 'matchstring' is the string to look for, or * for 
anything.

AHBLip4rdnsbl.ahbl.org  *   6 
0
BLITZEDALL  ip4ropm.blitzed.org *   7 
0
CBL ip4rcbl.abuseat.org 127.0.0.2   6 
0
DSBLip4rlist.dsbl.org   *   6 
0
ORDBip4rrelays.ordb.org *   5 
0
SBL ip4rsbl.spamhaus.org*   7 
0
SORBS-HTTP  ip4rdnsbl.sorbs.net 127.0.0.2   5 
0
SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3   5 
0
SORBS-MISC  ip4rdnsbl.sorbs.net 127.0.0.4   5 
0
SORBS-SMTP  ip4rdnsbl.sorbs.net 127.0.0.5   5 
0
SORBS-SPAM  ip4rdnsbl.sorbs.net 127.0.0.6   4 
0
#SORBS-WEB  ip4rdnsbl.sorbs.net 127.0.0.7   5 
0
SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8   5 
0
SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9   5 
0
SORBS-DUHL  ip4rdnsbl.sorbs.net 127.0.0.10  4 
0
SPAMCOP ip4rbl.spamcop.net  127.0.0.2   7 
0
#MTLDB  ip4rmtldb.declude.com   127.0.0.2   3 
0

BONDEDSENDERip4rquery.bondedsender.org  127.0.0.10  -10 
0

#ADDITIONAL USED RBL IP4R TESTS
#FIVETENSRC ip4rblackholes.five-ten-sg.com  127.0.0.2   2 
0
#JAMMDNSBL  ip4rdnsbl.jammconsulting.com127.0.0.2   2 
0

#=   RHBSL  TESTS 
==

DSN rhsbl   dsn.rfc-ignorant.org127.0.0.2   3 
0
#NOABUSErhsbl   abuse.rfc-ignorant.org  127.0.0.4   2 
0
#NOPOSTMASTER   rhsbl   postmaster.rfc-ignorant.org 127.0.0.3   1 
0

#=   OTHER  TESTS 
==

BADHEADERS  badheaders  x   x   8   0
BASE64  base64  x   x   4   0
CMDSPACEcmdspacex   x   8   0
COMMENTScommentsx   x   7   0
HELOBOGUS   helovalid   x   x   4   0
MAILFROMenvfrom x   x   12  0
PERCENT percent x   x   10  0
REVDNS  revdnsexistsx   x   4   0
ROUTING spamrouting x   x   2   0
SPAMHEADERS spamheaders x   x   3   0
SPFFAIL spffail x   x   3   0
SPFPASS spfpass x   x   -3  0
#BCCbcc 20  x   5   0
NONENGLISH  nonenglish  x   x   0   0
#SUBJECTCHARS   subjectchars50  x   0   0
#SUBJECTSPACES  subjectspaces   12  x   5   0
#===   FILTERS 
===

#SUBJECTfilter  [path]\Filters\Subject.txt  x

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Scott Fisher 
Some stats on how rate their test performances:
Marcus: http://www.zcom.it/decludeupdater/spam_stats.htm
Sort Monster: http://www.sortmonster.com/MDLP/
Mine: http://it.farmprogress.com/declude/declude.htm
Andrew posted a filter that removes quite a few false positives for 
CMDSPACE: 
http://www.mail-archive.com/declude.junkmail@declude.com/msg23396.html

I think you'd be best off adding some content checking. Either invuribl or 
Message Sniffer.

- Original Message - 
From: Joey Proulx [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 7:13 AM
Subject: [Declude.JunkMail] Beginner configuration?


Hello,
Just downloaded the demo version of Junkmail Pro, and I was curious about 
the basic setup.  For the last two days I've monitored and tweaked and 
held and redirected and spent hours upon hours looking over the junkmail 
setup and rules and whatnot.  I'm wondering if I'm reinventing the wheel. 
I work for a school district with a big spam problem, but as any of you in 
gov't know, if I tell them we should buy something I need to make sure it 
works.  I was just wondering if there are any tried and true setups that 
any of you are using to cut down on the spam.  I'm seeing that this system 
works, but I'm also still running the built-in Imail filter, and I've seen 
quite a few messages that get caught by Imail, but have a Declude score of 
0, that should NOT have made it through.  Do you all still run the builtin 
Imail spam as well?  Any filters I should definitely setup?

I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) 
from some local clients (I don't control all my clients, so I don't think 
I can make them authenticate).  Should I do away with these tests, or can 
I fix these two issues on the server side?

Thanks for all your help.
_
Joey Proulx
SAU #21 Technology Support Staff
2 Alumni Drive
Hampton, NH 03842
(603) 926-8992, ext 115
[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Dan Geiser 
Joey,
If you go here http://declude.mydomain.com/ (where mydomain.com is the
domain I use in my from address) you can see the part of our Declude
JunkMail Config which we make public.

Thanks,
Dan

- Original Message - 
From: Joey Proulx [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 8:13 AM
Subject: [Declude.JunkMail] Beginner configuration?


 Hello,

 Just downloaded the demo version of Junkmail Pro, and I was curious about
 the basic setup.  For the last two days I've monitored and tweaked and
held
 and redirected and spent hours upon hours looking over the junkmail setup
 and rules and whatnot.  I'm wondering if I'm reinventing the wheel.  I
work
 for a school district with a big spam problem, but as any of you in gov't
 know, if I tell them we should buy something I need to make sure it
 works.  I was just wondering if there are any tried and true setups that
 any of you are using to cut down on the spam.  I'm seeing that this system
 works, but I'm also still running the built-in Imail filter, and I've seen
 quite a few messages that get caught by Imail, but have a Declude score of
 0, that should NOT have made it through.  Do you all still run the builtin
 Imail spam as well?  Any filters I should definitely setup?

 I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header)
 from some local clients (I don't control all my clients, so I don't think
I
 can make them authenticate).  Should I do away with these tests, or can I
 fix these two issues on the server side?

 Thanks for all your help.

 _
 Joey Proulx
 SAU #21 Technology Support Staff
 2 Alumni Drive
 Hampton, NH 03842
 (603) 926-8992, ext 115
 [EMAIL PROTECTED]



 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)





---
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Darrell \([EMAIL PROTECTED]) 
Joey, 

A couple of thoughts. 

1.) Look at adding a content test like invURIBL or Message Sniffer.  Both 
have trials.
2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers 
can easily setup SPF records.
3.) Add a few of the other RBL style tests.  make sure you adjust the weight 
for your system and add the corresponding entries in the $default$.junkmail 
file.
XBL(LAST)	dnsbl	%IP4R%.sbl-xbl.spamhaus.org	127.0.0.4	12	0
XBL(ALL)	ip4r	sbl-xbl.spamhaus.org		127.0.0.4	4	0
UCEPROTECT-LAST	dnsbl	%IP4R%.dnsbl-1.uceprotect.net	127.0.0.2	6	0
UCEPROTECT-ALL	ip4r	dnsbl-1.uceprotect.net		127.0.0.2	2	0
SENDERDB-BLACK	ip4r	pub.senderdb.net		127.0.0.2	10	0
SENDERDB-SUSPICIOUS	ip4r	pub.senderdb.net	127.0.0.4	4	0
MAILPOLICE-BULK	rhsbl	bulk.rhs.mailpolice.com	127.0.0.2	9	0
MAILPOLICE-PORN	rhsbl	porn.rhs.mailpolice.com	127.0.0.2	12	0
MAILPOLICE-FRAUD	rhsbl	fraud.rhs.mailpolice.com	127.0.0.2	10	0 

Darrell

Check out http://www.invariantsystems.com for utilities for Declude And 
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG 
Integration, and Log Parsers. 

Joey Proulx writes: 

Thank you for the response.  Here is my global.cfg file: 

#=ADVANCED OPTIONS   
= 

CONSOLE ON 

#IPBYPASS   192.0.2.25 

HOP 0
#HOPHIGH1 

#DNS127.0.0.1 

HIDETESTS   CATCHALLMAILS IPNOTINMX NOLEGITCONTENT 

CATCHALLMAILS   catchallmails   x   x   0   0
NOLEGITCONTENT  nolegitcontent  x   x   0   -5
IPNOTINMX   ipnotinmx   x   x   0   -3 

#=WHITELISTS 
=== 

#WHITELIST  HABEAS
#AUTOWHITELIST  ON
PREWHITELISTON
WHITELIST   AUTH 

# - Domain Example -
WHITELISTFROM   @declude.com
WHITELISTFROM   @munis.com 

# - User Example -
WHITELISTFROM   [EMAIL PROTECTED] 

# - TO  Example -
#WHITELIST  TO  postmaster@
#WHITELIST  TO  abuse@ 

#=BLACKLISTS 
=== 

#BLACKLIST  fromfile[path]\Filters\blacklist.txtx   10 
0
#BLACKIPipfile  [path]\Filters\blackip.txt  x   10 
0 

#=   RBL IP4R TESTS   
==
# 1. Definitions of the tests to use (do not edit unless you know what you 
are doing). These must come before the actions.
# 2. First is the name of the check, then the type of check (ip4r is a DNS 
lookup using the reverse of the IP address).
# 3. For type ip4r, 'matchstring' is the string to look for, or * for 
anything. 

AHBLip4rdnsbl.ahbl.org  *   6  
   0
BLITZEDALL  ip4ropm.blitzed.org *   7  
   0
CBL ip4rcbl.abuseat.org 127.0.0.2   6  
   0
DSBLip4rlist.dsbl.org   *   6  
   0
ORDBip4rrelays.ordb.org *   5  
   0
SBL ip4rsbl.spamhaus.org*   7  
   0
SORBS-HTTP  ip4rdnsbl.sorbs.net 127.0.0.2   5  
   0
SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3   5  
   0
SORBS-MISC  ip4rdnsbl.sorbs.net 127.0.0.4   5  
   0
SORBS-SMTP  ip4rdnsbl.sorbs.net 127.0.0.5   5  
   0
SORBS-SPAM  ip4rdnsbl.sorbs.net 127.0.0.6   4  
   0
#SORBS-WEB  ip4rdnsbl.sorbs.net 127.0.0.7   5  
   0
SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8   5  
   0
SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9   5  
   0
SORBS-DUHL  ip4rdnsbl.sorbs.net 127.0.0.10  4  
   0
SPAMCOP ip4rbl.spamcop.net  127.0.0.2   7  
   0
#MTLDB  ip4rmtldb.declude.com   127.0.0.2   3  
   0 

BONDEDSENDERip4rquery.bondedsender.org  127.0.0.10  
-10 0 

#ADDITIONAL USED RBL IP4R TESTS
#FIVETENSRC ip4rblackholes.five-ten-sg.com  127.0.0.2   2  
   0
#JAMMDNSBL  ip4rdnsbl.jammconsulting.com127.0.0.2   2  
   0 

#=   RHBSL  TESTS 
== 

DSN rhsbl   dsn.rfc-ignorant.org127.0.0.2   3  
   0
#NOABUSErhsbl   abuse.rfc-ignorant.org  127.0.0.4   2  
   0
#NOPOSTMASTER   rhsbl   postmaster.rfc-ignorant.org 127.0.0.3   1  
   0 

#=   OTHER  TESTS 
==

RE: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread Ncl Admin 
Right, so they have to make it so that we can account for this which is what 
they didn't do when they made the change in 2.0 as we do know what the account 
name is, however, if you don't have pro version that is even a bigger issue.  
Not a problem for me, but perhaps others.

---
Network Administrator
[EMAIL PROTECTED]


-- Original Message --
From: Kevin Bilbee [EMAIL PROTECTED]
Reply-To: Declude.JunkMail@declude.com
Date:  Thu, 3 Mar 2005 14:48:31 -0800

The copy all account is added before the message is passed ot declude so
declude should not know the difference.


Kevin Bilbee

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Ncl Admin
 Sent: Thursday, March 03, 2005 2:34 PM
 To: Declude.JunkMail@declude.com; Declude.JunkMail@declude.com
 Subject: RE: [Declude.JunkMail] Declude 2.x


 At 04:40 PM 3/3/2005 -0500, Andy Schmidt wrote:
 I generally agree that the new function is desirable. Now we just need to
 figure out how to implement it robustly.
 
 E.g., when Declude modifies the envelope to the new route-to
 address, it
 may have to remember that new recipient so that it can reference it in
 case it later encounters a DELETE action.
 
 Or, to reverse that logic, let the ROUTETO remember the new recipient -
 but don't actually update the envelope until Spam processing for
 that user
 is complete.

 The problem is the COPYALL account as it will always be HELD rather than
 have SPAM deleted as it always fails enough HOLD actions prior to DELETE
 weight.

 And as the COPYALL isn't a real part of the envelope it most likely
 causes more problems since it is added somewhere in IMAIL as a seperate
 addressee.


 [This E-mail scanned for viruses by F-Prot]

 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
[This E-mail scanned for viruses by F-Prot]


 

[This E-mail scanned for viruses by F-Prot]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread John Tolmachoff \(Lists\) 
  I expect to re-route email that fails WEIGHT10 but to simply delete
  email when it fails the higher weight because the probability of spam
  there is much higher and I do not want to waste my time checking it.
  The problem is that the WEIGHT10 ROUTETO action removes me as a
  recipient and replaces me with [EMAIL PROTECTED]; when the DELETE action
  is triggered, it tries to delete me as a recipient, but I have already
  been replaced, so the deletion does not occur.
 
 
 Wow, that is REALLY NOT how this should be working.  The clear and
 obvious mistake was to let the ROUTETO action change the recipient for
 which the actions were being applied.  If you don't see the err in this,
 please chime up because I could write a book about how this is bad and
 will have many unintended consequences.

I have not been following the thread in detail, but if some one that is
having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure
there are no overlappings, I have a feeling the at least part of the
problem might be resolved.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Joey Proulx 
Thanks Dan,
Is it generally frowned upon to use another company's spam setup, like 
yours?  My feelings are that I'm not very experienced with this and you 
seem to have a very nice setup.  I know I'd have to change a few things to 
reflect our system, but it would take me years to learn enough about spam 
and mail servers to setup something like that.  Mail is only a fraction of 
what I do here...I need as much a plug and play system as I can :)

Thanks.
Joey
At 10:29 AM 3/4/2005, you wrote:
Joey,
If you go here http://declude.mydomain.com/ (where mydomain.com is the
domain I use in my from address) you can see the part of our Declude
JunkMail Config which we make public.
Thanks,
Dan
- Original Message -
From: Joey Proulx [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 8:13 AM
Subject: [Declude.JunkMail] Beginner configuration?
 Hello,

 Just downloaded the demo version of Junkmail Pro, and I was curious about
 the basic setup.  For the last two days I've monitored and tweaked and
held
 and redirected and spent hours upon hours looking over the junkmail setup
 and rules and whatnot.  I'm wondering if I'm reinventing the wheel.  I
work
 for a school district with a big spam problem, but as any of you in gov't
 know, if I tell them we should buy something I need to make sure it
 works.  I was just wondering if there are any tried and true setups that
 any of you are using to cut down on the spam.  I'm seeing that this system
 works, but I'm also still running the built-in Imail filter, and I've seen
 quite a few messages that get caught by Imail, but have a Declude score of
 0, that should NOT have made it through.  Do you all still run the builtin
 Imail spam as well?  Any filters I should definitely setup?

 I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header)
 from some local clients (I don't control all my clients, so I don't think
I
 can make them authenticate).  Should I do away with these tests, or can I
 fix these two issues on the server side?

 Thanks for all your help.

 _
 Joey Proulx
 SAU #21 Technology Support Staff
 2 Alumni Drive
 Hampton, NH 03842
 (603) 926-8992, ext 115
 [EMAIL PROTECTED]



 ---
 [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)



---
E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan)
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread Matt 




John Tolmachoff (Lists) wrote:

  I have not been following the thread in detail, but if some one that is
having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure
there are no overlappings, I have a feeling the at least part of the
"problem" might be resolved.

No, this isn't an appropriate solution. The change makes ROUTETO the
final action, and now it has precedence over DELETE. If you have a
filter called BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message
fails that test plus it fails something that has a ROUTETO action, it
will not be deleted. This change removes our ability to override
ROUTETO in special circumstances. While most issues will be fixed by
preventing the overlapping of weight ranges and the actions, that only
applies to weight based things, and this ties our hands when it comes
to taking actions regardless of weight. That's completely
unacceptable, and I also assume that it was unintentional; the result
of an oversight.

If DELETE is to be changed in the way that they did, they must make it
be able to target a recipient that has already been tagged with
ROUTETO. It makes no sense to use the changed ROUTETO address for
determining further actions. This will also be very difficult to
troubleshoot in some circumstances and also difficult to keep track of.

Declude needs to make sure that the actions are not applied based on
the ROUTETO address' config, but instead the original recipient's
config. If they did that, all problems would be solved, including the
overlapping weight range issue that seemingly has stung so many here.

Matt
-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

RE: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Colbeck, Andrew 
Chipping in my two cents, I'd say you've received excellent advice for
tuning Declude so far.

As a busy sysadmin myself, I'll add some less specific advice from the
field.  Hopefully others will see fit to add their observations.

Go with the weighted system.

You're busy, but resist the urge to go for need a bigger hammer
solutions.  The worst thing you can do is create a filter or ramp up the
weight for a specific blacklist, or make a DELETE action on a single
test.

Living with some spam is better than spending all of your time fighting
it and fishing false positives out of your spam folder.

Start with Declude 2.x, the organization of the log file makes it far
more readable than previous versions.

Your users will call you about missing mail (false positives).  Get
specific information from them about who sent it to whom and when.
Write down your procedure for finding these missing emails and how to
re-queue them.

grep is your friend.  Use find.exe if you're more comfortable, but if
you have large logs or a slow computer, you'll love using grep instead.

Andrew 8)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joey Proulx
Sent: Friday, March 04, 2005 5:14 AM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] Beginner configuration?


Hello,

Just downloaded the demo version of Junkmail Pro, and I was curious
about 
the basic setup.  For the last two days I've monitored and tweaked and
held 
and redirected and spent hours upon hours looking over the junkmail
setup 
and rules and whatnot.  I'm wondering if I'm reinventing the wheel.  I
work 
for a school district with a big spam problem, but as any of you in
gov't 
know, if I tell them we should buy something I need to make sure it 
works.  I was just wondering if there are any tried and true setups that

any of you are using to cut down on the spam.  I'm seeing that this
system 
works, but I'm also still running the built-in Imail filter, and I've
seen 
quite a few messages that get caught by Imail, but have a Declude score
of 
0, that should NOT have made it through.  Do you all still run the
builtin 
Imail spam as well?  Any filters I should definitely setup?

I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header) 
from some local clients (I don't control all my clients, so I don't
think I 
can make them authenticate).  Should I do away with these tests, or can
I 
fix these two issues on the server side?

Thanks for all your help.

_
Joey Proulx
SAU #21 Technology Support Staff
2 Alumni Drive
Hampton, NH 03842
(603) 926-8992, ext 115
[EMAIL PROTECTED]



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
unsubscribe Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread Kevin Bilbee 



We use 
weightrange and do not use per user configurations. Also the messages that were 
over our delete weight and not deleted did not contain a routto 
action??


Kevin 
Bilbee

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of 
  MattSent: Friday, March 04, 2005 9:17 AMTo: 
  Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude 
  2.xJohn Tolmachoff (Lists) wrote: 
  I have not been following the thread in detail, but if some one that is
having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure
there are no overlappings, I have a feeling the at least part of the
"problem" might be resolved.No, this isn't an appropriate 
  solution. The change makes ROUTETO the final action, and now it 
  has precedence over DELETE. If you have a filter called 
  BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it 
  fails something that has a ROUTETO action, it will not be deleted. This 
  change removes our ability to override ROUTETO in special circumstances. 
  While most issues will be fixed by preventing the overlapping of weight ranges 
  and the actions, that only applies to weight based things, and this ties our 
  hands when it comes to taking actions regardless of weight. That's 
  completely unacceptable, and I also assume that it was unintentional; the 
  result of an oversight.If DELETE is to be changed in the way that they 
  did, they must make it be able to target a recipient that has already been 
  tagged with ROUTETO. It makes no sense to use the changed ROUTETO 
  address for determining further actions. This will also be very 
  difficult to troubleshoot in some circumstances and also difficult to keep 
  track of.Declude needs to make sure that the actions are not applied 
  based on the ROUTETO address' config, but instead the original recipient's 
  config. If they did that, all problems would be solved, including the 
  overlapping weight range issue that seemingly has stung so many 
  here.Matt-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

RE: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread Andy Schmidt 
Title: Message




Hi Nick, John, Eric, Fritz, Kevin, Dan, 
NCL Admin, et al:
 This 
change removes our ability to override ROUTETO in special 
circumstances.
I recommendyou sit tight just a little longer. 
The "new" behavior apparently was not intended and I'm certain, Declude will be 
made "downward" compatible.
It may help to check your configurations to whether you 
can company specific (= per domain) actions. If you 
areusing either of these two 
features:

- 
\Domain.com\$default$.junkmail- 
REDIRECT @domain.com
then 
this may explain the (unexpected/temporarily) changed handling of DELETE, HOLD 
and other actions. Again, I believe this will be 
corrected.

Best 
RegardsAndy SchmidtHM Systems Software, 
Inc.600 East Crescent Avenue, 
Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 
(Business)Fax: +1 201 934-9206http://www.HM-Software.com/ 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of MattSent: Friday, March 04, 2005 12:17 
  PMTo: Declude.JunkMail@declude.comSubject: Re: 
  [Declude.JunkMail] Declude 2.xJohn Tolmachoff (Lists) 
  wrote: 
  I have not been following the thread in detail, but if some one that is
having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure
there are no overlappings, I have a feeling the at least part of the
"problem" might be resolved.No, this isn't an appropriate 
  solution. The change makes ROUTETO the final action, and now it 
  has precedence over DELETE. If you have a filter called 
  BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it 
  fails something that has a ROUTETO action, it will not be deleted. This 
  change removes our ability to override ROUTETO in special circumstances. 
  While most issues will be fixed by preventing the overlapping of weight ranges 
  and the actions, that only applies to weight based things, and this ties our 
  hands when it comes to taking actions regardless of weight. That's 
  completely unacceptable, and I also assume that it was unintentional; the 
  result of an oversight.If DELETE is to be changed in the way that they 
  did, they must make it be able to target a recipient that has already been 
  tagged with ROUTETO. It makes no sense to use the changed ROUTETO 
  address for determining further actions. This will also be very 
  difficult to troubleshoot in some circumstances and also difficult to keep 
  track of.Declude needs to make sure that the actions are not applied 
  based on the ROUTETO address' config, but instead the original recipient's 
  config. If they did that, all problems would be solved, including the 
  overlapping weight range issue that seemingly has stung so many 
  here.Matt-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
attachment: HMSoftSmall.jpg

Re: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread Matt 




Kevin,

A per-domain config can also have an effect. This very well might not
be the case with your issue, but in this context I believe that I
should explain further just in case.

If you have a message sent to [EMAIL PROTECTED] that fails tests that
result in both a ROUTETO and DELETE action for example.com, it might
not actually get deleted, instead after failing the ROUTETO action, it
will use the config for whatever per-domain/per-user config the ROUTETO
was pointed at. So if it was ROUTETO [EMAIL PROTECTED], then
Declude would pull the config for otherdomain.com or
[EMAIL PROTECTED] and only execute actions based on that, or at
least that is what I understand. If it didn't fail a DELETE test in
otherdomain.com, it would simply be delivered to the ROUTETO address.

While most issues that this creates can be worked around, it is
unwieldy, excessively complicated, and clearly leads to unexpected
results, especially in a multiple domain environment with per-domain
configs, or those with per-user configs. From a high level view, the
fix is simple, they just shouldn't use the ROUTETO address's config for
determining actions. They should only use the final recipient in
IMail, prior to reaching Declude, for determining all actions.

If you post more of your circumstance, maybe one of us can come up with
an idea as to what is happening.

Matt



Kevin Bilbee wrote:

  
  
  We use weightrange and do not use per user
configurations. Also the messages that were over our delete weight and
not deleted did not contain a routto action??
  
  
  Kevin Bilbee
  
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matt
Sent: Friday, March 04, 2005 9:17 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Declude 2.x


John Tolmachoff (Lists) wrote:

  I have not been following the thread in detail, but if some one that is
having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure
there are no overlappings, I have a feeling the at least part of the
"problem" might be resolved.

No, this isn't an appropriate solution. The change makes ROUTETO the
final action, and now it has precedence over DELETE. If you have a
filter called BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message
fails that test plus it fails something that has a ROUTETO action, it
will not be deleted. This change removes our ability to override
ROUTETO in special circumstances. While most issues will be fixed by
preventing the overlapping of weight ranges and the actions, that only
applies to weight based things, and this ties our hands when it comes
to taking actions regardless of weight. That's completely
unacceptable, and I also assume that it was unintentional; the result
of an oversight.

If DELETE is to be changed in the way that they did, they must make it
be able to target a recipient that has already been tagged with
ROUTETO. It makes no sense to use the changed ROUTETO address for
determining further actions. This will also be very difficult to
troubleshoot in some circumstances and also difficult to keep track of.

Declude needs to make sure that the actions are not applied based on
the ROUTETO address' config, but instead the original recipient's
config. If they did that, all problems would be solved, including the
overlapping weight range issue that seemingly has stung so many here.

Matt
-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
  


-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

RE: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread Erik 
Title: Message



And 
also:

If you 
have the COPY ALL EMAIL active in Imail.. the DELETE action does does not 
work. In our setup, we do not use any ROUTETO in any of our config 
files. And you can not setup a per domain/user for that copy all email 
account.

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of MattSent: Friday, March 04, 2005 6:17 
  PMTo: Declude.JunkMail@declude.comSubject: Re: 
  [Declude.JunkMail] Declude 2.xJohn Tolmachoff (Lists) 
  wrote: 
  I have not been following the thread in detail, but if some one that is
having the problem would change to WEIGHTRANGE instead of WEIGHT and ensure
there are no overlappings, I have a feeling the at least part of the
"problem" might be resolved.No, this isn't an appropriate 
  solution. The change makes ROUTETO the final action, and now it 
  has precedence over DELETE. If you have a filter called 
  BLACKLIST-NO-MATTER-WHAT set to DELETE, and a message fails that test plus it 
  fails something that has a ROUTETO action, it will not be deleted. This 
  change removes our ability to override ROUTETO in special circumstances. 
  While most issues will be fixed by preventing the overlapping of weight ranges 
  and the actions, that only applies to weight based things, and this ties our 
  hands when it comes to taking actions regardless of weight. That's 
  completely unacceptable, and I also assume that it was unintentional; the 
  result of an oversight.If DELETE is to be changed in the way that they 
  did, they must make it be able to target a recipient that has already been 
  tagged with ROUTETO. It makes no sense to use the changed ROUTETO 
  address for determining further actions. This will also be very 
  difficult to troubleshoot in some circumstances and also difficult to keep 
  track of.Declude needs to make sure that the actions are not applied 
  based on the ROUTETO address' config, but instead the original recipient's 
  config. If they did that, all problems would be solved, including the 
  overlapping weight range issue that seemingly has stung so many 
  here.Matt-- 
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=

RE: [Declude.JunkMail] Declude 2.x

2005-03-04 Thread Nick Hayer 
On 4 Mar 2005 at 12:51, Andy Schmidt wrote:
 
 Hi Nick, John, Eric, Fritz, Kevin, Dan, NCL Admin, et al:
 I recommendyou sit tight just a little longer. 
Done!. I'm chilled. No problem. Really. Honest!
:)

The only thing that slightly ticked me off was lack of communication 
about this bug. Now that has been addressed in detail I have no 
issues. No question it will get resolved now. Time to move on.

-Nick
 

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread John Olden 
You mention that he should adjust for the weight of his system, but you do
not let him know what weighting system you are using. Can you expand on
that?  I.e. Hold at 10, Delete at 20  Thanks.

John Olden
Systems Administrator
Champaign Park District

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, March 04, 2005 9:47 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Beginner configuration?

Joey, 

A couple of thoughts. 

1.) Look at adding a content test like invURIBL or Message Sniffer.  Both
have trials.
2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers
can easily setup SPF records.
3.) Add a few of the other RBL style tests.  make sure you adjust the weight
for your system and add the corresponding entries in the $default$.junkmail
file.
XBL(LAST)   dnsbl   %IP4R%.sbl-xbl.spamhaus.org 127.0.0.4   12
0
XBL(ALL)ip4rsbl-xbl.spamhaus.org127.0.0.4   4
0
UCEPROTECT-LAST dnsbl   %IP4R%.dnsbl-1.uceprotect.net   127.0.0.2   6
0
UCEPROTECT-ALL  ip4rdnsbl-1.uceprotect.net  127.0.0.2   2
0
SENDERDB-BLACK  ip4rpub.senderdb.net127.0.0.2   10
0
SENDERDB-SUSPICIOUS ip4rpub.senderdb.net127.0.0.4   4
0
MAILPOLICE-BULK rhsbl   bulk.rhs.mailpolice.com 127.0.0.2   9   0
MAILPOLICE-PORN rhsbl   porn.rhs.mailpolice.com 127.0.0.2   12  0
MAILPOLICE-FRAUDrhsbl   fraud.rhs.mailpolice.com127.0.0.2
10  0 


Darrell
 
Check out http://www.invariantsystems.com for utilities for Declude And
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers. 

Joey Proulx writes: 

 Thank you for the response.  Here is my global.cfg file: 
 
 #=ADVANCED OPTIONS   
 =
 
 CONSOLE ON
 
 #IPBYPASS   192.0.2.25 
 
 HOP 0
 #HOPHIGH1 
 
 #DNS127.0.0.1 
 
 HIDETESTS   CATCHALLMAILS IPNOTINMX NOLEGITCONTENT 
 
 CATCHALLMAILS   catchallmails   x   x   0   0
 NOLEGITCONTENT  nolegitcontent  x   x   0   -5
 IPNOTINMX   ipnotinmx   x   x   0   -3 
 
 #=WHITELISTS 
 ===
 
 #WHITELIST  HABEAS
 #AUTOWHITELIST  ON
 PREWHITELISTON
 WHITELIST   AUTH 
 
 # - Domain Example -
 WHITELISTFROM   @declude.com
 WHITELISTFROM   @munis.com 
 
 # - User Example -
 WHITELISTFROM   [EMAIL PROTECTED] 
 
 # - TO  Example -
 #WHITELIST  TO  postmaster@
 #WHITELIST  TO  abuse@ 
 
 #=BLACKLISTS 
 ===
 
 #BLACKLIST  fromfile[path]\Filters\blacklist.txtx   10

 0
 #BLACKIPipfile  [path]\Filters\blackip.txt  x   10

 0
 
 #=   RBL IP4R TESTS   
 ==
 # 1. Definitions of the tests to use (do not edit unless you know what 
 you are doing). These must come before the actions.
 # 2. First is the name of the check, then the type of check (ip4r is a 
 DNS lookup using the reverse of the IP address).
 # 3. For type ip4r, 'matchstring' is the string to look for, or * 
 for anything.
 
 AHBLip4rdnsbl.ahbl.org  *   6

0
 BLITZEDALL  ip4ropm.blitzed.org *   7

0
 CBL ip4rcbl.abuseat.org 127.0.0.2   6

0
 DSBLip4rlist.dsbl.org   *   6

0
 ORDBip4rrelays.ordb.org *   5

0
 SBL ip4rsbl.spamhaus.org*   7

0
 SORBS-HTTP  ip4rdnsbl.sorbs.net 127.0.0.2   5

0
 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3   5

0
 SORBS-MISC  ip4rdnsbl.sorbs.net 127.0.0.4   5

0
 SORBS-SMTP  ip4rdnsbl.sorbs.net 127.0.0.5   5

0
 SORBS-SPAM  ip4rdnsbl.sorbs.net 127.0.0.6   4

0
 #SORBS-WEB  ip4rdnsbl.sorbs.net 127.0.0.7   5

0
 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8   5

0
 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9   5

0
 SORBS-DUHL  ip4rdnsbl.sorbs.net 127.0.0.10  4

0
 SPAMCOP ip4rbl.spamcop.net  127.0.0.2   7

0
 #MTLDB  ip4rmtldb.declude.com   127.0.0.2   3

0

RE: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread John Carter 
I found yesterday that MAILPOLICE Bulk and Porn have been combined into
Block (although there may be legitimate reasons to do separate lookups.)
http://rhs.mailpolice.com/usage.php  One page says fraud is in there too,
but they are not consistent with that.

John


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, March 04, 2005 9:47 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Beginner configuration?

Joey, 

A couple of thoughts. 

[un-needed content cut out]

MAILPOLICE-BULK rhsbl   bulk.rhs.mailpolice.com 127.0.0.2   9   0
MAILPOLICE-PORN rhsbl   porn.rhs.mailpolice.com 127.0.0.2   12  0
MAILPOLICE-FRAUDrhsbl   fraud.rhs.mailpolice.com127.0.0.2
10  0 


Darrell

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Darrell \([EMAIL PROTECTED]) 
Sorry about that. 

Subject Tag 12
Hold 20
Delete 30+ 

Darrell

Check out http://www.invariantsystems.com for utilities for Declude And 
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG 
Integration, and Log Parsers. 

John Olden writes: 

You mention that he should adjust for the weight of his system, but you do
not let him know what weighting system you are using. Can you expand on
that?  I.e. Hold at 10, Delete at 20  Thanks. 

John Olden
Systems Administrator
Champaign Park District 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell
([EMAIL PROTECTED])
Sent: Friday, March 04, 2005 9:47 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Beginner configuration? 

Joey,  

A couple of thoughts.  

1.) Look at adding a content test like invURIBL or Message Sniffer.  Both
have trials.
2.) I would not give a negative weight for BONDEDSENDER or SPFPASS. Spammers
can easily setup SPF records.
3.) Add a few of the other RBL style tests.  make sure you adjust the weight
for your system and add the corresponding entries in the $default$.junkmail
file.
XBL(LAST)	dnsbl	%IP4R%.sbl-xbl.spamhaus.org	127.0.0.4	12
0
XBL(ALL)	ip4r	sbl-xbl.spamhaus.org		127.0.0.4	4
0
UCEPROTECT-LAST	dnsbl	%IP4R%.dnsbl-1.uceprotect.net	127.0.0.2	6
0
UCEPROTECT-ALL	ip4r	dnsbl-1.uceprotect.net		127.0.0.2	2
0
SENDERDB-BLACK	ip4r	pub.senderdb.net		127.0.0.2	10
0
SENDERDB-SUSPICIOUS	ip4r	pub.senderdb.net	127.0.0.4	4
0
MAILPOLICE-BULK	rhsbl	bulk.rhs.mailpolice.com	127.0.0.2	9	0
MAILPOLICE-PORN	rhsbl	porn.rhs.mailpolice.com	127.0.0.2	12	0
MAILPOLICE-FRAUD	rhsbl	fraud.rhs.mailpolice.com	127.0.0.2
10	0  

Darrell
 
Check out http://www.invariantsystems.com for utilities for Declude And
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.  

Joey Proulx writes:  

Thank you for the response.  Here is my global.cfg file:  

#=ADVANCED OPTIONS   
= 

CONSOLE ON 

#IPBYPASS   192.0.2.25  

HOP 0
#HOPHIGH1  

#DNS127.0.0.1  

HIDETESTS   CATCHALLMAILS IPNOTINMX NOLEGITCONTENT  

CATCHALLMAILS   catchallmails   x   x   0   0
NOLEGITCONTENT  nolegitcontent  x   x   0   -5
IPNOTINMX   ipnotinmx   x   x   0   -3  

#=WHITELISTS 
=== 

#WHITELIST  HABEAS
#AUTOWHITELIST  ON
PREWHITELISTON
WHITELIST   AUTH  

# - Domain Example -
WHITELISTFROM   @declude.com
WHITELISTFROM   @munis.com  

# - User Example -
WHITELISTFROM   [EMAIL PROTECTED]  

# - TO  Example -
#WHITELIST  TO  postmaster@
#WHITELIST  TO  abuse@  

#=BLACKLISTS 
=== 

#BLACKLIST  fromfile[path]\Filters\blacklist.txtx   10

0
#BLACKIPipfile  [path]\Filters\blackip.txt  x   10

0 

#=   RBL IP4R TESTS   
==
# 1. Definitions of the tests to use (do not edit unless you know what 
you are doing). These must come before the actions.
# 2. First is the name of the check, then the type of check (ip4r is a 
DNS lookup using the reverse of the IP address).
# 3. For type ip4r, 'matchstring' is the string to look for, or * 
for anything. 

AHBLip4rdnsbl.ahbl.org  *   6

   0
BLITZEDALL  ip4ropm.blitzed.org *   7

   0
CBL ip4rcbl.abuseat.org 127.0.0.2   6

   0
DSBLip4rlist.dsbl.org   *   6

   0
ORDBip4rrelays.ordb.org *   5

   0
SBL ip4rsbl.spamhaus.org*   7

   0
SORBS-HTTP  ip4rdnsbl.sorbs.net 127.0.0.2   5

   0
SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3   5

   0
SORBS-MISC  ip4rdnsbl.sorbs.net 127.0.0.4   5

   0
SORBS-SMTP  ip4rdnsbl.sorbs.net 127.0.0.5   5

   0
SORBS-SPAM  ip4rdnsbl.sorbs.net 127.0.0.6   4

   0
#SORBS-WEB  ip4rdnsbl.sorbs.net 127.0.0.7   5

   0
SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8   5

   0
SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9   5

   0
SORBS-DUHL  ip4rdnsbl.sorbs.net 127.0.0.10  4

   0
SPAMCOP ip4rbl.spamcop.net

Re: [Declude.JunkMail] Kodak EZ Share (headers)

2005-03-04 Thread Richard Farris 
Thanks for your help...I will figure it out...
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
Crossroads to a Cleaner Internet
- Original Message - 
From: Andy Schmidt [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, March 02, 2005 3:23 PM
Subject: RE: [Declude.JunkMail] Kodak EZ Share (headers)

Hi Richard:
Well ONE copy came through (with the subject Sent Best For Email).  I
appears to have a good reverse DNS, a good HELO.
It is using YOUR email address as the MAIL FROM - which is fine, unless your
postfix mail gateway does not allow email from the outside to have your
domain name?
I can't be certain, whether the Message ID is there's or whether it was
missing and inserted by Imail (that could trigger Declude).
DNSstuff.com is down - so I can't tell how bad that IP address is - but it
appears that it is black-listed with FIVETEN.
I have not seen your second email - I'll have to chase it in the logs.
Received: from snj-us-pcwp-703.kodak.com [63.240.114.202] by hm-software.com
with ESMTP
 (SMTPD32-8.15) id A6B51D1202A8; Wed, 02 Mar 2005 14:40:37 -0500
Received: from picturecd.kodak.com
(0-1pool96-192.nas1.paducah1.ky.us.da.qwest.net [65.137.96.192])
by snj-us-pcwp-703.kodak.com (8.11.7p2/8.11.7) with SMTP id
j22JJA214188;
Wed, 2 Mar 2005 19:19:11 GMT
Message-Id: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Sent Best for Email
Date: Wed, 02 Mar 2005 13:19:16 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=1_boundary
X-Declude: Version 2.0.4.2; D16b51d1202a86d98.SMD from
snj-us-pcwp-703-att.kodak.com [63.240.114.202]
X-Countries: UNITED STATES-destination
Return-Path: [EMAIL PROTECTED]
X-RCPT-TO: [EMAIL PROTECTED]
Status: U
X-UIDL: 409773178

Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris
Sent: Wednesday, March 02, 2005 02:52 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Kodak EZ Share (headers)
I just sent a 2 copies to Andy at [EMAIL PROTECTED]
so we will see what he says...one copy is Original  1.4 Mb and the other is
Best for Email .68 Mb
I know that most are not interested in this but it is really bugging me why
the pictures won't come thru..
thanxs for your help..
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
Crossroads to a Cleaner Internet
- Original Message - 
From: Marc Catuogno [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, March 02, 2005 1:27 PM
Subject: RE: [Declude.JunkMail] Kodak EZ Share (headers)

Here are the headers - I have something with Kodak in my negative headers to
try to let this stuff through.
Received: from snj-us-pcwp-708.us.kodak.com [63.240.114.217] by
mail.prudentialrand.com with ESMTP
 (SMTPD32-8.05) id A37246900BC; Wed, 02 Mar 2005 14:26:42 -0500
Received: from picturecd.kodak.com (ool-182cf376.dyn.optonline.net
[24.44.243.118])
by snj-us-pcwp-708.us.kodak.com (8.11.7p2/8.11.7) with SMTP id j22JDa617939
for [EMAIL PROTECTED]; Wed, 2 Mar 2005 19:13:37 GMT
Message-Id: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: 3/02/05
Date: Wed, 02 Mar 2005 14:13:38 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=1_boundary
X-RBL-Warning: IPNOTINMX:
X-Declude-Sender: [EMAIL PROTECTED] [63.240.114.217]
X-Declude-Spoolname: D1372046900bcd817.SMD
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for
spam.
X-Spam-Tests-Failed: IPNOTINMX, NOLEGITCONTENT, NEGATIVEHEADERS,
SPAMDOMAINS1, GIBBERISH, ANTI-GIBBERISH [-10]
X-Country-Chain:
X-Note: This E-mail was sent from snj-us-pcwp-708-att.kodak.com
([63.240.114.217]).
X-IMAIL-SPAM-HTML-FEATURES: (Image Tag)
X-RCPT-TO: [EMAIL PROTECTED]
Status: U
X-UIDL: 387273370
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Wednesday, March 02, 2005 11:46 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Kodak EZ Share
All these get held on my system because you send it from your
e-mail
address without authenticating, so it never gets whitelisted with Whitelist
Auth and it fails my spam domains test. But if you aren't seeing them at
all, I'd guess it is the attachment size. 
Marc - can you post the headers from the held message file. You mention it
fails the spam domains test - for all we know there are other factors (such
as the sending IP, or the HELO string) that cause his Postfix spam gateway
to block the messages...
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
- Original Message - 
From: Marc Catuogno
To: Declude.JunkMail@declude.com
Sent: Wednesday, March 02, 2005 7:01 AM

[Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread Erik 
Is just my browser, or is Declude's clock on:
https://www.declude.com/SearchResults.asp?Cat=5
Off?  In CET (Central European Time) of 2:15AM, their clock shows 4:15AM EST
when it should be showing 9:15PM EST.

.hope this doesn't reflect in their 2.0 programming code.  ;-)




---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread Dave Doherty 



Actually, it shows -4 hours. 


GMTas I write thisis 01:46 
The code they use on the pagesubtracts five hours, which results in a 
value of -4 for the hours. They need to add a line to add 24 if the result is 
negative. I'm sure it looks fine 19 
hours a day, though...

And no, it does not giveme a lot of 
confidence, either, but now that we've aired the problem and the cure, let's see 
how long it takes to fix...

-d





SCRIPTfunction tick() 
{var hours, minutes, seconds, ap;var intHours, intMinutes, 
intSeconds;var today;today = new Date();intHours = 
today.getUTCHours()-5;intMinutes = 
today.getUTCMinutes();intSeconds = today.getUTCSeconds();

//add 
this:
if (intHours  
0) {
intHours += 
24
}

if (intHours == 0) {

hours = "12:";

ap = "EST Midnight";} else if 
(intHours  12) {hours = intHours+":";ap = " AM EST is the current 
time for Declude Support Personnel";} else if (intHours == 12) {hours = 
"12:";ap = "EST Noon";} else {intHours = intHours - 12hours = 
intHours + ":";ap = "PM EST is the current time for Declude Support 
Personnel";}if (intMinutes  10) {minutes = 
"0"+intMinutes+":";} else {minutes = intMinutes+":";}if 
(intSeconds  10) {seconds = "0"+intSeconds+" ";} else {seconds = 
intSeconds+" ";}timeString = 
hours+minutes+seconds+ap;Clock.innerHTML = 
timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT








- Original Message - 
From: "Erik" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 8:25 
PM
Subject: [Declude.JunkMail] OT: Clock 
Time on Declude Support
Is just my browser, or is Declude's clock 
on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 2:15AM, 
their clock shows 4:15AM ESTwhen it should be showing 9:15PM 
EST..hope this doesn't reflect in their 2.0 programming code. 
;-)---[This E-mail was scanned for viruses by Declude 
Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing 
list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], 
andtype "unsubscribe Declude.JunkMail". The archives can be 
foundat http://www.mail-archive.com.

RE: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread Andy Schmidt 
Hm,

What am I missing - it's stating Via Ticket System (and I've seen others
refer to ticket numbers) but WHERE on that page does it let me open a
ticket.

The only thing that I see is email to [EMAIL PROTECTED] - but that doesn't 
respond
with a ticket (at least not when I had used it earlier this week?)

Best Regards
Andy Schmidt

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik
Sent: Friday, March 04, 2005 08:26 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] OT: Clock Time on Declude Support


Is just my browser, or is Declude's clock on:
https://www.declude.com/SearchResults.asp?Cat=5
Off?  In CET (Central European Time) of 2:15AM, their clock shows 4:15AM EST
when it should be showing 9:15PM EST.

.hope this doesn't reflect in their 2.0 programming code.  ;-)




---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Declude.JunkMail.  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] catchallmails question

2005-03-04 Thread Imail Admin 
Title: Message



Hey Scott,

This is really a question for you about JM. 
The JM log file lists "passed" messages as "L1 Message OK", so it's only the 
failed messages that list the actual tests failed. However, isn't 
catchallmails supposed to fail for all messages? So it must be the JM 
ignores the catchallmails failure when listing a message as "OK." Is this 
understanding correct?

I'm just trying to understand the behavior in the 
log files. Should all "failed" messages always list catchallmails? 
If so, does that mean the a count of the number of catchallmails-failed messages 
in the log should equal the number of messages that failed some (other) 
test? For example, if I have a log of 10,000 messages, and I know that 
7,000 of them list the catchallmails option in their list of failed messages, 
that should mean there were 7,000 messages (70%) that failed some other 
test.

Thanks,

Ben
BC Web



  
  - Original Message - 
  From: 
  Imail 
  Admin 
  To: Declude.JunkMail@declude.com 
  
  Sent: Thursday, March 03, 2005 12:15 
  PM
  Subject: Re: [Declude.JunkMail] 
  catchallmails question
  
  Thanks, Darrell. This at least sets me on 
  the right path. I don't believe "Whitelist AUTH" is something we use 
  because we're running IMail 7.15, which, I believe, doesn't support that 
  option. However, there must be other,similar causes for being 
  skipped.
  
  So, does anyone know a list of reasons why 
  messages would be skipped? Obviously, a whitelist of address, domains, 
  and IPs, would be one possibility.
  
  For that matter, does anyone have a utility that 
  would analyze messages being skipped? It would seem an obvious thing to 
  review, in case a whitelisted source (AUTH, address, etc.) becomes 
  hijacked. Perhaps this would be a good addition for 
  DLAnalyzer.
  
  Ben
  
  
- Original Message - 
From: 
Darrell 
([EMAIL PROTECTED]) 
To: Declude.JunkMail@declude.com 

Sent: Wednesday, March 02, 2005 6:56 
PM
Subject: Re: [Declude.JunkMail] 
catchallmails question

Ben,

There are various conditions that can account 
for messages being picked up without being marked with the "CATCHALLMAILS" 
test. A good bulk of these instances occur because a message under 
certain conditions will not loga "Test failed" line.

One example is "Whitelist AUTH" in this 
particular example the only line that is logged in the Declude log for that 
particular message is this.

02/28/2004 00:01:59 Q57371524c9ad Skipping 
E-mail from authenticated user [EMAIL PROTECTED]; 
whitelisted.

In regards to DLAnalyzer it will count this as 
a message (as it should), but there will be no tests associated with it like 
"catchallmails" because the "Tests failed" line is not logged. There 
are other situations where this also occurs, but that one stuck into my 
head.

Hope that helps.
Darrell
---Check out http://www.invariantsystems.com 
for utilities for Declude And Imail. IMail/Declude Overflow Queue 
Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers.

  - Original Message - 
  From: 
  Imail Admin 
  To: Declude.JunkMail@declude.com 
  
  Sent: Wednesday, March 02, 2005 7:54 
  PM
  Subject: [Declude.JunkMail] 
  catchallmails question
  
  Hi,
  
  I have a strange question, which once against 
  my astounding ignorance. I just tried using DLAnalyzer Lite on our 
  latest Declude JM log. For the sample I tested, I got these 
  results:
  
  Total Messages Processed: 11,234Messages 
  That Failed Defined Test(s): 10,153Percentage That Failed Defined 
  Test(s): 90.38%Average Message Weight: 4Average Message 
  Weight/Failed: 5
  
  TEST 
  # FAILED 
  PercentageWEIGHT10...6,308...56.15%CATCHALLMAILS..5,393...48.01%NOLEGITCONTENT.4,361...38.82%IPNOTINMX..4,237...37.72%WEIGHT53,856...34.32%WEIGHT10S..3,564...31.73%WEIGHT20...3,509...31.24%WEIGHT73,465...30.84%SNIFFER3,451...30.72%SPAMCOP3,006...26.76%
  You can ignore the Weight tests; those are 
  just weight ranges and not real tests. Here's the thing: 
  Catchallmails also is not a real test; it's supposed to catch all 
  emails. So why doesn't the Catchallmails statistic above show 
  100%? The system is telling me that Catchallmails only caught 
  48%.
  
  I should mention that Catchallmails comes in 
  the global.cfg file after the regular tests, and after the weight ranges, 
  but before a handful of whitelisted IPs.
  
  Help, please?
  
  Ben
  BC Web

RE: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Evans Martin 
Does LOOSENSPAMHEADERS   ON have to go in the global.cfg?  What if I want to
do this for one domain but not for others?  Is there any way to accomplish
this?

Thanks,
Evans Martin


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED])
 Sent: Friday, March 04, 2005 8:17 AM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] Beginner configuration?
 
 Joey,
 
 Declude is very effective when tweaked.  Not to mention the default
 global.cfg ships without all of the RBL's that most of us use (XBL, UCE,
 MAIL-POLICE, SENDERDB).  Also, there are other 3rd patry utilties which
 are
 very effective at catching spam like like invURIBL and Message Sniffer.
 Both of those applications have trial versions.
 
 Are you still using the default scale?  Since you have been working with
 your global.cfg you might want to post it to the list for us to look over
 it
 and see what you have done so far as to make suggestions.
 
 For your clients that you are not in control of I would imagine that you
 know the ip blocks they come from or the firewall ip that they are behind
 that.  You can whitelist that ip so that them failing the cmdspace will
 not
 be a factor.  CMDSPACE is very effective but direct connects from clients
 using outlook will set that off.
 
 For SPAMHEADERS I use LOOSENSPAMHEADERS   ON this relaxes the
 spamheaders
 test so that it does not trigger on missing message ID emails.
 
 Hope that helps,
 Darrell
  
 Check out http://www.invariantsystems.com for utilities for Declude And
 Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
 MRTG
 Integration, and Log Parsers.
 
 
 
 Joey Proulx writes:
 
  Hello,
 
  Just downloaded the demo version of Junkmail Pro, and I was curious
 about
  the basic setup.  For the last two days I've monitored and tweaked and
  held and redirected and spent hours upon hours looking over the junkmail
  setup and rules and whatnot.  I'm wondering if I'm reinventing the
 wheel.
  I work for a school district with a big spam problem, but as any of you
 in
  gov't know, if I tell them we should buy something I need to make sure
 it
  works.  I was just wondering if there are any tried and true setups that
  any of you are using to cut down on the spam.  I'm seeing that this
 system
  works, but I'm also still running the built-in Imail filter, and I've
 seen
  quite a few messages that get caught by Imail, but have a Declude score
 of
  0, that should NOT have made it through.  Do you all still run the
 builtin
  Imail spam as well?  Any filters I should definitely setup?
 
  I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header)
  from some local clients (I don't control all my clients, so I don't
 think
  I can make them authenticate).  Should I do away with these tests, or
 can
  I fix these two issues on the server side?
 
  Thanks for all your help.
 
  _
  Joey Proulx
  SAU #21 Technology Support Staff
  2 Alumni Drive
  Hampton, NH 03842
  (603) 926-8992, ext 115
  [EMAIL PROTECTED]
 
 
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
  (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 
 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus]
 



---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread David Barker 



Thank you for your feedback. Ihave fixed 
it.Friday night 10:30 pm. What we do too please our customers ;) As for 
the website it is my responsibility and not that of our programmers, so you can 
be confident that this does not reflect our programmers skills.

David B
www.declude.com

  - Original Message - 
  From: 
  Dave Doherty 
  
  To: Declude.JunkMail@declude.com 
  
  Sent: Friday, March 04, 2005 8:53 
PM
  Subject: Re: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  
  Actually, it shows -4 hours. 
  
  
  GMTas I write thisis 01:46 
  The code they use on the pagesubtracts five hours, which results in a 
  value of -4 for the hours. They need to add a line to add 24 if the result is 
  negative. I'm sure it looks fine 19 
  hours a day, though...
  
  And no, it does not giveme a lot 
  of confidence, either, but now that we've aired the problem and the cure, 
  let's see how long it takes to fix...
  
  -d
  
  
  
  
  
  SCRIPTfunction tick() 
  {var hours, minutes, seconds, ap;var intHours, intMinutes, 
  intSeconds;var today;today = new Date();intHours = 
  today.getUTCHours()-5;intMinutes = 
  today.getUTCMinutes();intSeconds = today.getUTCSeconds();
  
  //add 
  this:
  if (intHours  
  0) {
  intHours += 
  24
  }
  
  if (intHours == 0) {
  
  hours = "12:";
  
  ap = "EST Midnight";} else if 
  (intHours  12) {hours = intHours+":";ap = " AM EST is the current 
  time for Declude Support Personnel";} else if (intHours == 12) {hours 
  = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours 
  = intHours + ":";ap = "PM EST is the current time for Declude Support 
  Personnel";}if (intMinutes  10) {minutes = 
  "0"+intMinutes+":";} else {minutes = intMinutes+":";}if 
  (intSeconds  10) {seconds = "0"+intSeconds+" ";} else {seconds 
  = intSeconds+" ";}timeString = 
  hours+minutes+seconds+ap;Clock.innerHTML = 
  timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT
  
  
  
  
  
  
  
  
  - Original Message - 
  From: "Erik" [EMAIL PROTECTED]
  To: Declude.JunkMail@declude.com
  Sent: Friday, March 04, 2005 8:25 
  PM
  Subject: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  Is just my browser, or is Declude's clock 
  on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 
  2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM 
  EST..hope this doesn't reflect in their 2.0 programming 
  code. ;-)---[This E-mail was scanned for viruses 
  by Declude Virus (http://www.declude.com)]---This E-mail came from the 
  Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to 
  [EMAIL PROTECTED], 
  andtype "unsubscribe Declude.JunkMail". The archives can be 
  foundat http://www.mail-archive.com.
  
  

  No virus found in this incoming message.Checked by AVG 
  Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
  3/1/2005

Re: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread Dave Doherty 



Hi David-

Problem solved. Now that's what I call 
service!

(Thanks for the credit...)

-d


  - Original Message - 
  From: 
  David Barker 
  
  To: Declude.JunkMail@declude.com 
  
  Sent: Friday, March 04, 2005 10:33 
  PM
  Subject: Re: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  
  Thank you for your feedback. Ihave fixed 
  it.Friday night 10:30 pm. What we do too please our customers ;) As for 
  the website it is my responsibility and not that of our programmers, so you 
  can be confident that this does not reflect our programmers 
  skills.
  
  David B
  www.declude.com
  
- Original Message - 
From: 
Dave Doherty 

To: Declude.JunkMail@declude.com 

Sent: Friday, March 04, 2005 8:53 
PM
Subject: Re: [Declude.JunkMail] OT: 
Clock Time on Declude Support

Actually, it shows -4 hours. 


GMTas I write thisis 
01:46 The code they use on the pagesubtracts five hours, which results 
in a value of -4 for the hours. They need to add a line to add 24 if the 
result is negative. I'm sure it 
looks fine 19 hours a day, though...

And no, it does not giveme a 
lot of confidence, either, but now that we've aired the problem and the 
cure, let's see how long it takes to fix...

-d





SCRIPTfunction tick() 
{var hours, minutes, seconds, ap;var intHours, intMinutes, 
intSeconds;var today;today = new Date();intHours = 
today.getUTCHours()-5;intMinutes = 
today.getUTCMinutes();intSeconds = today.getUTCSeconds();

//add 
this:
if (intHours 
 0) {
intHours += 
24
}

if (intHours == 0) {

hours = "12:";

ap = "EST Midnight";} else if 
(intHours  12) {hours = intHours+":";ap = " AM EST is the 
current time for Declude Support Personnel";} else if (intHours == 12) 
{hours = "12:";ap = "EST Noon";} else {intHours = intHours - 
12hours = intHours + ":";ap = "PM EST is the current time for 
Declude Support Personnel";}if (intMinutes  10) {minutes = 
"0"+intMinutes+":";} else {minutes = intMinutes+":";}if 
(intSeconds  10) {seconds = "0"+intSeconds+" ";} else 
{seconds = intSeconds+" ";}timeString = 
hours+minutes+seconds+ap;Clock.innerHTML = 
timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT








- Original Message - 
From: "Erik" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 8:25 
PM
Subject: [Declude.JunkMail] OT: Clock 
Time on Declude Support
Is just my browser, or is Declude's clock 
on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 
2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM 
EST..hope this doesn't reflect in their 2.0 programming 
code. ;-)---[This E-mail was scanned for 
viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the 
Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail 
to [EMAIL PROTECTED], 
andtype "unsubscribe Declude.JunkMail". The archives can be 
foundat http://www.mail-archive.com.



No virus found in this incoming message.Checked by AVG 
Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
3/1/2005

Re: [Declude.JunkMail] Beginner configuration?

2005-03-04 Thread Darrell \([EMAIL PROTECTED]) 
Evan.

It is my understanding that is a global command and is only supported in the
global.cfg file.

Darrell

---
Check out http://www.invariantsystems.com for utilities for Declude And
Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
- Original Message - 
From: Evans Martin [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 10:17 PM
Subject: RE: [Declude.JunkMail] Beginner configuration?


Does LOOSENSPAMHEADERS   ON have to go in the global.cfg?  What if I want to
do this for one domain but not for others?  Is there any way to accomplish
this?

Thanks,
Evans Martin


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED])
 Sent: Friday, March 04, 2005 8:17 AM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] Beginner configuration?

 Joey,

 Declude is very effective when tweaked.  Not to mention the default
 global.cfg ships without all of the RBL's that most of us use (XBL, UCE,
 MAIL-POLICE, SENDERDB).  Also, there are other 3rd patry utilties which
 are
 very effective at catching spam like like invURIBL and Message Sniffer.
 Both of those applications have trial versions.

 Are you still using the default scale?  Since you have been working with
 your global.cfg you might want to post it to the list for us to look over
 it
 and see what you have done so far as to make suggestions.

 For your clients that you are not in control of I would imagine that you
 know the ip blocks they come from or the firewall ip that they are behind
 that.  You can whitelist that ip so that them failing the cmdspace will
 not
 be a factor.  CMDSPACE is very effective but direct connects from clients
 using outlook will set that off.

 For SPAMHEADERS I use LOOSENSPAMHEADERS   ON this relaxes the
 spamheaders
 test so that it does not trigger on missing message ID emails.

 Hope that helps,
 Darrell
  
 Check out http://www.invariantsystems.com for utilities for Declude And
 Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
 MRTG
 Integration, and Log Parsers.



 Joey Proulx writes:

  Hello,
 
  Just downloaded the demo version of Junkmail Pro, and I was curious
 about
  the basic setup.  For the last two days I've monitored and tweaked and
  held and redirected and spent hours upon hours looking over the junkmail
  setup and rules and whatnot.  I'm wondering if I'm reinventing the
 wheel.
  I work for a school district with a big spam problem, but as any of you
 in
  gov't know, if I tell them we should buy something I need to make sure
 it
  works.  I was just wondering if there are any tried and true setups that
  any of you are using to cut down on the spam.  I'm seeing that this
 system
  works, but I'm also still running the built-in Imail filter, and I've
 seen
  quite a few messages that get caught by Imail, but have a Declude score
 of
  0, that should NOT have made it through.  Do you all still run the
 builtin
  Imail spam as well?  Any filters I should definitely setup?
 
  I'm seeing a lot of CMDSPACE and SPAMHEADERS (missing MessageID header)
  from some local clients (I don't control all my clients, so I don't
 think
  I can make them authenticate).  Should I do away with these tests, or
 can
  I fix these two issues on the server side?
 
  Thanks for all your help.
 
  _
  Joey Proulx
  SAU #21 Technology Support Staff
  2 Alumni Drive
  Hampton, NH 03842
  (603) 926-8992, ext 115
  [EMAIL PROTECTED]
 
 
 
  ---
  [This E-mail was scanned for viruses by Declude Virus
  (http://www.declude.com)]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.


 ---
 [This E-mail was scanned for viruses by Declude Virus
 (http://www.declude.com)]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 ---
 [This E-mail scanned for viruses by Declude Virus]




---
[This E-mail scanned for viruses by Declude Virus]

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type

Re: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread Darin Cox 



FYI...your clock script flickers 
needlessly... Instead of refreshing every 1/10 of a second, you might want 
to change the following line in your clock script

window.setTimeout("tick();", 100);

Torefresh every second...

window.setTimeout("tick();", 1000);

or even strip off the seconds and just display 
minutes.

Many web developers put this in for the "cool" 
factor, or because they can, butseconds provide little value in this 
case.
Darin.


- Original Message - 
From: David Barker 
To: Declude.JunkMail@declude.com 

Sent: Friday, March 04, 2005 10:33 PM
Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude 
Support

Thank you for your feedback. Ihave fixed 
it.Friday night 10:30 pm. What we do too please our customers ;) As for 
the website it is my responsibility and not that of our programmers, so you can 
be confident that this does not reflect our programmers skills.

David B
www.declude.com

  - Original Message - 
  From: 
  Dave Doherty 
  
  To: Declude.JunkMail@declude.com 
  
  Sent: Friday, March 04, 2005 8:53 
PM
  Subject: Re: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  
  Actually, it shows -4 hours. 
  
  
  GMTas I write thisis 01:46 
  The code they use on the pagesubtracts five hours, which results in a 
  value of -4 for the hours. They need to add a line to add 24 if the result is 
  negative. I'm sure it looks fine 19 
  hours a day, though...
  
  And no, it does not giveme a lot 
  of confidence, either, but now that we've aired the problem and the cure, 
  let's see how long it takes to fix...
  
  -d
  
  
  
  
  
  SCRIPTfunction tick() 
  {var hours, minutes, seconds, ap;var intHours, intMinutes, 
  intSeconds;var today;today = new Date();intHours = 
  today.getUTCHours()-5;intMinutes = 
  today.getUTCMinutes();intSeconds = today.getUTCSeconds();
  
  //add 
  this:
  if (intHours  
  0) {
  intHours += 
  24
  }
  
  if (intHours == 0) {
  
  hours = "12:";
  
  ap = "EST Midnight";} else if 
  (intHours  12) {hours = intHours+":";ap = " AM EST is the current 
  time for Declude Support Personnel";} else if (intHours == 12) {hours 
  = "12:";ap = "EST Noon";} else {intHours = intHours - 12hours 
  = intHours + ":";ap = "PM EST is the current time for Declude Support 
  Personnel";}if (intMinutes  10) {minutes = 
  "0"+intMinutes+":";} else {minutes = intMinutes+":";}if 
  (intSeconds  10) {seconds = "0"+intSeconds+" ";} else {seconds 
  = intSeconds+" ";}timeString = 
  hours+minutes+seconds+ap;Clock.innerHTML = 
  timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT
  
  
  
  
  
  
  
  
  - Original Message - 
  From: "Erik" [EMAIL PROTECTED]
  To: Declude.JunkMail@declude.com
  Sent: Friday, March 04, 2005 8:25 
  PM
  Subject: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  Is just my browser, or is Declude's clock 
  on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 
  2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM 
  EST..hope this doesn't reflect in their 2.0 programming 
  code. ;-)---[This E-mail was scanned for viruses 
  by Declude Virus (http://www.declude.com)]---This E-mail came from the 
  Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to 
  [EMAIL PROTECTED], 
  andtype "unsubscribe Declude.JunkMail". The archives can be 
  foundat http://www.mail-archive.com.
  
  

  No virus found in this incoming message.Checked by AVG 
  Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
  3/1/2005

Re: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread David Barker 



Darin,

Check now - is that better? I noticed the flicker 
seemed to only occur in FireFox not IE.

David B
www.declude.com

  - Original Message - 
  From: 
  Darin Cox 
  To: Declude.JunkMail@declude.com 
  
  Sent: Saturday, March 05, 2005 12:20 
  AM
  Subject: Re: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  
  FYI...your clock script flickers 
  needlessly... Instead of refreshing every 1/10 of a second, you might 
  want to change the following line in your clock script
  
  window.setTimeout("tick();", 100);
  
  Torefresh every second...
  
  window.setTimeout("tick();", 1000);
  
  or even strip off the seconds and just display 
  minutes.
  
  Many web developers put this in for the "cool" 
  factor, or because they can, butseconds provide little value in this 
  case.
  Darin.
  
  
  - Original Message - 
  From: David Barker 
  To: Declude.JunkMail@declude.com 
  
  Sent: Friday, March 04, 2005 10:33 PM
  Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude 
  Support
  
  Thank you for your feedback. Ihave fixed 
  it.Friday night 10:30 pm. What we do too please our customers ;) As for 
  the website it is my responsibility and not that of our programmers, so you 
  can be confident that this does not reflect our programmers 
  skills.
  
  David B
  www.declude.com
  
- Original Message - 
From: 
Dave Doherty 

To: Declude.JunkMail@declude.com 

Sent: Friday, March 04, 2005 8:53 
PM
Subject: Re: [Declude.JunkMail] OT: 
Clock Time on Declude Support

Actually, it shows -4 hours. 


GMTas I write thisis 
01:46 The code they use on the pagesubtracts five hours, which results 
in a value of -4 for the hours. They need to add a line to add 24 if the 
result is negative. I'm sure it 
looks fine 19 hours a day, though...

And no, it does not giveme a 
lot of confidence, either, but now that we've aired the problem and the 
cure, let's see how long it takes to fix...

-d





SCRIPTfunction tick() 
{var hours, minutes, seconds, ap;var intHours, intMinutes, 
intSeconds;var today;today = new Date();intHours = 
today.getUTCHours()-5;intMinutes = 
today.getUTCMinutes();intSeconds = today.getUTCSeconds();

//add 
this:
if (intHours 
 0) {
intHours += 
24
}

if (intHours == 0) {

hours = "12:";

ap = "EST Midnight";} else if 
(intHours  12) {hours = intHours+":";ap = " AM EST is the 
current time for Declude Support Personnel";} else if (intHours == 12) 
{hours = "12:";ap = "EST Noon";} else {intHours = intHours - 
12hours = intHours + ":";ap = "PM EST is the current time for 
Declude Support Personnel";}if (intMinutes  10) {minutes = 
"0"+intMinutes+":";} else {minutes = intMinutes+":";}if 
(intSeconds  10) {seconds = "0"+intSeconds+" ";} else 
{seconds = intSeconds+" ";}timeString = 
hours+minutes+seconds+ap;Clock.innerHTML = 
timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT








- Original Message - 
From: "Erik" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 8:25 
PM
Subject: [Declude.JunkMail] OT: Clock 
Time on Declude Support
Is just my browser, or is Declude's clock 
on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 
2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM 
EST..hope this doesn't reflect in their 2.0 programming 
code. ;-)---[This E-mail was scanned for 
viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the 
Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail 
to [EMAIL PROTECTED], 
andtype "unsubscribe Declude.JunkMail". The archives can be 
foundat http://www.mail-archive.com.



No virus found in this incoming message.Checked by AVG 
Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
3/1/2005
  
  

  No virus found in this incoming message.Checked by AVG 
  Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
  3/1/2005

Re: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread Darin Cox 



Ok, you got it.
Darin.


- Original Message - 
From: Darin Cox 
To: Declude.JunkMail@declude.com 

Sent: Saturday, March 05, 2005 1:10 AM
Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude 
Support

You're up late g. Looks good. 
You may want to remove the trailing colon, though.
Darin.


- Original Message - 
From: David Barker 
To: Declude.JunkMail@declude.com 

Sent: Saturday, March 05, 2005 12:58 AM
Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude 
Support

Darin,

Check now - is that better? I noticed the flicker 
seemed to only occur in FireFox not IE.

David B
www.declude.com

  - Original Message - 
  From: 
  Darin Cox 
  To: Declude.JunkMail@declude.com 
  
  Sent: Saturday, March 05, 2005 12:20 
  AM
  Subject: Re: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  
  FYI...your clock script flickers 
  needlessly... Instead of refreshing every 1/10 of a second, you might 
  want to change the following line in your clock script
  
  window.setTimeout("tick();", 100);
  
  Torefresh every second...
  
  window.setTimeout("tick();", 1000);
  
  or even strip off the seconds and just display 
  minutes.
  
  Many web developers put this in for the "cool" 
  factor, or because they can, butseconds provide little value in this 
  case.
  Darin.
  
  
  - Original Message - 
  From: David Barker 
  To: Declude.JunkMail@declude.com 
  
  Sent: Friday, March 04, 2005 10:33 PM
  Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude 
  Support
  
  Thank you for your feedback. Ihave fixed 
  it.Friday night 10:30 pm. What we do too please our customers ;) As for 
  the website it is my responsibility and not that of our programmers, so you 
  can be confident that this does not reflect our programmers 
  skills.
  
  David B
  www.declude.com
  
- Original Message - 
From: 
Dave Doherty 

To: Declude.JunkMail@declude.com 

Sent: Friday, March 04, 2005 8:53 
PM
Subject: Re: [Declude.JunkMail] OT: 
Clock Time on Declude Support

Actually, it shows -4 hours. 


GMTas I write thisis 
01:46 The code they use on the pagesubtracts five hours, which results 
in a value of -4 for the hours. They need to add a line to add 24 if the 
result is negative. I'm sure it 
looks fine 19 hours a day, though...

And no, it does not giveme a 
lot of confidence, either, but now that we've aired the problem and the 
cure, let's see how long it takes to fix...

-d





SCRIPTfunction tick() 
{var hours, minutes, seconds, ap;var intHours, intMinutes, 
intSeconds;var today;today = new Date();intHours = 
today.getUTCHours()-5;intMinutes = 
today.getUTCMinutes();intSeconds = today.getUTCSeconds();

//add 
this:
if (intHours 
 0) {
intHours += 
24
}

if (intHours == 0) {

hours = "12:";

ap = "EST Midnight";} else if 
(intHours  12) {hours = intHours+":";ap = " AM EST is the 
current time for Declude Support Personnel";} else if (intHours == 12) 
{hours = "12:";ap = "EST Noon";} else {intHours = intHours - 
12hours = intHours + ":";ap = "PM EST is the current time for 
Declude Support Personnel";}if (intMinutes  10) {minutes = 
"0"+intMinutes+":";} else {minutes = intMinutes+":";}if 
(intSeconds  10) {seconds = "0"+intSeconds+" ";} else 
{seconds = intSeconds+" ";}timeString = 
hours+minutes+seconds+ap;Clock.innerHTML = 
timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT








- Original Message - 
From: "Erik" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 8:25 
PM
Subject: [Declude.JunkMail] OT: Clock 
Time on Declude Support
Is just my browser, or is Declude's clock 
on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 
2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM 
EST..hope this doesn't reflect in their 2.0 programming 
code. ;-)---[This E-mail was scanned for 
viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the 
Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail 
to [EMAIL PROTECTED], 
andtype "unsubscribe Declude.JunkMail". The archives can be 
foundat http://www.mail-archive.com.



No virus found in this incoming message.Checked by AVG 
Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
3/1/2005
  
  

  No virus found in this incoming message.Checked by AVG 
  Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
  3/1/2005

Re: [Declude.JunkMail] OT: Clock Time on Declude Support

2005-03-04 Thread Darin Cox 



You're up late g. Looks good. 
You may want to remove the trailing colon, though.
Darin.


- Original Message - 
From: David Barker 
To: Declude.JunkMail@declude.com 

Sent: Saturday, March 05, 2005 12:58 AM
Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude 
Support

Darin,

Check now - is that better? I noticed the flicker 
seemed to only occur in FireFox not IE.

David B
www.declude.com

  - Original Message - 
  From: 
  Darin Cox 
  To: Declude.JunkMail@declude.com 
  
  Sent: Saturday, March 05, 2005 12:20 
  AM
  Subject: Re: [Declude.JunkMail] OT: Clock 
  Time on Declude Support
  
  FYI...your clock script flickers 
  needlessly... Instead of refreshing every 1/10 of a second, you might 
  want to change the following line in your clock script
  
  window.setTimeout("tick();", 100);
  
  Torefresh every second...
  
  window.setTimeout("tick();", 1000);
  
  or even strip off the seconds and just display 
  minutes.
  
  Many web developers put this in for the "cool" 
  factor, or because they can, butseconds provide little value in this 
  case.
  Darin.
  
  
  - Original Message - 
  From: David Barker 
  To: Declude.JunkMail@declude.com 
  
  Sent: Friday, March 04, 2005 10:33 PM
  Subject: Re: [Declude.JunkMail] OT: Clock Time on Declude 
  Support
  
  Thank you for your feedback. Ihave fixed 
  it.Friday night 10:30 pm. What we do too please our customers ;) As for 
  the website it is my responsibility and not that of our programmers, so you 
  can be confident that this does not reflect our programmers 
  skills.
  
  David B
  www.declude.com
  
- Original Message - 
From: 
Dave Doherty 

To: Declude.JunkMail@declude.com 

Sent: Friday, March 04, 2005 8:53 
PM
Subject: Re: [Declude.JunkMail] OT: 
Clock Time on Declude Support

Actually, it shows -4 hours. 


GMTas I write thisis 
01:46 The code they use on the pagesubtracts five hours, which results 
in a value of -4 for the hours. They need to add a line to add 24 if the 
result is negative. I'm sure it 
looks fine 19 hours a day, though...

And no, it does not giveme a 
lot of confidence, either, but now that we've aired the problem and the 
cure, let's see how long it takes to fix...

-d





SCRIPTfunction tick() 
{var hours, minutes, seconds, ap;var intHours, intMinutes, 
intSeconds;var today;today = new Date();intHours = 
today.getUTCHours()-5;intMinutes = 
today.getUTCMinutes();intSeconds = today.getUTCSeconds();

//add 
this:
if (intHours 
 0) {
intHours += 
24
}

if (intHours == 0) {

hours = "12:";

ap = "EST Midnight";} else if 
(intHours  12) {hours = intHours+":";ap = " AM EST is the 
current time for Declude Support Personnel";} else if (intHours == 12) 
{hours = "12:";ap = "EST Noon";} else {intHours = intHours - 
12hours = intHours + ":";ap = "PM EST is the current time for 
Declude Support Personnel";}if (intMinutes  10) {minutes = 
"0"+intMinutes+":";} else {minutes = intMinutes+":";}if 
(intSeconds  10) {seconds = "0"+intSeconds+" ";} else 
{seconds = intSeconds+" ";}timeString = 
hours+minutes+seconds+ap;Clock.innerHTML = 
timeString;window.setTimeout("tick();", 100);}window.>/SCRIPT








- Original Message - 
From: "Erik" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, March 04, 2005 8:25 
PM
Subject: [Declude.JunkMail] OT: Clock 
Time on Declude Support
Is just my browser, or is Declude's clock 
on:https://www.declude.com/SearchResults.asp?Cat=5Off? In CET (Central European Time) of 
2:15AM, their clock shows 4:15AM ESTwhen it should be showing 9:15PM 
EST..hope this doesn't reflect in their 2.0 programming 
code. ;-)---[This E-mail was scanned for 
viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the 
Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail 
to [EMAIL PROTECTED], 
andtype "unsubscribe Declude.JunkMail". The archives can be 
foundat http://www.mail-archive.com.



No virus found in this incoming message.Checked by AVG 
Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
3/1/2005
  
  

  No virus found in this incoming message.Checked by AVG 
  Anti-Virus.Version: 7.0.308 / Virus Database: 266.5.7 - Release Date: 
  3/1/2005