Hi Scott,
This is interesting. It slipped through my
filtering since we prepend the Subjectwith "SPAM[" and filter client-side
to ensure delivery of all valid email. However, with this one there's no
Subject line to prepend to.
What about a stronger test than BADHEADERS like
HOLD or DELETE weights? That would have been deleted on my
servers. It has a weight of 39.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Saturday, January 24, 2004 7:29 AM
That's a totally different issue. A blank subject would still have a line
in the headers.
In this case there is actually no header line for the subject at all, blank
or otherwise, which may be why it triggered the BADHEADERS test.
Darin.
- Original Message -
From: Dave Doherty [EMAIL
I second that. We are still on the 1.75 release, and depend on the Msg
Failed in LOGLEVEL LOW to compile stats on filtering without creating
especially large log files.
Or am I misunderstanding and the Msg Failed line will remain in LOGLEVEL
LOW?
Darin.
- Original Message -
From:
Scott,
What do you think about creating the Subject line if it doesn't exist. I
too prefer just to mark the subject line, rather than any holding or
deleting.
Could we put this in as a feature request?
Darin.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Hmmm...Where does the problem lie, Declude or
IMail? Has it been fixedin post-1.75 Decludeorpost-8.01
IMail?
These account for about half of the 6% of spam that
slips through my current weighting.The rest I don't currently have
tests for, but fixing this alone would improve my results to
Anyone know anything about DRCI Inc. (www.drci.us)?
I have a hosting customer who signed up with them
(without my knowledge) to send out a mailing to a supposedly opt-in list.
The testemailslooked pretty suspiciouswith the two-domain
pattern (tin*eil*.com and getgre*atstuff*.com ...
Thanks, Matt. I had followed the links to see
the link to Pexicom and the large IP blocks. Hadn't checked Senderbase
yet, though.
Also, thanks for the insight into SBL.
I guessa flip side of the question might
be...are there any legit, truly opt-in,commercial bulkmailers out
there? You
Hmmm... so 200+ copies of the $default$.junkmail, each with a single
WHITELIST TODOMAIN corresponding to the domain in question, and matching
redirect lines?
In searching the archives before posting the question, I noticed that you
mentioned around the 1.5x release mark that the limit would be
The REDIRECT command in the \IMail\Declude\$default$.JunkMail file lets you
avoid all those files. :)
Hmmm...so you're suggesting creating N/200 files with different sets of 200
WHITELIST TODOMAIN lines in them? Good idea.
Thanks Scott.
Darin.
- Original Message -
From: R. Scott
Gotcha...thanks, Scott.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, February 07, 2004 10:23 AM
Subject: Re: [Declude.JunkMail] Whitelisting more than 200 TODOMAINs
The REDIRECT command in the
That's what we do and it works well. I believe it's the recommended means
of whitelisting, by negative weighting instead of explicit whitelisting. It
also addresses the 200-limit for whitelisting.
Darin.
- Original Message -
From: Bud Durland [EMAIL PROTECTED]
To: Declude List [EMAIL
Yes, Nick. I am aware... what I was saying is that putting the whitelist
entries in a separate file addresses, or bypasses, the 200 cap in the
Global.cfg.
Darin.
- Original Message -
From: Nick Hayer [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 11, 2004 11:54 AM
Well...I called in to join the fight...but checked the site while I was on hold and it
looks like they've finally taken it down...so I hung up.
Darin.
- Original Message -
From: Kevin Bilbee
To: [EMAIL PROTECTED]
Sent: Saturday, February 14, 2004 12:56 PM
Subject: RE:
: [Declude.JunkMail] New Phishing Scam
Still running from my end. I turned caching off on my machine.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox
Sent: Saturday, February 14, 2004 10:04 AM
To: [EMAIL PROTECTED
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Saturday, February 14, 2004 01:04 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] New Phishing Scam
Well...I called in to join the fight...but checked the site while I
was on hold and it looks
I think the general recommendation is to use the 32-bit command line version
instead. Check the Declude Virus manual for syntax.
For updating, there have been several contributions to the community to
automate the update for servers (not logged in): Checkout
http://www.declude.com/tools/ under
We've been running MS DNS for years with no problem...except when our
upstream DNS started flaking out, at which point we switched to using
Verizon's big honking (technical term) DNS servers.
Darin.
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
BTW, we could implement all of this AND, OR, NOT functionality currently by
1. Assigning a unique power of 2 weight to every test (e.g. 1, 2, 4, 8, 16,
32, ...)
2. Setting up weightmatch and/or weightrange tests to perform an action for
each desired combination (e.g. weightmatch on a weight of 9
Hi Scott,
I just switched to LOGLEVEL MID to get more info
for reporting and was puzzled by a couple of things:
1. Domains that are whitelisted for incoming mail
seem to still be tested:
02/22/2004 10:27:14 Qca3e0543037a1ab3 WARNING: DNS
server 10.0.0.32 returned a SERVER FAILURE error
Thanks, Scott.
What problems might we see if using SWITCHRECIP ON?
I looked through the archives, but only saw a couple of vague references to
it not working or a test failing. It would be nice to know what pitfalls we
may encounter before putting it into productiongrin.
Also curious as to
Gotcha...I'll try it and let you know what happens...
Thanks, Scott.
Anyone else had any success or problems using SWITCHRECIPS ON?
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 22, 2004 3:17 PM
Subject: Re:
it right after LOOSENSPAMHEADERS ON...
Single or multiple tab vs. single or multiple space between SWITCHRECIPS and
ON? I have a single space in there...
Any ideas?
Darin.
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 22, 2004 3:27 PM
SWITCHRECIP ON.
-Scott
At 10:58 PM 2/22/2004, Darin Cox wrote:
Well, SWITCHRECIPS ON in the global.cfg isn't causing Declude JM to
report the intended address instead of the actual address for me with
1.75...I'm still seeing external addresses for the TO address in the log..
Does
That did it...Thanks, Scott.
Might want to correct the manualgrin
Darin.
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, February 23, 2004 9:52 AM
Subject: Re: [Declude.JunkMail] Questions about LOGLEVEL MID
Hmmm...the manual says
Did you leave both UDP and TCP for port 53 open? DNS uses both.
Darin.
- Original Message -
From: Jeff Kratka [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 25, 2004 7:56 PM
Subject: [Declude.JunkMail] TCP/UDP ports
I know I have missed something here but I'll
Try setting it to go to username-NUL rather than
just NUL. Note that you don't need the mailbox for this, just put in the
nobody alias to directto username-NUL.
Darin.
- Original Message -
From: Joe Wolf
To: [EMAIL PROTECTED]
Sent: Thursday, February 26, 2004 9:16 AM
Subject:
Ok, bad terminology, but that's what I thought. Thanks for the
confirmation, Sandy.
Darin.
- Original Message -
From: Sanford Whiteman [EMAIL PROTECTED]
To: Darin Cox [EMAIL PROTECTED]
Sent: Thursday, February 26, 2004 1:18 PM
Subject: Re[2]: [Declude.JunkMail] Imail nul
Does
Only problem I see with that is valid business email where a user mistyped
the email address of the recipient. Without getting the Unknown User
response, they assume the recipient got the message. My business customers
would hate a change like this as their customers continually make up their
Scott,
I'm on 1.75, with LogLevel MID.
In parsing the JM log, I noticedthe oddity
below
02/27/2004 00:03:26 Qcf9a013b030eb667 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 141.158.231.134 ID:
061A40A1F2
02/27/2004 00:03:26 Qcf9d01b00336bec4
nNOLEGITCONTENT:-3 . Total weight =
Thanks, Scott.
BTW, I have to throw away lines occasionally because of intermittent CRs
that cause problems with parsing. For my log parsing, I initially tried to
use SQL Server DTS to isolate fields and parse from there, but SQL would
merge two lines together at times because of a related
Hmmm...I'm seeing occasional control characters in non-subject lines, as
well as the EOL problem where the CRLF gets mangled.
However, I'm not seeing the mixed lines problems that others have
reported...probably because of lower load on our system.
I've attached a few log snippets to illustrate
Whoops...missed the Msg Failed lines were moved to LOGLEVEL HIGH in 1.78.
Still would like input on the CR CR LF problem, though.
Darin.
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 29, 2004 5:43 PM
Subject: Re: [Declude.JunkMail
Ok, I'll test it out and let you know.
Thanks, Scott.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, February 29, 2004 8:11 PM
Subject: Re: [Declude.JunkMail] Possible Missing JM Log lines in 1.75
Still would like input on the
Get Declude Virus. It allows banning of files by extension. Scott also
recently added the ability to ban encrypted zips (Standard version) and
extensions within zips (encrypted or otherwise - PRO version). An
inexpensive virus scanner like F-Prot or AVG and you're all set.
Darin.
-
Posting sample headers to this list usually comes back with quick, helpful
results...
Also, it sounds like you have a nobody alias on the recipient domain. You
might want to remove that and add whatever aliases you need. They're
generally a bad idea these days for reason of the very problem
Hmmm...so no chance of an envelope rejection when it's destined for valid
email addresses. Anyone heard of envelope rejection by subject word/phrase?
That could be useful in the future as they get more nimble. Perhaps even
Bayesian filtering on it...
Darryl, it looks like there's no choice but
Very cool...thanks, G.
Darin.
- Original Message -
From: Gerald V. Livingston II [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 12:20 AM
Subject: Re: [Declude.JunkMail] 2,000,000 + emails today
On Wed, 10 Mar 2004 22:44:31 -0500
Darin Cox said something about
stated earlier, knowing me I have something wrong on some
shi**y little setting I have not looked at in years and its causing a
problem now.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Wednesday, March 10, 2004 10:45 PM
To: [EMAIL
Hi Matt,
As Darrell pointed out, short-lived processes are problematic to monitor as
it's difficult to get a continuous aggregate read for a particular type of
process.
If you're just looking for more general statistics on processor, IO,
storage, RAM, etc. it works quite well to log it to a SQL
Nope.
Darin.
- Original Message -
From: Doris Dean [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, March 17, 2004 4:58 PM
Subject: Re: [Declude.JunkMail] Fprot
I have been having this problem as well ... if I make the change do I have
to reboot or stop and start anything ???
other things.
Thanks,
Matt
Darin Cox wrote:
Hi Matt,
As Darrell pointed out, short-lived processes are problematic to monitor as
it's difficult to get a continuous aggregate read for a particular type of
process.
If you're just looking for more general statistics on processor, IO,
storage
We use PIX firewalls. As Todd said, the idea is to block everything by
default, then open up what you specifically need. Then you just have to
keep up with the critical patches for the services you have open.
As far as I know, no exploit has come out sooner than a month after a patch
for the
While we're working on config files, how about per-domain virus configs?
hint, hint...grin
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, March 25, 2004 7:26 PM
Subject: Re: [Declude.JunkMail] Enchancment suggestion
I was
Don't know if the passwords are a one-way hash or not, but there are loads
of tools to enumerate the registry keys and values for SQL Server. SQL
itself has xp_instance_regenumkeys and xp_instance_regenumvalues that you
can use. You might be able to just copy over the info without decrypting
and
We just use a negative weight list, and add new
domains to the list as needed. Note that it's not a good idea to have any
of your hosted domain in the negative weight list, or ISP domains such as aol,
yahoo, msn, etc. as you'll just end up letting a lot of spam through that
way.
Yep...We use it with Kiwi for logging. Didn't give us everything we wanted
though (for monitoring bandwidth needs of various servers), so we now use
logging from managed switches instead.
Darin.
- Original Message -
From: Todd Holt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
The Pix doesn't log the hostname...at least not the 515s we usually work
withonly the IP address.
Darin.
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, March 30, 2004 5:47 PM
Subject: RE: [Declude.JunkMail] OT: Internet Usage
Probably need to use cscript to call the vbs file
like "cscript filesize.vbs d0smd"
Also, it would probably be much better to compile
this into aC++ or C#/VB.net console app. Interpreted code like this
runsa lotslower than compiled. Haven't done tests for this in
the past couple of
Hi Matt,
WScript.Quit(errorlevel) is the correct command
within your script. The problem is that you probably need to explicitly
call cscript and pass it the vbs script name as mentioned before. Cscript
is always used to process WScript or VBScript, but depending on your
environment, you
Hi Matt,
What we're saying is totry this
EXTERNALTEST
external 30 "cscript.exe
C:\IMail\Declude\test.vbs" 0
0
instead of
EXTERNALTEST
external 30
"C:\IMail\Declude\test.vbs" 0
0
Not sure, but you may have to provide a path to
cscript.exe. It should be in the
Glad it's working now.
There's a significantly different object model in .NET, so you'll have to
rewrite the file access portions to use the new objects... and you
obviously have to have the framework deployed on the server to use it, but I've
been very pleased over the past couple of
Definitely,
I see this as primarily being used in two
ways
1. Reduce false positives by negative weighting
larger filesmaybe...
2. Stopgap for new viruses until new definitions
are released by check for file size ranges (assuming a particular virus always
sendssimilar file sizes).
Hmmm...looks like a reference to the 7th Crusade which lasted from
1248-1254. Like all of the other crusades, it was launched in the hopes of
finding the Golden Windows or, as some call it today, the Holy Grail.
We see the clear reference to Windows, or Grail, but some Latin and/or
Spanish
So are you saying this has nothing to do with the 7th Crusade
a little strange humor after a strange night
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 08, 2004 2:48 PM
Subject: Re: [Declude.JunkMail] Translate
You're just baiting me to see if I'll go wacko again, aren't you? SPAM,
HAM...must resist...
From what I've seen, it's still a very useful test for reducing false
positives.
Darin.
- Original Message -
From: Goran Jovanovic [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday,
We did. Waiting to see what Tom decides...
Darin.
- Original Message -
From: Frederick Samarelli [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 12, 2004 11:50 PM
Subject: Re: [Declude.JunkMail] Spamreview
Has anyone responded to this.
It is a great program... I wish I
The first is something we've really wanted as well...tracking to help tune
detection settings.
The second is a good idea we will consider if/when Tom releases the code.
Darin.
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, April 13,
Hi Bill,
Haven't tried this new version, but recently tried the old one and it is
very useful. Thanks.
Question for you: It looks like it counts whitelisted email in the total
percentages. Is this so? Might be useful to add a line showing what
percentage is whitelisted, or just exclude
Title: Message
Zoomerang is a well-known survey engine...looks
legit to me.
Darin.
- Original Message -
From: Sharyn
Schmidt
To: 'Declude Junkmail List'
Sent: Thursday, April 15, 2004 7:19 AM
Subject: [Declude.JunkMail] FW: ATT Customer Satisfaction
Survey
Good
morning,
I
Title: Message
I could be wrong, but I disagree. I've seen a
number of legit surveys run by zoomerang...and legit marketing messages
delivered by postsnet.com.
Darin.
- Original Message -
From: Colbeck,
Andrew
To: '[EMAIL PROTECTED]'
Sent: Thursday, April 15, 2004 10:50 AM
Sandy,
Good points. However, some may prefer just to add a test or two rather than
add SA. Plus specialized tests may run more quickly via specific parsing
than a general regexp engine. Or some may just prefer not to implement
cygwin on their machines (I seem to remember it being necessaary to
Sandy, I thought you were an east-coaster...you should get some sleep!
grin
Darin.
- Original Message -
From: Sanford Whiteman [EMAIL PROTECTED]
To: Matt [EMAIL PROTECTED]
Sent: Monday, April 19, 2004 3:43 AM
Subject: Re[2]: [Declude.JunkMail] Mark vs Hold vs Delete
First, if you
Matt has a file size filter that he has generously contributed to the
community...you should be able to find it easily in the archives.
For filename, use BANEXT in Declude Virus. I don't believe there is a
combined test, but you could structure your weighting as a binary system
(result of 1 for
Some very good ideas here. Thanks, Pete.
Darin.
- Original Message -
From: Pete McNeil [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, April 22, 2004 1:49 PM
Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting
At 12:16 PM 4/22/2004, you wrote:
With the
Dan,
Individual tests do not false positive (unless they are poorly conceived).
The term False Positive in relation to spam filtering means a message that
was tagged as spam (with Declude this usually results from failure of
multiple tests), but is in reality a legitimate email that needs to be
It would be useful with SpamReview...perhaps by truncating the subject at N
characters and appending the SUBJECT message after that.
If we get our hands on Tom's code, or write a spam review utility ourselves,
we'll probably have separate grid columns for some of the common header
addtions, like
Guess we can't sing Monty Python songs then, can
we?
Darin.
- Original Message -
From: Matt
To: [EMAIL PROTECTED]
Sent: Thursday, April 22, 2004 3:58 PM
Subject: Re: [Declude.JunkMail] Scaling Up The Declude Weighting
System
I call them false positives, big whoop. I think people
We've run Windows DNS (on our mail server as well) for several years with no
problems. I haven't ever seen a performance comparison of Windows DNS vs.
BIND, though.
Scott, what's your rationale behind recommending BIND instead?
Darin.
- Original Message -
From: R. Scott Perry [EMAIL
Good to know. Hadn't heard of problems with Windows DNS, but had heard of
security issues with BIND.
The one thing I don't like about Windows DNS is the inability to enumerate
subdomains without manually parsing the zone files. Not sure what BIND has
now in terms of programmatically
PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Darin Cox
Sent: Friday, April 23, 2004 8:20 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities
Good to know. Hadn't heard of problems with Windows DNS, but had heard of
security issues with BIND
The first one did show up...
Darin.
- Original Message -
From: Kami
Razvan
To: [EMAIL PROTECTED]
Sent: Wednesday, May 12, 2004 10:16 AM
Subject: [Declude.JunkMail] bypasswhitelisting?
-- 2nd attempt-
sometimes postings do not show up.
Hi;
I am trying to
understand how this
Please understand that I hold you in the highest regard..grin
Surely you know which interim you have available when you post to the list
that something is added or fixed in the latest interim?
I think what Markus is asking here is just that when you post that something
is fixed in the latest
hehe...he said do do.
Understood on old features...just saying that was fixed previously (thus
contained in the newest interim) *and* including the number of the latest
interim will go a long ways.
Darin.
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL
Ouch, that's not good. Don't like logs that I don't know about and could
later cause disk space issues...especially logging to the system drive.
Thanks for bringing this up, Serge.
Scott, can this be disabled? Or at least moved?
Darin.
- Original Message -
From: serge [EMAIL
Make sure the primary allows the secondary's IP to
pull it, and the secondary has the correct IP for the primary. Other than
that, it would most likely be a connectivity issue.
Darin.
- Original Message -
From: serge
To: [EMAIL PROTECTED]
Sent: Saturday, May 08, 2004 12:39 AM
: Re: [Declude.JunkMail] Secondary DNS, MS, TXT
Other records are transfering ok.
only problem is iwith TXT records.
- Original Message -
From:
Darin Cox
To: [EMAIL PROTECTED]
Sent: Saturday, May 08, 2004 3:32
PM
Subject: Re: [Declude.JunkMail] Secondary
DNS, MS, TXT
Try SpamReview...
http://www.slsoft.com/spamreview.htm
Darin.
- Original Message -
From: Patrick Allison [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 06, 2004 2:14 PM
Subject: [Declude.JunkMail] Email viewer
Hi All,
What app are you using to view emails that have
This is a thank you to Scott and his team for all
of the great features in JM.
We havea few customers who relay all of their mail to a AOL accounts,
insist onnobody aliases,and don't want filtering. One of these
hadn't checked email in months and started today, clicking the AOL SPAM button
You can mimic this functionality by setting up distinct binary weights for
each test and defining actions by weightrange.
e.g. Tests have weights of 1, 2, 4, 8, 16, ... so every total weight can be
decomposed. With this scheme the weight is really no longer a weight, but
instead is a bit flag of
proxy test.
No reply.
-Dave
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, May 01, 2004 9:23 AM
Subject: Re: [Declude.JunkMail] NJABL:NJABL Open Relay / Dynamic IP Conflict
This is a common occurrence with dynamic IPs. Some spammer sends
This is a common occurrence with dynamic IPs. Some spammer sends while he
has it or it's an open proxy, then someone else gets the IP and is penalized
for the previous activity.
I think what you're suggesting is that there needs to be some sort of
age-out mechanism for blocks against dynamic
I'd like to have the Last Action line in the log
moved from LOGLEVEL HIGH to LOGLEVEL MID to reduce the size of logs but still
have an easy indicator as to what was done with the message. Would help
greatly with log parsing at MID level, I think.
Anyone agree or disagree with
this?
Darin.
Gotcha. Thanks, Matt.
I have another one: Adding a line to record
sender IP/hostname to the log. Could be useful both for log reports
andfor building our own sender lists.
Also, I've been thinking of some additional tests
and considering writing some external tests where needed.
1. If
Anyone else seeing duplicate sets of logfile
entries? The FROMline changes, but everything else is the
same. Each subsequent FROM line has an additional TO address before the
IP.
Darin.
on recipients.
Darrell
-
Check out http://www.invariantsystems.com for utilities for Declude and
Imail
Products.
Quoting Darin Cox [EMAIL PROTECTED]:
Anyone else seeing duplicate sets of logfile entries? The FROM line
changes,
but everything else
Can someone clue me in as to why people send test
messages to the list, and then why others reply to the _entire_ list, instead of
just to the individual?
If you have to reply, how about replying only to the individual?
Darin.
Nope. It's up.
Darin.
- Original Message -
From: Jeff Maze [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, May 17, 2004 10:30 AM
Subject: [Declude.JunkMail] [OT] Declude Web Site - is it down?
Was just wondering if anyone else can bring up the Declude website. I'm
updating my
If you need it, try backup.dnsstuff.com
Darin.
- Original Message -
From: Bruce Loughlin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, May 17, 2004 11:04 AM
Subject: RE: [Declude.JunkMail] [OT] Declude Web Site - is it down?
I just happened to go to dnsstuff.com and received
https://secure.f-prot.com/cgi-bin/buy
The DOS version is the one with the command line scanner if that isn't
obvious. If you buy the Windows version, you get the DOS version as well.
Darin.
- Original Message -
From: Aaron J. Caviglia [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
the simplest approach and FTP and unzip the signature files
hourly.
Darin.
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 18, 2004 10:27 AM
Subject: RE: [Declude.JunkMail] f-prot
Darin Cox wrote:
The DOS version is the one
I know Scott's out (hope he's enjoying it!), but
wanted to post this one while I was thinking about it.
I would like to be able to group tests together and
give a weight to the group rather than the individual tests. That way if
one or multiple tests fail, only one weight is added.
This
Yes, but only for Pro licenses and custom filtering. Using weighting groups
could allow Standard licenses to do this, as well as being much faster than
text processing.
Darin.
- Original Message -
From: Nick Hayer [EMAIL PROTECTED]
To: Darin Cox [EMAIL PROTECTED]; [EMAIL PROTECTED
True...but that only works for Pro licenses (for test filtering), which
those on Standard can't use. Also, this sort of group weighting would be
much more efficient than text matching.
Darin.
- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
Correct me if I'm wrong, but you can also use the ipfile test to block
sender's IPs. While the fromfile works well if the sender domain matches
the from domain, we also use the ipfile where spammers are registering new
domains constantly for their from address, but not rotating their
mailservers
SWITCHRECIP ON
Darin.
- Original Message -
From: Matt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, May 25, 2004 5:14 PM
Subject: [Declude.JunkMail] Using the RCPT To domain instead of what's
resolved to.
I recall someone indicating that this was possible. By default,
Me three... via RR or GTE BBN DNS.
Darin.
- Original Message -
From: Kevin Bilbee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 02, 2004 12:49 PM
Subject: RE: [Declude.JunkMail] Where is ARIN?
I can not get there either. I am on an ATT T1.
Kevin Bilbee
You have to turn it off in several places for each non-virtual domain, that
is each domain with its own IP address.
So, from IMail Administrator, under localhost | Antispam disable all DNS
blacklists. Then under each domain with an IP go to Antispam and disable
everything on all four tabs.
Does %ALLRECIPS% do what you want?
Darin.
- Original Message -
From: Roderick A. Anderson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 04, 2004 1:53 PM
Subject: [Declude.JunkMail] %TO% variable
After searching the list archives, documentation and doing a test or two
Why don't you just report on the Declude logs? Then you can parse it to see
how many spam and non-spam messages are sent and received.
Darin.
- Original Message -
From: Lyndon Eaton [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, June 07, 2004 9:34 AM
Subject: RE:
1 - 100 of 752 matches
Mail list logo