You'll want to fetch this zipped version:
https://www.declude.com/version/extras/IP/all_list.zip
Inside is the all_list.dat dated April 7th, 2013.
Make a backup copy of your existing all_list.dat, and then overwrite it with
the all_list.dat inside that zip file download.
Andrew.
If you upgraded to Declude 4.11.09 to avoid the AVG licence issue, you’ll find
that it was a bandaid, and that build’s usefulness also expired
contemporaneously with David and Linda’s employee status, on January 31, 2013.
C:\IMailstrings decludeproc.exe| grep LicBeg
LicBeg, Ver=1.1,
What we really need is a test that would do a whois... and that would identify
newly registered domains.
Dave, I'm not sure what further you're after, as you specifically mentioned
spameatingmonkeys.com and one of their tests seems to fit your bill exactly:
but got no response and
couldn't find any other contact information.
Anyone able to correct or illuminate me?
Thanks,
Ben
- Original Message -
From: Colbeck, Andrew mailto:acolb...@bentallkennedy.com
To: Declude.JunkMail@declude.com
Sent: Wednesday
Ben, check the archive website here
http://www.mail-archive.com/declude.junkmail@declude.com/ for the mail you’ve
missed.
Andrew.
From: SM Admin [mailto:imailad...@bcwebhost.net]
Sent: Tuesday, March 05, 2013 10:10 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] why
I took a further look this morning, I have 116 samples from 113 unique
IP addresses from Jun 30 through Jul 03 inclusive.
These really are from Yahoo! and are digitally signed.
The Message-ID really are unique as they should be, and they should be
constructed by a Yahoo! server, possibly based
If you know the header contains an exact string on a single line:
HEADERS 1 PCRE (?m:^Message-ID:blahblahblah)
Set the score weight as you like.
If you want to do a case-insensitive search, change ?m: to ?im:
If the text inside the blahblahblah would match regexp reserved strings,
I don't see anything wrong there, Scott.
When I run it through The Regex Coach, I did have to remove the spaces
at the end of the line in your email and then it did work. So, make sure
there is no whitespace at the end of the line in your test file? Make
sure the filter file really is running and
Don, if it's the I/O speed of an SSD that catches your interest, and
have RAM to spare (and some CPU), you could try a free virtual hard
drive (up to 650 MB) from StarWind:
http://www.starwindsoftware.com/high-performance-ram-disk-emulator
This would be an easier experiment than installing an
Rick, you have a space between the colon and the YES and, if I remember
correctly, AOL does not put a space there.
#Email from AOL which they believe is spam
HEADERS 0 CONTAINS X-SPAM-FLAG:YES
On the other hand, there is a case-sensitive flavour that comes out of
SpamAssassin, and AOL
Sometimes a cigar is just a cigar.
Look at the order of your lines. You have a duplicate pair of weight4
lines between your 7 and 8 pair.
Andrew 8)
-Original Message-
From: IMail Admin [mailto:imailad...@bcwebhost.net]
Sent: Wednesday, August 17, 2011 4:56 PM
To:
Rich, PCRE searches against BODY can be very expensive, particularly when you
do a .* expression, which will try to match very long strings.
You can give your CPU a break by changing .* to a judicious text size
restriction e.g. .{5,100}
body 0 PCRE (?i:^http\:\/\/.{5,100}\.(html|htm|php)$)
For what it's worth, I still test against REVDNS and it's never been
worth a HOLD action all by itself.
I score it at 25% of my HOLD weight threshold.
Reverse DNS lookups can go through a lot of lookups; if their DNS is too
slow and doesn't respond, you will inadvertently score against them
Dave, the target IP address is a really old spammer block according to
SpamHaus:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL79159
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL79123
Do you have a URL scanner? It should have picked off this one sample.
Besides the Zero Day component of
From: Colbeck, Andrew acolb...@bentallkennedy.com
Sent: Wednesday, December 08, 2010 5:52 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo
and other free account blacklisted servers
Thanks, Pete and Scott.
As always, Pete
[mailto:supp...@declude.com] On Behalf Of Colbeck,
Andrew
Sent: Thursday, December 09, 2010 12:26 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Large amount of hotmail, msn, aol, yahoo and
other free account blacklisted servers
Harry, the snippet I included was the literal text, you
servers
On 12/6/2010 2:47 PM, Colbeck, Andrew wrote:
I have the same position as Scott.
I find that the MessageSniffer product from ARM Research is the most
reliable test
snip/
Hotmail in particular would be less effective for the bad guys if I
had an
antispam tool that would determine from
I have the same position as Scott.
I find that the MessageSniffer product from ARM Research is the most reliable
test at catching spam from freemail accounts. Second best is a URI product, but
much of the spam from freemail accounts is scam text that doesn't have a URL,
or the spammer
Flavour of the day:
Relevant bits of the header:
Received: from payoff.all-debt-forever.com [173.192.161.27]
Subject: Stay on top of your credit report
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Header has DKIM.
Network allocation
David, are you there?
The FROMNOMATCH test introduced in 2006 checks whether the MAILFROM
matches the From: header.
I suggest an enhancement to reduce false positives: that the FROMNOMATCH
is suppressed if the Sender: header line is present.
The Sender: header line is used to indicate that
I wrote a batch file once on a number of the exchange servers that used
VBS and LDAP to generate a list of valid exchange recipients and then
FTP them to the server where a CF script parsed it clean.
Michael, it sounds like you were most of the way there.
Alligate does have the feature you
It may have been down when you looked, Andy. It's up now.
Also, I like to use this 3rd party for an instant second opinion:
http://downforeveryoneorjustme.com
Andrew 8)
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy
Schmidt
I'm replying here so as not to clutter the announcement thread.
The rationale for not using 127.0.0.1 is that the DNSBL is reflexive,
and 127.0.0.1 is conventionally resolved as localhost and querying for
localhost in a DNSBL is wrong, wrong, wrong.
Expanding on that, the 127.0.0/8 network for
Matt There aren't that many RFC hawks around here these days :)
... The wikipedia entry points to an early work, this draft:
http://tools.ietf.org/html/draft-irtf-asrg-dnsbl-08
Pete Odd that nobody complained about it before.
I hadn't implemented it yet... And I'm a complainer.
Andrew ;)
I'm another Alligate fan on the Windows platform. It is a very smart and
effective product.
I have conservative settings that stick close to the defaults and my
configuration rejects 80% of the inbound connections.Before I
implemented Alligate, my Declude was hurting because of my large filter
Here's the answer, Todd.
http://www.mail-archive.com/imail_fo...@list.ipswitch.com/msg103112.html
It's an old problem with CBL and IMail. Certainly, CBL is at fault and
by now they should have at least taken up SPF record checking to weed
out false positives. I just checked your SPF record and
Perhaps suing your partners is a Rich Person(tm) idea of good Corporate
Stewardship(tm). It certainly is a far cry from supporting, promoting,
and improving the product line, you know, the normal way a company Earns
Money(tm).
Andrew.
From: [EMAIL
One thing, Serge.
You don't need both TXT records. The one called mail is useless.
p.s. here's yet another SPF record checking website
http://www.kitterman.com/spf/validate.html
Andrew.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Serge
Sent:
, 2008 6:15 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Mail Pre-Processor recommendations
Colbeck, Andrew wrote:
I use Alligate from Solid Oak Software, and I like it a lot.
as do I.
The really slick part is how it reduces bandwidth - it *very* accurately
distinguishes
I use Alligate from Solid Oak Software, and I like it a lot.
On my primary gateway, I received just shy of 500,000 connections in the
last 24 hours, and my Declude only had to see 4% of that traffic. Yes,
4%.
I'm spending less time doing clever things in Declude, because Alligate
is
Definition of: ohnosecond
That tiny fraction of a second it takes for you to realize you've just
made a big mistake on the computer. For example, you just clicked No
when prompted to save the document you've been composing all day. Or,
you just clicked Send, and forgot to delete the profanity
David Barker said:
DEC ADD Added date, Time, Email, Spool name, Weight and Tests
failed
to the BLKLST log
Dave, the what log?
Andrew.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of David Barker
Sent: Thursday, March 27,
PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] 4.4.00 Released
Andre -
Colbeck, Andrew wrote:
David Barker said:
DEC ADD Added date, Time, Email, Spool name,
Weight and Tests
failed
Symantec says that backscatter-as-deliberate-spam-technique is back in
vogue. See their April State of Spam Report
http://www.symantec.com/enterprise/security_response/weblog/2008/04/post
_8.html
Andrew.
From: [EMAIL PROTECTED] [mailto:[EMAIL
Alexander, you are really citing two problems with your scale and
performance.
The first is that you have older hardware and lots of mailboxes. Where
do your CPU and disk spend their time? On antispam, or on servicing
connections and mailboxes?
The second is that your spam detection is less
Chuck, was it just the prc.tqmcube.com that returned these?
I see on their own RBL checker web page that only the Peoples Republic
of China zone returns this error.
When I query their servers for a few test IPs, including 127.0.0.2, I
don't get an error or a positive response, everything fails.
And as a further best practice to what Matt is advising, I'll mention
that ideally you want to send all outbound mail from an IP that is
different from your inbound gateways. And that your outbound bulk mail
would be separate from both.
Andrew.
-Original Message-
From: [EMAIL
off for now.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck,
Andrew
Sent: Thursday, February 21, 2008 12:58 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail
(another country heard from)
David... Chuck... the MAILFROM is going to filter based on the
server-side conversation (i.e. for IMail users, it will be the value
from the Q*.smd file, not any text in the D*.smd file).
The example that Chuck gave is going to be the From: line in the message
If it is going on all the time, use the command line and issue:
netstat -b
which will show you the executable name and the connection.
If you need to narrow down the TCP connection over a longer period of
time, use the free TCPView from Sysinternals dot com (now a Microsoft
Technet site).
Happy Holidays, David!
How about a shiny new all_list.dat to ring in the New Year?
Andrew.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at
Hello, Serge.
I'm happy to chime in here, but let me start off with saying that you
will get divergent opinions here, and that nobody will be absolutely
right, as our answers are coloured by own experiences, and each
implementation is unique.
I'll also start off with asking you for your current
Bonno, you can do this, but probably not in a single filter file.
A couple of key points for advanced filter file usage:
You can define weights per tests in a filter file, and you can assign
weight to a whole filter file, and these weights are cumulative.
You can trigger a filter file even
Well, the easy part is answering your question about the domains.
Each of the payload domains was registered today, so whatever service
you're using to look up the registrations is probably using a database
at least a day behind.
I use (for example) this site to my satisfaction:
FYI, both SORBS and UCEPROTECT stopped mirroring APEWS due to the low
quality of the list.
Also, the SANS ISC recently diarized an issue with the APEWS using one
of their sources in a manner they do not recommend:
http://isc.sans.org/diary.html?storyid=3189
Andrew.
Here are two links from antivirus vendors that describe the template the
Storm botnet has been putting out. These should be very useful in
crafting regexp to catch them all based on their body text.
http://www.f-secure.com/weblog/#1255
http://www.f-secure.com/weblog/#1255
That's good news, David.
Thank you for supplying updates proactively.
Andrew.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of David Barker
Sent: Thursday, August 16, 2007 11:52 AM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail]
Chuck, it probably only means that your Declude configuration is
effectively blocking the major spammers, and that the cases you are
chasing are fresh zombies on networks whose registrations are handled by
RIPE or APNIC, and that you need to refer to them for the specific
information.
If a zombie
Effing spammers?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Scott Fisher
Sent: Tuesday, July 03, 2007 9:57 PM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Country code
I'm
Scot, my eyes water when I look at a long regexp.
So without trying to work out that specific PCRE syntax, I'll suggest
two things:
1) Make a generic detection that finds zero or more junk characters
between the text you're looking for. The longer the parent string is,
the less likely you are
I believe that the data isn't actually corrupt.
The crux of the issue:
What R Scott Perry objected to when he was the sole programmer was that
the EU is a political body, and that the RIPE data should be stating the
exact country that the IP allocation is in. If the IP is in the
Netherlands,
SJ, they're not viruses, they're spam sent from zombies.
Probably pump and dump stock spam, and if they're like what I've been
seeing, they have the same anti-OCR techniques that were previously sent
as jpg.
http://www.mail-archive.com/[EMAIL PROTECTED]/msg03447.html
and:
I'll suggest an alternative to this.
If you're using the CB-ATTACH filter and you want to keep it without
giving spammers too much entry, use an END filter with your blacklist
tests. If the sender's IP address is in the blacklist, the CB-ATTACH
test will stop.
This will still counterweight
Sharyn, you might be interested in a more complete tool from Microsoft
that is free and was designed with your task in mind:
http://www.microsoft.com/downloads/details.aspx?FamilyID=d00e3eae-930a-4
2b0-b595-66f462f5d87bDisplayLang=en
It's called the File Server Migration Toolkit, and it takes
Dean, I did some Googling for you and found some likely hits, including
this from Microsoft:
http://office.microsoft.com/en-us/help/HA010450051033.aspx
You may find a nugget of advice there for how your campaigns can avoid
the filter.
Typically, the advice by senders such as yourself is to plea
It looks and reads exactly the same as some previous list that I've
forgotten about.
I haven't tried it...
Andrew.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Kevin Bilbee
Sent: Tuesday, June 12, 2007 4:51 PM
I suggest that you always use a different source IP and sender domain
name when contacting the admin for a blacklist, because they often
filter their own mail with their blacklist, so they won't see your plea.
Stupid, but true.
Andrew.
From: [EMAIL
x7007
F: 978.988.1311
E: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Wednesday, May 16, 2007 7:42 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] all_list.dat ?
Hey
x7007
F: 978.988.1311
E: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Wednesday, May 16, 2007 7:42 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] all_list.dat ?
Hey
x7007
F: 978.988.1311
E: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Wednesday, May 16, 2007 7:42 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] all_list.dat ?
Hey
x7007
F: 978.988.1311
E: [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Wednesday, May 16, 2007 7:42 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] all_list.dat ?
Hey
Hey, David.
Any chance of seeing a refresh of all_list.dat ... It's been just about
4 months since the last one. Three or four times a year doesn't sound
bad.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent
Without my so much as glancing at the potential false positives, this is
a treasure trove or actual phishing URLs:
http://www.phishtank.com/phish_archive.php
A glance at which tells me that another useful PCRE would be to (pseudo
code follows):
IPADDRESS then (/ character) then stuff including
The last two weekends were noticeably quiet compared to the weekdays.
Judging from the number and flavour of blowback bounce messages I see,
the bad guys are concentrating on fewer campaigns but at higher volumes.
The general trend is still up.
Spam volumes climbed at increasing rates up to
Robert, you would use a filter file for this, e.g.
#First, escape this file if the source is on your own network
REMOTEIP END CIDR 208.100.26.0/24
REMOTEIP END CIDR 192.168.0.0/24
#Skip this whole test if we are already above a hold weight of 20
SKIPIFWEIGHT 25
#Apply a maximum total weight
My only two cents on this:
If I were David Barker I would have:
- Pulled out the bad package
- Rolled a new package (with an incremented version number) with the
missing DLL, tested the package succesfully and posted it to the website
for downloaded
- Checked my shopping cart or web logs and
The Administrators who should be applying the workaround are precisely
the same Administrators that have accidentally allowed inbound
connections on arbitrary ephemeral ports, i.e. if they clumsily opened
connections as per Darryl's suggestion of how/why this lack of
firewalling might happen.
If
:
http://isc.sans.org/diary.html?date=2003-08-11
Matt
Colbeck, Andrew wrote:
The Administrators who should be applying the workaround
are precisely the same Administrators that have accidentally allowed
inbound connections on arbitrary ephemeral ports, i.e
I'm biased in favour of Declude, too.
What I find is that there is NO test that is perfect, so Declude's
weighted system is the right fit for me.
Last time I bothered to look, all of IMail's features were weak copycats
of Declude and/or industry standard tests, and a SINGLE triggered
feature
You're safe, Robert.
I've seen this part in spam sent to my domain for about a year:
Received: from 208.100.26.91 (HELO smtp.igive.com)
by hoffman.army.mil with esmtp (9(A'R/,ZVN :36=Q+)
id JLM3A5-)G'4.A-M/
The gibberish in the received block is a definite spam signature and
is
This was an old, old feature request/bug fix from back in the
Scott days, where it was desired not include encoded base64
I requested this as a change long ago for two reasons:
1) To avoid false positives where search text matches the MIME or UUENCODE
formatting
2) To provide an instant
In my declude.cfg I have set the:
AUTOREVIEW OFF
which is the default for this directive. I've seen a poison email
that makes Declude crash or stop quietly, and AUTOREVIEW ON just puts
the poison email back in the queue again. You may find that there are
c:\declude.gp1 and c:\declude.gp2
FWIW, Paul Parisi is not only the CTO of DNSStuff.com but is also the
CTO of Declude.com ... Which helped me frame David's reply!
http://www.declude.com/site/news1017.htm
http://www.boston.com/business/whoswhat/2006/12/declude_newbury.html
Andrew.
p.s. I ran a whois on a few typo variations on
Karl, maybe your spam slowdown is because of the lame delegation of two
out of three of your DNS servers listed in your WHOIS.
http://www.dnsreport.com/tools/dnsreport.ch?domain=casselberry.org
How long have you not been using the DNS servers at twtelecom.net ?
Andrew.
One of my users received a spammy message which accumulated enough
weight to reach our HOLD action.
What I think happened is that the HELO, which has various high-bit
characters which are illegal in a HELO caused bad parsing of that line
in the header... The BADHEADERS and HELOBOGUS were both
Thanks, David.
The early report is that it's working for me.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of David Barker
Sent: Thursday, January 18, 2007 7:37 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail]
key and try to reset
the child permissions (or just Child ownership) - I get an error when
indicating that it can't do so for Run.
- Original Message -
From: Colbeck, Andrew mailto:[EMAIL PROTECTED]
To: declude.junkmail
Thanks, Michael.
That was a good tip.
Andrew.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Michael Jaworski
Sent: Monday, December 18, 2006 10:09 AM
To: declude.junkmail@declude.com
Subject:
Andy, five will get you ten that it is the permissions that are mangled,
not the key itself.
Run RegEdit.exe and right-click on the Run key, then choose
Permissions.
Go into the Advanced button and choose to Inherit from parent... and
the permissions should get fixed up.
You should see:
Great Scott!!
... Well with the clarity of 20/20 hindsight, I used mail-archive.com
with the IMail forum to see what you guys have talked about so fondly.
Ugh. I don't miss that noise at all.
The interesting thing is, how many people in those threads are still
around *here* today. Also, that
The error means that the Perl interpreter thought that there was a
regular expression (hence, regex) at line 443 which had an unmatched
square bracket. I don't see anything wrong with the line 443 in Karl's
posting, nor do I see what should have been a regular expression, in
that line, which I
Harry, check your global.cfg and see if you have a test with a COPYTO
action that copies the email to that spool\charset folder when the test
is triggered.
Then comment out that test and action.
Andrew.
From: [EMAIL PROTECTED] [mailto:[EMAIL
I just read that, too.
I've commented out my NJABLPROXIES ip4r test in my global.cfg and noted
that this is duplicated in my XBL test.
Andrew 8)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Darin Cox
Sent: Wednesday,
And if you're wondering where the BLITZED ip4r test went:
http://wiki.blitzed.org/OPM_status
Andrew 8)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Colbeck, Andrew
Sent: Wednesday, November 15, 2006 5:13 PM
Todd, do this from a command line:
C:\Tempnslookup 66.187.204.25
Server: Andrew's.obfuscated.dns.server
Address: 192.168.0.1
Name:treets100.ibsys.com
Address: 66.187.204.25
C:\Temp
That tells me that your REVDNS won't match, because their reverse DNS is
*not* the same as the HELO value
...
Todd
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Colbeck, Andrew
Sent: Thursday, November 09, 2006 2:23 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Negative weight isn't working
Todd, do this from a command
Craig, I don't use any of the Declude WHITELIST features
due to the potential for giving the sender carte blanche access; if a known good
sender is sending crap, I still want to have a chance to block the
crap.
What I do is counterweight.
I create a filter file called, say,
Me three!
Is it done yet? No? Darn.
Frankly, David, if the Declude app is going to have to rewrite the whole
message anyway to insert headers, make it an optional *feature* to fix
up the line terminators. Then market it as a unique feature; I
understand that Venture Capitalists love their
The traditional answer on this is that IMail does not mark up the header
until after Declude returns control of the message to it, so therefore,
Declude can not leverage any of the tests that IMail does.
That does not stop you from using any of the IMail features though if
you want to think of
In the header of the message, look at the last
IP address in square brackets, this is the IP address of the sending email
server. The text just before it is the HELO sent by it, and is often
unreliable with legitimate mail, and practically a work of fiction with
spam.To get the REVDNS that
Markus, I believe that the XINHEADER and XOUTHEADER directives in the
global.cfg are what you're looking for.
They can be used to create an arbitrary header and populate it with any
exposed Declude variables, e.g.:
#XINHEADER X-Note: This E-mail was sent from %REVDNS%
([%REMOTEIP%]).
Oops, sorry, I jumped the gun and gave the wrong answer.
What I meant to say was that the %TESTSFAILED% variable could be used
with either XINTHEADER/XOUTHEADER and the client would have to parse the
whole line for, say, a traditional WEIGHT20 entry.
If there's a way to create an arbitrary entry
DB 1. The all_list.dat is not updated every
release.
DB 2. The latest
all_list.dat is posted on the My Account page 6 July
06
Worse, David, is that the then-current all_list.dat is
not packaged with the release.
When Declude v3.13 was packaged, it included builds of
decludeproc.exe dated
The version in the customer login area is out of date,
and the one inside the "current" Declude installer is 3 months further out of
date, even though the installer is newer than the all_list.dat
...
Andrew.
---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe,
http://www.microsoft.com/presspass/press/2006/oct06/10-23OSPSenderIDPR.m
spx
Andrew.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at
I've noticed the same thing in all versions of Ipswitch
IMail Server; the cause was broken connections, 99% of which were
spam.
Only in the absolute latest, v9.10 from Sep-06-2006, have I
noticed that IMail cleans up after itself. There is an item about this in
the latest release notes.
Yeah, what Matt said.
Message splitting before junkmail filtering would
bepunishing for CPU time and somewhat more for disk time; message
splitting for the sake of whitelisting (or alternate actions)after
junkmail filtering would be an incremental cost.
And message splitting before
Hey, Craig.
Did you resolve this, and what was the
outcome?
Andrew 8)
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Colbeck,
AndrewSent: Tuesday, September 26, 2006 8:46 AMTo:
declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] anyone
know
to make this only trigger say every 15 minutes
instead of
more regularly.
Feel free to add to this if you want.
Matt
Colbeck, Andrew wrote:
I'd second that... on both the observed behaviour and the
request for documentation
Never heard of ssdmbs.exe ...
Search your filesystem for the file and see if the location
or right-clicking on it gives you any insight.
I like to use Process Explorer from sysinternals.com for
stuff like this.It's like Task Manager but has all the features you wished
it had, like
1 - 100 of 646 matches
Mail list logo
