Scott,
What version of the script are you using? I just checked mine and it is
giving me the same thing on both of my servers. I have surbl_filter.cmd
version 1.1
Tue 09/07/2004 1:23a Update successful [976 entries]
Tue 09/07/2004 1:53a Update failed [conversion error]
Darrell
again.
Darrell
-Original Message-
From: Darrell LaRock [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 08, 2004 9:38 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail] SURBL issue
Scott,
What version of the script are you using? I just checked mine and it is
giving me
Matt,
But if you rename the tests to DYN
than how you are configuring non-DUL tests twice?
Darrell
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Matt
Sent: Saturday, May 15, 2004 6:42
PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail]
DUL skipping
Has anyone else noticed over the last day or so that some of the hotmail
messages are coming from servers without revdns.. This is a snag cause they
are failing both revdns and spamdomains.. Any thoughts?
Received: from hotmail.com [207.68.164.107] by mail2.gannett-tv.com with
ESMTP
I noticed that several RBL's have not been triggered off one of our backup
mail servers over the last 24 hours. For example SPAMCOP hasn't. I turned
on DEBUG mode and noticed that it was reporting this
04/01/2004 10:56:53.296 Q3bbb215802381bda Test #18 [ORDB] is same as Test
#18 [ORDB=*].
Scott,
It's ATT's DNS servers. I wonder if they are doing something to block
those kinds of lookup's.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, April 01, 2004 11:02 AM
To: [EMAIL PROTECTED]
Subject: Re:
How aggressive is SBL compared to SPEWS? I know with SPEWS they list a lot
of adjacent net blocks of the spammers... Does SBL employ the same tactics?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Tuesday, January 06,
there is anything you can do about this
if I am correct.
Matt
Darrell LaRock wrote:
Scott,
On the DNSSTUFF, I used the cached ISP report looking at the NS record. What does
it mean when an ISP has the name server set to ns92.worldnic.com? Does this mean at
one time when the domain was looked up
This is off topic, but I need some help in a bad way to figure out a DNS problem I am
having that is preventing one of our sites from receiving mail and thier web site from
loading.
We recently (this week) switched the name servers from our current provider to another
provider. The zone
I am absolutly baffled.
Eathlink Dial-up - Does not work
Charter Cable Connection - Does not work
ATT T1 using local bind server - Works
Roadrunner Cable - Does not work
AOL - Intermittent.
Several users who replied - Works
Darrell
-- Original Message --
than the TTL on the domain, or it
was really high before the change, and they're respecting that.
If you didn't already know it, this site, courtesy of declude.com, is a
wonderful resource:
http://www.dnsreport.com/
Andrew 8)
-Original Message-
From: Darrell LaRock [mailto:[EMAIL
Scott,
We duplicated the zone files between both providers. So all records are identical.
If the zone files are the same than all of the timeouts should not matter.
Check this out
1.) Do a direct query against ns1.loudcloud.com for wltx.com - Returns 66.54.32.202.
2.) Do a direct query
Scott,
On the DNSSTUFF, I used the cached ISP report looking at the NS record. What does it
mean when an ISP has the name server set to ns92.worldnic.com? Does this mean at one
time when the domain was looked up it was not resolved from the root servers?
ATT Worldnet #1
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, December 05, 2003 2:18 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] November 2003 Spam Statistics
snip
our gateway now handles all incoming mail and there is no
BODY5 CONTAINS href=#104;#116;#116;#112;
Should there by any reason why the above filter entry wouldn't be triggered
on an email that contains that string in the html source?
What am I doing wrong?
Darrell
---
[This E-mail was scanned for viruses by Declude Virus
We make extensive use of filters based on keywords. With short keywords
like like S_e_x we sometimes run into problems with keyword being triggered
based on base64 encoding of an attachment.
Example:
10/13/2003 00:00:36 Q236256fe026ef9a4 Triggered CONTAINS filter WORDFILTER
on sex [weight-2;
We have a listing in our spam domains file
mac.com apple.com
this line seems to be tripping off on the following
X-RBL-Warning: SPAMDOMAINS: Spamdomain 'mac.com' found: Address of
[EMAIL PROTECTED] sent from invalid [No Reverse DNS].
How do I prevent the mac.com spam domain entry from
Darrell LaRock
Systems Analyst
Gannett Television
716-849-2272
Hod do most folks deal with word filters being triggered on attachments.
See below for example?
10/13/2003 00:00:36 Q236256fe026ef9a4 Triggered CONTAINS filter WORDFILTER
on sex [weight-2; SExQlAnjsABzk
Is there something
Title: RE: [Declude.JunkMail] Alligate
Scott,
I have a backup mail server that is a bit
under-speed of our primary mail server. Right now the backup mail server is
being pounded with SoBig which has forced the box to 100% cpu and the queue is
growing slowly.
I am going to stop the
Scott,
I am going to stop the smtp service so no mail will be coming in.
Essentially, at that point I need to clear out that overflow queue..
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Wednesday, August 20, 2003 2:40
We use the following...
REVDNS -10 ENDSWITH .thisdomain.com
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Tuesday, August 05, 2003 4:16 PM
To: Declude JunkMail
Subject: [Declude.JunkMail] Redux: Test Like SPAMDOMAINS But
to have some format options such as .html.
Thank you,
Aaron Caviglia
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Darrell LaRock
Sent: Thursday, July 31, 2003 2:06 PM
To: [EMAIL
Terry,
I used delog for awhile, but I needed several other features that did not
come with delog. So I developed an application that had all of the features
that I needed. Below is a sample report that I generated(tab format). The
reports can be in tab, csv, or html format and you have the
I have been seeing a lot of mail failing the spam domains test with kodak's
picture cd. It allows users to use their own email address when sending
pictures, but it comes from Kodak's servers.
Is their any other way around this? Right now I setup a filter to subtract
the spam domains weight if
list.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock
Sent: Monday, June 23, 2003 5:55 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Kodak picture CD and Spam Domains
I have been seeing a lot of mail failing the spam
the @aol.com address in the file.
The sender is from @aol.com but there was no match form the filter.
Here is a snippet of the log in the attached text file.
Darrell
Darrell LaRock
Systems Analyst
Gannett Television
716-849-2272
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
The config files were sent to your [EMAIL PROTECTED] account.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, June 12, 2003 9:28 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] From File Filter Not Being
Scott,
Looks like it fixed it.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, June 12, 2003 10:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] From File Filter Not Being Triggered With
Messages That
Karen,
This is something that I brought up on the list awhile back with how to
avoid this. As we were getting hammered with spam getting to the end user
cause they were tagging the whitelisted postmaster account to it.
We do not whitelist the postmaster account, instead you setup a filter
test
Why didn't negative weight get added for this piece of mail I received
from the IPNOTINMX Test.
Global.cfg
IPNOTINMX ipnotinmx x x 0 -3
Default.junkmail file
IPNOTINMX IGNORE
DNS Lookup
set q=mx
netaff.com.
Server: wgrz-lclci01.us.ad.gannett.com
Address:
Are you sure about that?
03/31/2003 18:24:22 Qce246c0a00a00dbb WORDFILTER:4 nIPNOTINMX:-3 .
Total weight = 1
03/31/2003 18:24:22 Qce246c0a00a00dbb L1 Message OK
It seems to get triggered for other pieces of mail.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Scott,
My expected behavior would be that this piece of mail *SHOULD* have had
-3 subtracted from it. This is the behavior that I am shooting for.
Now you asked
So, I would need to ask, why do you think that the weight of 3 was not
subtracted from the total weight of the E-mail?
The log
Scott,
A couple of notes...
1.) We started with IMail Antivirus and next week it looks like we will
be adding another imail server purchasing Declude AntiVirus for it and
another license for our existing server. My main problem is that to
continue to run Imail AV it costs about $6,500 for a 1
I have seen random date changes when the battery that powers the RTC
(Real Time Clock) on the MB goes bad.. However, I have only seen this
in really old computers.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Karl Hentschel
Sent: Thursday,
Scott,
To get around this problem do you think this is possible?
Add a lot of negative weight to the message that has a recipient as
postmaster so it won't get bounced. Then create a test that will route
the message back to the postmaster's account? This would then route the
message to the
I assume this didn't fail the comments test because it is actually not
formatted like a true html comment !--some comment
If you would like to unsub
!pNcTpTxGpDsYxVNtNsvMbEBbWbhHmKgDm
scribe your e-m
!kEnTFsDduWqCeYyOiUqQUxLmDpIeAsPkKtphUnPsFkWo
ail addr
!yvnfYpXnLmThFsDoNmCnGorA
Scott,
We have achieved the desired behavior with that setup. I sent a test
message tripping off one of the filters and the mail was delivered to
the postmaster and was not delivered to the other recipients.
This is just a testament on how flexible this product is..
Thanks for the help
Darrell
John,
You are absolutely right on this should be implemented instead of
whitelisting the postmaster or abuse account. This week I can't tell
you how many messages got through because postmaster@ was listed as a
recipient.
That shouldn't happen anymore...
Darrell
-Original Message-
Title: Message
Kami,
I seen several messages today that had
that listed right at the top of the message source.,
Darrell
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan
Sent: Wednesday, March 26, 2003
12:16 PM
To: [EMAIL
We have our domains postmaster addresses whitelisted. I noticed that a
message coming in that has multiple recipients will be delivered to all
the recipients mailboxes as long as it has a whitelisted postmaster
address.
This is not exactly the desired behavior I am looking for.
It should have
I am sure many people have noticed a lot of spam that is like this.
Consider a users email address like this [EMAIL PROTECTED]
Then the subject of the email is
bsmith, have you seen this blah blah
Any thoughts on how to check to see if the right hand side of the email
address is contained in
I am using the copyto function to route a copy of any message that fails
the sniffer test to my email box.
If the message is a false positive I then insert the false positive
message into another email and send it off to the folks at sniffer.
What we found today is that for some reason headers
Today I had an instance where all my mail started being held as SPAM. 99% of it was
legit mail. At first I thought it may be a sniffer problem as that was installed
within the last week.
Attached is a snippet of logs that shows declude over and over testing a peice of mail
I disabled Sniffer
I find that interesting that the major ISP's fail those kinds of tests.
Anyone have any idea's on why they wouldn't have those addresses setup?
Dl
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Tom Baker |
Netsmith Inc
Sent: Friday, July 26, 2002 4:27
Any idea when 1.56 will move from the beta state. We are bringing up a
new mail server and I wanted to know if it is stable enough to go live
with it. I know a couple weeks back there were some posts about
problems that were corrected with an interim release.
Thanks In Advance
dl
---
[This
Not to beat a dead horse, are we thinking anytime in the next 2 weeks or
should I plan on just moving with 1.55.
Darrell
Darrell LaRock
Information Systems Analyst
Gannett Television
716-849-2272
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of R
Someone mentioned earlier that there was a way to invoke declude to
spawn a console in order to see what's happening in real time. Is this
correct and how do you invoke this?
Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
Title: Message
Anyone wonder if they intended to send
that message thinking that everyone would automatically block those
sites? Nice little tactic.
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan
Sent: Wednesday, July
03, 2002
The WARN action only generates a line in the header of the message.
Are you trying to send an alert to the user that sent it?
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Stanley Lyzak
Sent: Monday, July 01, 2002 12:34 PM
To: [EMAIL
49 matches
Mail list logo