David.
The installer worked. I had the same issue as Rob reported but the new
installer worked fine.
-Kami
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David
Barker
Sent: Monday, March 12, 2007 11:48 AM
To: declude.junkmail@declude.com;
Hi;
The new directive
msgsize can be used to find the size of an email but is there a sure way to
determine an email has attachments?
I wanted to write
a filter to figure out legitimate attachments as part of a combo filter but
thought it should be easy for Declude to tell us this if it
Title: Message
Hi;
We are using Commtouch but it stopped working after
upgrading to the latest Declude release - .14.
I am not sure if others are having the problem .. but
for us Commtouch has not been working for over a week now.
Regards,
Kami
---This E-mail came from the
Harry..
In the upgrade there is a new feature that you can set
in the .cfg file.
OUTBOUNDSCANNINGSPAMONINBOUNDSCANNINGSPAMON
In declude.cfg add the following two lines and change
the outbound to on. The default in the example was off and if you are
forwarding messages then that can cause
Kevin..
Why don't you go on eBay and pick up a 1 GHz server (HP or Dell). You can
pick up a great server for less than $1000 and buy a 2003 Standard and it
will all be less than $2K if not $1500.
Just an idea.. Old servers will do your job and are still an overkill.
Kami
-Original
Matt:
Good point but.. it all depends what Kevin means by "storage server"..
?
A server to store the backup or Windows Storage Server..
Big $ difference between the two meaning.. but you are right about the
WSS.
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Hi;
What I have done is create combo filters for good mail servers and deduct
skip certain tests if the combo filter is triggered.
Example:
Filter called Good_Yahoo
--
SKIPIFWEIGHT 100
TESTSFAILED END CONTAINS [GOOD.
TESTSFAILED END CONTAINS [FALSE.
HEADERS END
Dean..
We use UltraEdit and I think it can do what you are
asking for.
http://www.UltraEdit.com
It has a explorer view and you can assign it a folder
to show all contents.. It does not have preview but will open the
file.
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Matt.. thanks for the clarification.
I just could not figure out what it is and after reading the archives I
was still confused.
I thought, based on its name, that one can set up a filter that removes
one recipient from a list and letting the email be delivered for the
rest.
Based on
Hi;
I am seeing a
problem that shows up every so often.
Here is the
actions:
WEIGHT-HOLD-85-S SUBJECT
[85]:[~%WEIGHT%~]WEIGHT-HOLD-85-C COPYTO [EMAIL PROTECTED]WEIGHT-HOLD-85-M
MAILBOX spam
COPYTO goes to a
central account where we can check the spam for all domains and adjust our spam
Hi;
I can't find
anything on how to write the filter for: DELETE_RECIPIENTin the
manual.
Is
DELETE_RECIPIENT designed for filters?
what is the
syntax?
DELETE_RECIPIENT [EMAIL PROTECTED]
I have written a
filter to remove a certain email from the list if the email is originating from
a
Thanks John..
Hard to figure that out from the manual.
so in the default file I should have:
test_name delete_recipient [EMAIL PROTECTED]
Is that correct?
Regards,
- Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T
(Lists)Sent: Saturday, March 04, 2006 4:26
I guess you forgot what Ellison said a while back..
The privacy you're concerned about is largely an illusion.
Larry Ellison - 2001
Scott McNeally (Sun)
You have no privacy. Get over it.
Oh well ..
Regards,
- Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Hi;
It seems like
WEIGTRANGE tests are done at the very end.. no other filter tests
run.
I am reviewing a
number of tests and no matter what I do the tests that rely on a weigtrange do
not get triggered.. for example:
[WEIGHT.WATCH.31.45]weightrangexx3145
then a
filter that contains
John T wrote:
Since WEIGHTRANGE is
designed for final actions, how and why would you use it in a
filter?
--
Good question..
The issue is simple.. in our system I have
been monitoring the results of all of our filters and watching every spam that
is caught in various weight ranges and
Craig:
I am not aware of BLACKLIST filter name..
In Declude filtering is done in 2 steps. First test definition and
then the action on the test.
In general:
Global statement is where you define the tests
$default$.junkmail is where you take actions
For example in a case like yours:
Test
Hi;
Is there anyway
one can run a test if the weight, at the time the filter is run, is above a
certain point and below a certain point?
I know we can skip
tests if a certain weight is reached but it seems like we can not run a test
only if the weight is above a certain level.
This can
Hi David:
I looked and played with the parameters a lot more after that
email. What I reported was not right- the mail goes out in a first in
first out out of the work directory and they go in the work directory from PROC
directory in the same way.
What is puzzling is the WORK directory
Hi;
Just to add my 2 cents to this discussion.
My experience is similar to others with these two but I again think they
have their place as a factor in combo filters.
This is how we use these two.
A filter for the RFC Ignorant
File name: Combo_RFC_Ignorant.txt
TESTSFAILED END CONTAINS
Title: Message
"BTW, Kami has had
repeated issues with C/R stopping his receipts. I'm not totally sure of
the details there."
WE HATE EARTHLINK.. everyday we get 20-30 C/R to our
receipts. We simply delete them since it is impossible to keep
up.
If I could I would bounce their C/R so it
Hi;
I could not find
in the manual the details on how to set the following- I finally found it in the
sample Global.cfg:
STOPPROCESSINGONFIRSTDELETE
ONCOPYFILEACTIONWITHHEADERS
ONADJUSTFORLOADON
But I can't
find anything on how to set the following and it is not in the sample
Darrell..
The BCC test to me is scary if used by itself- I can see it being used as a
combo test but alone with any weight is not something I would use. We have
clients that use their outlook and send 50+ people in a single BCC ..
Emails to boards and volunteer groups in nonprofits and
: Tuesday, April 12, 2005 2:07 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] DYNHELO Test
Kami,
Excellent point - what would you combo this with?
Darrell
Kami Razvan writes:
Darrell..
The BCC test to me is scary if used by itself- I can see it being used
http://www.declude.com/Articles.asp?ID=151
Regards,
- Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Tuesday, April 12, 2005 3:35 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] DYNHELO Test
Hm -
I looked
Hi;
Am I imagining
things or Declude.mtldb has listed a Hotmail ip address in the
blacklist?
X-RBL-Warning: [DECLUDE.ip4r.MTLDB]: "IP is
listed in MTLDB"
Spamcop has also
that IP listed..
X-RBL-Warning:
[SPAMCOP.ip4r]: "Blocked - see http://www.spamcop.net/bl.shtml?64.4.61.200"
The
Hi;
Is this a valid
test?
TESTSFAILEDWHITELISTCONTAINS[WHITELIST.
I have this as a
group combo-filter but it seems not to be working.. a lot of email is passing
through as whitelisted failing this line.
Regards,
Kami
No.. that won't work.
I am yet to see a body that is "blank".. it always has some HTML
characters or some character that does not show up.
May be others have had better luck but that has never worked for
us.
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott
Title: Message
John.. I did a Google search on: SaveAllMIMENotJustHeaders
a lot of articles showed up.. check it out--
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)Sent: Monday, February 07, 2005 8:31 PMTo:
Hi Scott:
While Comment may not be an effective measure alone it is definitely a good
indicator in a combo test.
We have a combo test that incorporates the following plus several more in a
series of test before releasing the email.
TESTSFAILED 2 CONTAINS[NOLEGITCONTENT]
http://www.eweek.com/article2/0,1759,1749328,00.asp\
"One troublesome technique finding favor with
spammers involves sending mass mailings in the middle of the night from a domain
that has not yet been registered. After the mailings go out, the spammer
registers the domain early the next
We can do a simple bounce message to his address using BOUNCEONLYIF..
We are bombarded by them also but they are all getting caught as spam..
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tandem Group
Sent: Monday, January 10, 2005 2:11 PM
To:
Hi Bill..
We simply changed our Declude.exe an hour after installing 2.0b since we had
issues - all we did was just moved the old declude.exe and copied over the
2.0b version.
No problems..
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Hi Scott:
It is fine- when this happened I was out of the office and since we use a
number of combo filters this one filter misbehaving triggered a lot of other
tests which then had a cascade effect.
Of course when I found out we had 100 messages tagged as spam which are were
sent back to the
Hi
Scott:
What does this
mean?
X-Note: Reverse
DNS IP: pop.gmx.net [213.165.64.20]
X-Note: Country
Chain: 'EU' [corrupt RIPE data]-GERMANY-destination
This has triggered
ROUTING test and I am just wondering if the all-dat file is corrupt or needs
adjustment or ...
Regards,
Kami
Nick:
I recall a lot of discussion about this with Blackice firewall installed on
the IMail machine.
It seems like a lot of people had a good experience with dictionary attacks
being blocked by Blackice.
May be it is not bad to revisit that discussion.
Regards,
Kami
-Original
Hi;
I have added a
couple of filters that work quite well using SPF. Although by itself it
does not do much but as a combination it is working for us.
Towards the end of
the filters I have a couple of combo filters that I called [Elevate.?] where ?
is the category of elevate weight.
The
: Kami Razvan [mailto:[EMAIL PROTECTED]
Sent: Monday, December 20, 2004 5:57 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Whitelisting Issue
Chris:
We were having a similar issue- Scott suggested the following:
EMERGENCYBYPASS bypasswhitelist 40 2 0 0
Hi;
I have one filter that is killing me and it just does not make sense for it
not to work.
Here is an example of a message that should have triggered it but it has
not.
Log file ===
12/20/2004 04:52:48 Qa0e1026302703444 NOT bypassing whitelisting of E-mail
with weight =25 (34)
Kami Razvan wrote:
Hi;
I have one filter that is killing me and it just does not make sense
for it not to work.
Here is an example of a message that should have triggered it but it
has not.
Log file ===
12/20/2004 04:52:48 Qa0e1026302703444 NOT bypassing whitelisting of
E-mail
Chris:
We were having a similar issue- Scott suggested the following:
EMERGENCYBYPASS bypasswhitelist 40 2 0 0
So now if the weight passes 40 the whitelist will not work if 2 more people
are in the list.
You can adjust the settings per your environment.
Regards,
Kami
m
signing into "My Account" on the Declude.com website.
A few
weeks ago I tried the old URLs that were specifically for the interim or beta
and found that those links were stale; I don't think they're being maintained
anymore.
Andrew
8)
-Original Message-----From: Kami Razv
Spamhaus-SBL-COMBO
I would imagine all of the other options do work with testsfailed (ENDSWITH,
etc,) They just they aren't very useful .
-- Original Message --
From: Kami Razvan [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Fri, 26 Nov 2004 12:04:38 -0500
for 1 point (fairly meaningless in the final score), but when
comboed these would be worth signifcant weight.
-- Original Message ---
---
From: Kami Razvan [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Fri, 26 Nov 2004 08:24:05 -0500
Hi
Hi;
Is there anyway a
filter can exit with an exact weight at the end?
Using MaxWeight I
can make sure that a filter does not add more than a certain weight to the final
weight. But lets say I want to make sure that if the weight is below a
certain level when I exit I am at a set weight.
Hi John..
I don't think that would work.. that will add 35 to the total weight of
the email.
I want for the final weight of the email up to that point to become
35. I think with your suggestion if the email has a weight of 34 after the
test it will end up with 69 (35 + 34).
I could be
Hi;
I don't think with
the current TESTSFAILED option one can uniquely identify a single test or can
we?
Example:
I have broken down
all tests into combination filters with a naming convention.
IP4R-something
COMBO-IP4r-something
Now I can write
combo filters that are:
TESTSFAILED
Hi John:
I am experimenting with a different way of looking at the IP4r
tests. Over the last month I have changed all the IP4r tests into various
categories and through monitoring the spam I have created over 20 combo filters
that detects spam and tries to credit good mail without any text
Hi;
The IMail reports
are getting caught as spam - the following is from the email
header:
***
Subject: [~18]
IMail Daily Report for ferdowsy.foroosh.comX-RBL-Warning: IPNOTINMX:
X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail
Hi;
Does anyone know
the spamdomain entry for Suntrust Bank?
@Suntrust.com .suntrust.com
Is it different
from above? I have not seen a legit email from Suntrust to use as a
guide.
Regards,
Kami
Hi Markus..
I think you are right..
Any downside to whitelisting that IP? Since version 8 of IMail all
the server reports are getting caught as spam..
WHITELIST IP
127.0.0.1
Regards,
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus
GuflerSent: Saturday,
Hi;
the following is
another phishing attempt- the site still live.
http://211.158.34.250/citifi/
Regards,
Kami
Email
Subject: [37~]Dear customer your details have been
compromisedMIME-Version: 1.0 (produced by annunciatemarginalia
8.2)Content-Type:
-
From:
Kami Razvan
To: [EMAIL PROTECTED]
Sent: Tuesday, October 05, 2004 6:56
AM
Subject: [Declude.JunkMail] Citibank -
phishing- still live
Hi;
the following is
another phishing attempt- the site still live.
http://211.158.34.250/citifi/
Regards
Hi;
Phishing.. still
alive
http://221.139.2.111/citifi/
Regards,
Kami
email:
===
Dear
Customer:Recently there have been a large number of cyber attacks
pointing our database servers. In order to safeguard your account, we require
you to sign on immediately. This
http://61.139.77.18/service/html/bin/log/
The above is still
alive.
Regards,
Kami
Message:
==
Subject:
[36~]James William from Wellsfargo.com - submfkDate: Sat, 2 Oct 2004
11:50:12 -0500Mime-Version: 1.0Content-Type: text/html;
charset=us-asciiMessage-Id: [EMAIL
Hi;
http://202.149.196.236/.aw-cgicgisk/SignIn.php
You may want to
filter the above. Just got a phishing email.. it is
active.
Regards,
Kami
===Message
Received: from
correo.oyd.net [200.75.40.78] by with ESMTP
(SMTPD32-8.13) id A00C28640056; Thu, 30 Sep 2004
Hi;
The following was
just received it is live..
http://depart.tsvs.tpc.edu.tw/.paypal/login.html
is still
alive.
Regards,
Kami
Body
-
This is a multi-part message in MIME format
--29fd5b5e-2886-4419-8940-86af38af427cContent-Type: text/html;
Hi Scott:
I have tested it several times- a weight of 35 is supposed to go the spam
mailbox but it does not go.
The COPY action works- the mailbox action is not working.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Hi
..
Has there been
changes in 1.79i16 regarding mailbox?
I have the
following:
WEIGHT20sSUBJECT [%WEIGHT%~]WEIGHT20cCOPYTO
[EMAIL PROTECTED]WEIGHT20mMAILBOX
spam
This used to work
but now recently I am seeing mail is not diverted to the spam mailbox. I
am debugging trying to figure
Scott:
This is what I have in Global:
WEIGHT20s weight x x 20 0
WEIGHT20c weight x x 20 0
WEIGHT20m weight x x 20 0
then in default$.junkmail
WEIGHT20s SUBJECT
Hi;
The 20 test should cover 20+ - should it not?
So a 35 should go to the mailbox.
There is no 35 test.
I will send you the global default off list if you want.
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday,
Scott:
Since not much has been discussed could you possibly provide a list of
changes since i8?
As Bill stated we somehow skipped 8 releases and traditionally there has
always been discussions on changes but this time we just missed it.
The only ones I know of that were discussed are:
- NOTIS
Hi;
I am going to remove HGH. Actually I think we should not list 3 character
words but this one is just used too often to ignore.
It is removed.
Regards,
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran
JovanovicSent: Monday, July 05, 2004 11:07 PMTo:
[EMAIL
Hi;
This site is still
active: http://211.174.62.133/verify/index.php
Regards,
Kami
Here is the
body:
X-Note: Spam
Score: 1023 [BLOCKED ON 20+ DELETED ON 60+]X-Note: Scan Time: 05:42:25
on 07/02/2004X-Note: Spool File: D2de8053702661acc.SMDX-Note: Server
Name:
Hi;
Just received a
phishing attempt..
possible filter:
www.web-da-us-citi-verify.net
Regards,
Kami
==
Received: from
server1.hostingplex.com [66.48.80.137] by clickandpledge.com with
ESMTP (SMTPD32-8.12) id AE61108029A; Fri, 25 Jun 2004 16:43:13
-0400Received: from astegene
Hi;
Here is a fresh
phishing attempt the site is live.
Possible filter
on: 64.81.52.190
Regards,
Kami
=
Received: from
insure-connect.com [216.205.77.84] by foroosh.com with ESMTP
(SMTPD32-8.12) id A73EDD10044; Sun, 20 Jun 2004 08:46:54 -0400Received:
(from [EMAIL PROTECTED])by
Goran:
We do the subject and ROUTETO already. As for attach I think you should be
able to do it but you have to set different rules and then apply those rules
with separate actions. In our case:
Weight20s, c, and m are all the same definitions in Global file.
This is what we have.
We used to
Hi;
The site is live..
a definite phishing attempt.
http://200.97.91.210/citi/"Activate
Regards,
Kami
===
Received: from
82-33-98-143.cable.ubr10.azte.blueyonder.co.uk [82.33.98.143] by
foroosh.com (SMTPD32-8.11) id A0842A350272; Tue, 08 Jun 2004 14:08:04
Hi;
Sorry the last one
I sent apparently does not go to the URL.
Here is the
URL:
http://200.97.91.210/citi/
Regards,
Kami
Great... I just went there and it is down.
It was up when I sent the email.. So it is good to see it removed.
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Tuesday, June 08, 2004 5:27 PM
To: [EMAIL PROTECTED]
Subject: RE:
Hi;
The following is
the body of an email that was caught by the Fraud spamdomain test we have.
The link is still active.
I am adding a body
filter on: web-da-best.com
Here is the
body:
..nbsp;body bgcolor=3D#ffdiv
align=3D"left"TABLE width=3D520 cellpadding=3D0
http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229
Time to add new
filters..
Kami
Anyone else end up like this?
Yep- when we talked to McAfee--
Make your life easier..
F-Prot: $50
Go to: http://www.F-Prot.com [Seems to be down at the moment..]
Grisoft-AVG server: $70
http://www.grisoft.com/us/us_avg_online.php#fse
you will have 2 scanners.
You can also add Clam AV
Title: Message
Larry:
We have used it for years and are very happy with it.
Of course since it is cheap I suggest you use the savings and add another
scanner to your arsenal. 2 is always better than 1.
We use AVG and FProt together.
Regards,
Kami
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Dan..
Can you not use a filter file for this?
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Friday, May 14, 2004 9:09 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?
Scott,
I
Dan..
May be I am not understanding the question. But I basically have a couple
of combination tests that are like the following:
REVDNS END ENDSWITH.hotmail.com
MAILFROM3 ENDSWITH@hotmail.com
HELO5 ENDSWITH.hotmail.com
So with this
Hi;
I just received
the following phishing attempt from CitiBank.
Received: from marduk.hostmatix.com
[66.194.152.44] by foroosh.com with ESMTP (SMTPD32-8.11) id
AA2B91800C6; Fri, 14 May 2004 15:12:43 -0400Received: from nobody by
marduk.hostmatix.com with local (Exim 4.34)id
Follow up to last
email:
Hi;
The following is
the site:
http://www.citicorp-verification.com/cgibin/citifi/scripts/home/Verify.htm
Filter on:
citicorp-verification
the site is live
and kicking..
href="">https://www.accountonline.com/Register?siteId=CB"FONT
There is a new interim release 1.79i7 at
:)
Scott... Now was that real hard :) ...
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, May 13, 2004 12:00 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail]
Hi;
I am trying to
understand how this works.. We have the following in the
Global:
EMERGENCYBYPASS
bypasswhitelisting 40 2 0
0
in the following
action in the default file.
EMERGENCYBYPASSDELETE
Now..
We have one person
in a domain that has [EMAIL PROTECTED] in the address
book.
-- 2nd attempt-
sometimes postings do not show up.
Hi;
I am trying to
understand how this works.. We have the following in the
Global:
EMERGENCYBYPASS
bypasswhitelisting 40 2 0
0
in the following
action in the default file.
EMERGENCYBYPASSDELETE
Now..
We have one person
in a
Hi;
today we have
received a ton of spam from probably infected computers in
Universities..
The most notable
was a lot of Viagra spam from Harvard University. Considering we receive a
lot of emails from them their reverse dns WASwhitelisted- not
anymore..
just thought to
share the
Scott:
Is there anyway we
can whitelist a test?
With Declude we
can have combination tests and tests that give weight based on a combination of
test names.. now I wonder if we can whitelist a test name:
Whitelist
Testsfailed spamcop :)
If we can do this
it can help us with whitelisting
and the latest interim will decode encoded subjects
Scott:
It would be a great help if you can indicate what is the latest interim
number- for one big reason...
It will reduce the load on your server since we really have no way to know
other than downloading it and seeing if a new version
:)
This definitely will not happen -- that's one of the more time-consuming
parts of the interims.
Scott...
All I asked for was the inclusion of this in your emails..
... This is added in our latest interim (1.76i6) Blah blah blah
That is it.. :)
I know we have 1.79i6- so I won't be
Scott:
Have you changed
the IP address for your server? I had the REVDNS for your server
whitelisted and now everything with the forum is being caught as
spam.
Your IP is
listed..
X-RBL-Warning:
FIVETEN-SPAM: 124.245.186.68.blackholes.five-ten-sg.com.X-RBL-Warning:
NJABL-DYNA:
Hi;
Just received an
email in our spam mailbox.
Filter: pumpkinpieshow.com
Here is the
body:
X-RBL-Warning:
BADHEADERS: This E-mail was sent from a broken mail client
[8014000e].X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No
content unique to legitimate E-mail
Hi;
I know this has
been discussed in the past but I am not sure if any solution is
available.
If one person has
[EMAIL PROTECTED] in the address book it appears that
an email sent to this person and many others will be whitelisted for
all.
We have a
situation that a person receives a
Hi;
We are sending all
emails that fail a certain weight to the spam mailbox of the
user.
The problem we are
seeing is when users use aliases and not real UserID's.
WEIGHT20mMAILBOX spam
this sends the
email to a User:First.Last@Domain.comwith Alias: [EMAIL PROTECTED] to
[EMAIL
Hi Scott:
No we are not using SWITCHRECIPS ON option.
we are using:
X-Note: This E-mail was scanned filtered by Declude [1.79i4] for SPAM
virus.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Thursday, April 15,
Hi Scott:
Here is the situation.
UserID: [EMAIL PROTECTED]
Alias: [EMAIL PROTECTED]
The mailbox action:
WEIGHT20m MAILBOX spam
sends the spam to:
[EMAIL PROTECTED]
Naturally [EMAIL PROTECTED] does not exist.
[EMAIL PROTECTED] exists.
So spam is bouncing and mailbox is not created.
Hi;
I just received
the following in our info account. I believe it is a phishing
attempt.
Attached is the
actual email.
The
source:
BODYpimg
src="" width="296" height="51"/ppDear
user!/ppWe are informing you that today, the amount of
$719.00 AUD has been drawn
Use this link to get the 2 letter abbrevations for the countries you want
to add to your own filter: http://www.iana.org/cctld/cctld-whois.htm . Some
folks add the whole list while I've only added the ones I see as a problem.
Just in case it helps...
Attached is the file we use. Adjust it as
Lyndon:
Also to add to Matt's comments a lot of problems also come up with web
forms. This is one reason we have not yet implemented SPF for our server..
Have not taken the time to figure out ..
Imagine someone on CNN's site using the eMail friend - to show you this I
went to CNN and sent
Hi Chuck:
Spamdomains has been one of those topics that appear and disappear- never
with a final and definitive answer.
It would be good if something like this was done like Forged Virus - with a
server giving the weight.. But there are so many variations and changes that
perhaps this can't be
Hi Darryl:
Do you have a sample of the email and the header you can send?
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darryl Koster
Sent: Wednesday, March 10, 2004 5:49 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] 2,000,000 + emails
It depends on your setting in the cfg file.
Look at the following entry:
#
# The DELETEVIRUSES option, when set to ON, will delete viruses, rather than
quarantine them.
# It is recommended to leave this at OFF. Works with v1.30 and higher.
#
DELETEVIRUSES ON
We have ours set to on to delete
Dan
We actually stopped using it a while back.. We are not even tracking it or
even giving it any negative weight.
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Friday, February 27, 2004 4:28 PM
To: [EMAIL PROTECTED]
Oh Oh...
We are... I just wasn't aware of it.. Let me check.. Check back in a
minute..
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Tuesday, February 24, 2004 10:52 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail]
"Please return the favor and share with me any
FP's that you see on this test so that I can make adjustments for the benefit of
myself as well as others."Matt:
Interesting test.. I added your filters to our system
and just checked the log files. I simply added the test withzero weight to
Matt:
What I like about Scott's new feature (not his own but that of Declude :)
) - is it makes triggering the CPU intensive filters (like our URL in body,
etc.) less likely to be used.
A lot of the ones that are deleted in our system hit our word filters and
URL in body filters. If this
1 - 100 of 483 matches
Mail list logo