RE: Warning Rescinded: RE: [Declude.Virus] WARNING -RE: [Declude.JunkMail]

David. The installer worked. I had the same issue as Rob reported but the new installer worked fine. -Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, March 12, 2007 11:48 AM To: declude.junkmail@declude.com;

[Declude.JunkMail] Mail has attachment?

Hi; The new directive msgsize can be used to find the size of an email but is there a sure way to determine an email has attachments? I wanted to write a filter to figure out legitimate attachments as part of a combo filter but thought it should be easy for Declude to tell us this if it

RE: [Declude.JunkMail] Sniffer vs. Commtouch

Title: Message Hi; We are using Commtouch but it stopped working after upgrading to the latest Declude release - .14. I am not sure if others are having the problem .. but for us Commtouch has not been working for over a week now. Regards, Kami ---This E-mail came from the

RE: [Declude.JunkMail] Crisis after upgrade to 4.3.14 from 4.3.7

Harry.. In the upgrade there is a new feature that you can set in the .cfg file. OUTBOUNDSCANNINGSPAMONINBOUNDSCANNINGSPAMON In declude.cfg add the following two lines and change the outbound to on. The default in the example was off and if you are forwarding messages then that can cause

RE: [Declude.JunkMail] OT: Storage Server (NAS)

Kevin.. Why don't you go on eBay and pick up a 1 GHz server (HP or Dell). You can pick up a great server for less than $1000 and buy a 2003 Standard and it will all be less than $2K if not $1500. Just an idea.. Old servers will do your job and are still an overkill. Kami -Original

RE: [Declude.JunkMail] OT: Storage Server (NAS)

Matt: Good point but.. it all depends what Kevin means by "storage server".. ? A server to store the backup or Windows Storage Server.. Big $ difference between the two meaning.. but you are right about the WSS. Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of

RE: [Declude.JunkMail] How to let these through?

Hi; What I have done is create combo filters for good mail servers and deduct skip certain tests if the combo filter is triggered. Example: Filter called Good_Yahoo -- SKIPIFWEIGHT 100 TESTSFAILED END CONTAINS [GOOD. TESTSFAILED END CONTAINS [FALSE. HEADERS END

RE: [Declude.JunkMail] OT - Looking for a file browser

Dean.. We use UltraEdit and I think it can do what you are asking for. http://www.UltraEdit.com It has a explorer view and you can assign it a folder to show all contents.. It does not have preview but will open the file. Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

RE: [Declude.JunkMail] DELETE_RECIPIENT ?

Matt.. thanks for the clarification. I just could not figure out what it is and after reading the archives I was still confused. I thought, based on its name, that one can set up a filter that removes one recipient from a list and letting the email be delivered for the rest. Based on

[Declude.JunkMail] COPY TO action not working

Hi; I am seeing a problem that shows up every so often. Here is the actions: WEIGHT-HOLD-85-S SUBJECT [85]:[~%WEIGHT%~]WEIGHT-HOLD-85-C COPYTO [EMAIL PROTECTED]WEIGHT-HOLD-85-M MAILBOX spam COPYTO goes to a central account where we can check the spam for all domains and adjust our spam

[Declude.JunkMail] DELETE_RECIPIENT ?

Hi; I can't find anything on how to write the filter for: DELETE_RECIPIENTin the manual. Is DELETE_RECIPIENT designed for filters? what is the syntax? DELETE_RECIPIENT [EMAIL PROTECTED] I have written a filter to remove a certain email from the list if the email is originating from a

RE: [Declude.JunkMail] DELETE_RECIPIENT ?

Thanks John.. Hard to figure that out from the manual. so in the default file I should have: test_name delete_recipient [EMAIL PROTECTED] Is that correct? Regards, - Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)Sent: Saturday, March 04, 2006 4:26

RE: [Declude.JunkMail] And you think we have a lot of spam now?

I guess you forgot what Ellison said a while back.. The privacy you're concerned about is largely an illusion. Larry Ellison - 2001 Scott McNeally (Sun) You have no privacy. Get over it. Oh well .. Regards, - Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

[Declude.JunkMail] Weightrange order

Hi; It seems like WEIGTRANGE tests are done at the very end.. no other filter tests run. I am reviewing a number of tests and no matter what I do the tests that rely on a weigtrange do not get triggered.. for example: [WEIGHT.WATCH.31.45]weightrangexx3145 then a filter that contains

RE: [Declude.JunkMail] Weightrange order

John T wrote: Since WEIGHTRANGE is designed for final actions, how and why would you use it in a filter? -- Good question.. The issue is simple.. in our system I have been monitoring the results of all of our filters and watching every spam that is caught in various weight ranges and

RE: [Declude.JunkMail] blacklist file

Craig: I am not aware of BLACKLIST filter name.. In Declude filtering is done in 2 steps. First test definition and then the action on the test. In general: Global statement is where you define the tests $default$.junkmail is where you take actions For example in a case like yours: Test

[Declude.JunkMail] SKIPIFWEIGHT - RUNIFWEIGHT?

Hi; Is there anyway one can run a test if the weight, at the time the filter is run, is above a certain point and below a certain point? I know we can skip tests if a certain weight is reached but it seems like we can not run a test only if the weight is above a certain level. This can

RE: [Declude.JunkMail] Processing Order: 3.05.11

Hi David: I looked and played with the parameters a lot more after that email. What I reported was not right- the mail goes out in a first in first out out of the work directory and they go in the work directory from PROC directory in the same way. What is puzzling is the WORK directory

RE: [Declude.JunkMail] Negative weighting filters to reduce false positives

Hi; Just to add my 2 cents to this discussion. My experience is similar to others with these two but I again think they have their place as a factor in combo filters. This is how we use these two. A filter for the RFC Ignorant File name: Combo_RFC_Ignorant.txt TESTSFAILED END CONTAINS

[Declude.JunkMail] Earthlink now using challenge-response

Title: Message "BTW, Kami has had repeated issues with C/R stopping his receipts. I'm not totally sure of the details there." WE HATE EARTHLINK.. everyday we get 20-30 C/R to our receipts. We simply delete them since it is impossible to keep up. If I could I would bounce their C/R so it

[Declude.JunkMail] New directives

Hi; I could not find in the manual the details on how to set the following- I finally found it in the sample Global.cfg: STOPPROCESSINGONFIRSTDELETE ONCOPYFILEACTIONWITHHEADERS ONADJUSTFORLOADON But I can't find anything on how to set the following and it is not in the sample

RE: [Declude.JunkMail] DYNHELO Test

Darrell.. The BCC test to me is scary if used by itself- I can see it being used as a combo test but alone with any weight is not something I would use. We have clients that use their outlook and send 50+ people in a single BCC .. Emails to boards and volunteer groups in nonprofits and

RE: [Declude.JunkMail] DYNHELO Test

: Tuesday, April 12, 2005 2:07 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DYNHELO Test Kami, Excellent point - what would you combo this with? Darrell Kami Razvan writes: Darrell.. The BCC test to me is scary if used by itself- I can see it being used

RE: [Declude.JunkMail] DYNHELO Test

http://www.declude.com/Articles.asp?ID=151 Regards, - Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Tuesday, April 12, 2005 3:35 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] DYNHELO Test Hm - I looked

[Declude.JunkMail] MTLDB Hotmail

Hi; Am I imagining things or Declude.mtldb has listed a Hotmail ip address in the blacklist? X-RBL-Warning: [DECLUDE.ip4r.MTLDB]: "IP is listed in MTLDB" Spamcop has also that IP listed.. X-RBL-Warning: [SPAMCOP.ip4r]: "Blocked - see http://www.spamcop.net/bl.shtml?64.4.61.200" The

[Declude.JunkMail] Testsfailed

Hi; Is this a valid test? TESTSFAILEDWHITELISTCONTAINS[WHITELIST. I have this as a group combo-filter but it seems not to be working.. a lot of email is passing through as whitelisted failing this line. Regards, Kami

RE: [Declude.JunkMail] Filter / VBS for empty body wanted

No.. that won't work. I am yet to see a body that is "blank".. it always has some HTML characters or some character that does not show up. May be others have had better luck but that has never worked for us. Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott

RE: [Declude.JunkMail] Outlook munging headers

Title: Message John.. I did a Google search on: SaveAllMIMENotJustHeaders a lot of articles showed up.. check it out-- Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)Sent: Monday, February 07, 2005 8:31 PMTo:

RE: [Declude.JunkMail] Legit message failing COMMENTS test.

Hi Scott: While Comment may not be an effective measure alone it is definitely a good indicator in a combo test. We have a combo test that incorporates the following plus several more in a series of test before releasing the email. TESTSFAILED 2 CONTAINS[NOLEGITCONTENT]

[Declude.JunkMail] Interesting tactic..

http://www.eweek.com/article2/0,1759,1749328,00.asp\ "One troublesome technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next

RE: [Declude.JunkMail] High smtp traffic

We can do a simple bounce message to his address using BOUNCEONLYIF.. We are bombarded by them also but they are all getting caught as spam.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tandem Group Sent: Monday, January 10, 2005 2:11 PM To:

RE: [Declude.JunkMail] Spamheaders fix for 2.0b

Hi Bill.. We simply changed our Declude.exe an hour after installing 2.0b since we had issues - all we did was just moved the old declude.exe and copied over the 2.0b version. No problems.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

RE: [Declude.JunkMail] 2005 SpamHeaders Glitch?

Hi Scott: It is fine- when this happened I was out of the office and since we use a number of combo filters this one filter misbehaving triggered a lot of other tests which then had a cascade effect. Of course when I found out we had 100 messages tagged as spam which are were sent back to the

[Declude.JunkMail] corrupt RIPE data

Hi Scott: What does this mean? X-Note: Reverse DNS IP: pop.gmx.net [213.165.64.20] X-Note: Country Chain: 'EU' [corrupt RIPE data]-GERMANY-destination This has triggered ROUTING test and I am just wondering if the all-dat file is corrupt or needs adjustment or ... Regards, Kami

RE: [Declude.JunkMail] dnsbl or OT ms smtp orf

Nick: I recall a lot of discussion about this with Blackice firewall installed on the IMail machine. It seems like a lot of people had a good experience with dictionary attacks being blocked by Blackice. May be it is not bad to revisit that discussion. Regards, Kami -Original

RE: [Declude.JunkMail] SPF Success

Hi; I have added a couple of filters that work quite well using SPF. Although by itself it does not do much but as a combination it is working for us. Towards the end of the filters I have a couple of combo filters that I called [Elevate.?] where ? is the category of elevate weight. The

RE: [Declude.JunkMail] Whitelisting Issue

: Kami Razvan [mailto:[EMAIL PROTECTED] Sent: Monday, December 20, 2004 5:57 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Whitelisting Issue Chris: We were having a similar issue- Scott suggested the following: EMERGENCYBYPASS bypasswhitelist 40 2 0 0

[Declude.JunkMail] Combo filter not working..

Hi; I have one filter that is killing me and it just does not make sense for it not to work. Here is an example of a message that should have triggered it but it has not. Log file === 12/20/2004 04:52:48 Qa0e1026302703444 NOT bypassing whitelisting of E-mail with weight =25 (34)

RE: [Declude.JunkMail] Combo filter not working..

Kami Razvan wrote: Hi; I have one filter that is killing me and it just does not make sense for it not to work. Here is an example of a message that should have triggered it but it has not. Log file === 12/20/2004 04:52:48 Qa0e1026302703444 NOT bypassing whitelisting of E-mail

RE: [Declude.JunkMail] Whitelisting Issue

Chris: We were having a similar issue- Scott suggested the following: EMERGENCYBYPASS bypasswhitelist 40 2 0 0 So now if the weight passes 40 the whitelist will not work if 2 more people are in the list. You can adjust the settings per your environment. Regards, Kami

RE: [Declude.JunkMail] all_list.dat Update?

m signing into "My Account" on the Declude.com website. A few weeks ago I tried the old URLs that were specifically for the interim or beta and found that those links were stale; I don't think they're being maintained anymore. Andrew 8) -Original Message-----From: Kami Razv

RE: [Declude.JunkMail] TESTSFAILED Detection

Spamhaus-SBL-COMBO I would imagine all of the other options do work with testsfailed (ENDSWITH, etc,) They just they aren't very useful . -- Original Message -- From: Kami Razvan [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 26 Nov 2004 12:04:38 -0500

RE: [Declude.JunkMail] Exiting with fixed weight

for 1 point (fairly meaningless in the final score), but when comboed these would be worth signifcant weight. -- Original Message --- --- From: Kami Razvan [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 26 Nov 2004 08:24:05 -0500 Hi

[Declude.JunkMail] Exiting with fixed weight

Hi; Is there anyway a filter can exit with an exact weight at the end? Using MaxWeight I can make sure that a filter does not add more than a certain weight to the final weight. But lets say I want to make sure that if the weight is below a certain level when I exit I am at a set weight.

RE: [Declude.JunkMail] Exiting with fixed weight

Hi John.. I don't think that would work.. that will add 35 to the total weight of the email. I want for the final weight of the email up to that point to become 35. I think with your suggestion if the email has a weight of 34 after the test it will end up with 69 (35 + 34). I could be

[Declude.JunkMail] TESTSFAILED Detection

Hi; I don't think with the current TESTSFAILED option one can uniquely identify a single test or can we? Example: I have broken down all tests into combination filters with a naming convention. IP4R-something COMBO-IP4r-something Now I can write combo filters that are: TESTSFAILED

RE: [Declude.JunkMail] Exiting with fixed weight

Hi John: I am experimenting with a different way of looking at the IP4r tests. Over the last month I have changed all the IP4r tests into various categories and through monitoring the spam I have created over 20 combo filters that detects spam and tries to credit good mail without any text

[Declude.JunkMail] IPBYPASS- Declude 8.1

Hi; The IMail reports are getting caught as spam - the following is from the email header: *** Subject: [~18] IMail Daily Report for ferdowsy.foroosh.comX-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail

[Declude.JunkMail] SPAMDOMAINS entry for Suntrust

Hi; Does anyone know the spamdomain entry for Suntrust Bank? @Suntrust.com .suntrust.com Is it different from above? I have not seen a legit email from Suntrust to use as a guide. Regards, Kami

RE: [Declude.JunkMail] IPBYPASS- Declude 8.1

Hi Markus.. I think you are right.. Any downside to whitelisting that IP? Since version 8 of IMail all the server reports are getting caught as spam.. WHITELIST IP 127.0.0.1 Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus GuflerSent: Saturday,

[Declude.JunkMail] Citibank - phishing- still live

Hi; the following is another phishing attempt- the site still live. http://211.158.34.250/citifi/ Regards, Kami Email Subject: [37~]Dear customer your details have been compromisedMIME-Version: 1.0 (produced by annunciatemarginalia 8.2)Content-Type:

RE: [Declude.JunkMail] Citibank - phishing- still live

- From: Kami Razvan To: [EMAIL PROTECTED] Sent: Tuesday, October 05, 2004 6:56 AM Subject: [Declude.JunkMail] Citibank - phishing- still live Hi; the following is another phishing attempt- the site still live. http://211.158.34.250/citifi/ Regards

[Declude.JunkMail] phishing- live

Hi; Phishing.. still alive http://221.139.2.111/citifi/ Regards, Kami email: === Dear Customer:Recently there have been a large number of cyber attacks pointing our database servers. In order to safeguard your account, we require you to sign on immediately. This

[Declude.JunkMail] phishing- Wells Fargo- still alive

http://61.139.77.18/service/html/bin/log/ The above is still alive. Regards, Kami Message: == Subject: [36~]James William from Wellsfargo.com - submfkDate: Sat, 2 Oct 2004 11:50:12 -0500Mime-Version: 1.0Content-Type: text/html; charset=us-asciiMessage-Id: [EMAIL

[Declude.JunkMail] eBay Phishing- Live

Hi; http://202.149.196.236/.aw-cgicgisk/SignIn.php You may want to filter the above. Just got a phishing email.. it is active. Regards, Kami ===Message Received: from correo.oyd.net [200.75.40.78] by with ESMTP (SMTPD32-8.13) id A00C28640056; Thu, 30 Sep 2004

[Declude.JunkMail] PayPal phishing

Hi; The following was just received it is live.. http://depart.tsvs.tpc.edu.tw/.paypal/login.html is still alive. Regards, Kami Body - This is a multi-part message in MIME format --29fd5b5e-2886-4419-8940-86af38af427cContent-Type: text/html;

RE: [Declude.JunkMail] MAILBOX?

Hi Scott: I have tested it several times- a weight of 35 is supposed to go the spam mailbox but it does not go. The COPY action works- the mailbox action is not working. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry

[Declude.JunkMail] MAILBOX?

Hi .. Has there been changes in 1.79i16 regarding mailbox? I have the following: WEIGHT20sSUBJECT [%WEIGHT%~]WEIGHT20cCOPYTO [EMAIL PROTECTED]WEIGHT20mMAILBOX spam This used to work but now recently I am seeing mail is not diverted to the spam mailbox. I am debugging trying to figure

RE: [Declude.JunkMail] MAILBOX?

Scott: This is what I have in Global: WEIGHT20s weight x x 20 0 WEIGHT20c weight x x 20 0 WEIGHT20m weight x x 20 0 then in default$.junkmail WEIGHT20s SUBJECT

RE: [Declude.JunkMail] MAILBOX?

Hi; The 20 test should cover 20+ - should it not? So a 35 should go to the mailbox. There is no 35 test. I will send you the global default off list if you want. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday,

[Declude.JunkMail] 1.79i16 - changes?

Scott: Since not much has been discussed could you possibly provide a list of changes since i8? As Bill stated we somehow skipped 8 releases and traditionally there has always been discussions on changes but this time we just missed it. The only ones I know of that were discussed are: - NOTIS

RE: [Declude.JunkMail] Filter with a traling space question

Hi; I am going to remove HGH. Actually I think we should not list 3 character words but this one is just used too often to ignore. It is removed. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran JovanovicSent: Monday, July 05, 2004 11:07 PMTo: [EMAIL

[Declude.JunkMail] Phishing attempt

Hi; This site is still active: http://211.174.62.133/verify/index.php Regards, Kami Here is the body: X-Note: Spam Score: 1023 [BLOCKED ON 20+ DELETED ON 60+]X-Note: Scan Time: 05:42:25 on 07/02/2004X-Note: Spool File: D2de8053702661acc.SMDX-Note: Server Name:

[Declude.JunkMail] New Phishing attempt..

Hi; Just received a phishing attempt.. possible filter: www.web-da-us-citi-verify.net Regards, Kami == Received: from server1.hostingplex.com [66.48.80.137] by clickandpledge.com with ESMTP (SMTPD32-8.12) id AE61108029A; Fri, 25 Jun 2004 16:43:13 -0400Received: from astegene

[Declude.JunkMail] Phisihing- Site is live

Hi; Here is a fresh phishing attempt the site is live. Possible filter on: 64.81.52.190 Regards, Kami = Received: from insure-connect.com [216.205.77.84] by foroosh.com with ESMTP (SMTPD32-8.12) id A73EDD10044; Sun, 20 Jun 2004 08:46:54 -0400Received: (from [EMAIL PROTECTED])by

RE: [Declude.JunkMail] ROUTETO and SUBJECT Line Marking

Goran: We do the subject and ROUTETO already. As for attach I think you should be able to do it but you have to set different rules and then apply those rules with separate actions. In our case: Weight20s, c, and m are all the same definitions in Global file. This is what we have. We used to

[Declude.JunkMail] Phishing attempt- site is live

Hi; The site is live.. a definite phishing attempt. http://200.97.91.210/citi/"Activate Regards, Kami === Received: from 82-33-98-143.cable.ubr10.azte.blueyonder.co.uk [82.33.98.143] by foroosh.com (SMTPD32-8.11) id A0842A350272; Tue, 08 Jun 2004 14:08:04

[Declude.JunkMail] Phishing link

Hi; Sorry the last one I sent apparently does not go to the URL. Here is the URL: http://200.97.91.210/citi/ Regards, Kami

RE: [Declude.JunkMail] Phishing attempt- site is live

Great... I just went there and it is down. It was up when I sent the email.. So it is good to see it removed. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, June 08, 2004 5:27 PM To: [EMAIL PROTECTED] Subject: RE:

[Declude.JunkMail] phishing attempt- site still live

Hi; The following is the body of an email that was caught by the Fraud spamdomain test we have. The link is still active. I am adding a body filter on: web-da-best.com Here is the body: ..nbsp;body bgcolor=3D#ffdiv align=3D"left"TABLE width=3D520 cellpadding=3D0

[Declude.JunkMail] Spammers Dumping Porn for Financial Services

http://internetweek.com/e-business/showArticle.jhtml?articleID=21100229 Time to add new filters.. Kami

RE: [Declude.JunkMail] f-prot

Anyone else end up like this? Yep- when we talked to McAfee-- Make your life easier.. F-Prot: $50 Go to: http://www.F-Prot.com [Seems to be down at the moment..] Grisoft-AVG server: $70 http://www.grisoft.com/us/us_avg_online.php#fse you will have 2 scanners. You can also add Clam AV

RE: [Declude.JunkMail] f-prot

Title: Message Larry: We have used it for years and are very happy with it. Of course since it is cheap I suggest you use the savings and add another scanner to your arsenal. 2 is always better than 1. We use AVG and FProt together. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?

Dan.. Can you not use a filter file for this? Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, May 14, 2004 9:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS? Scott, I

RE: [Declude.JunkMail] SPAMDOMAINS works as ENDSWITH or CONTAINS?

Dan.. May be I am not understanding the question. But I basically have a couple of combination tests that are like the following: REVDNS END ENDSWITH.hotmail.com MAILFROM3 ENDSWITH@hotmail.com HELO5 ENDSWITH.hotmail.com So with this

[Declude.JunkMail] Citibank- Phishing

Hi; I just received the following phishing attempt from CitiBank. Received: from marduk.hostmatix.com [66.194.152.44] by foroosh.com with ESMTP (SMTPD32-8.11) id AA2B91800C6; Fri, 14 May 2004 15:12:43 -0400Received: from nobody by marduk.hostmatix.com with local (Exim 4.34)id

[Declude.JunkMail] Phishing..

Follow up to last email: Hi; The following is the site: http://www.citicorp-verification.com/cgibin/citifi/scripts/home/Verify.htm Filter on: citicorp-verification the site is live and kicking.. href="">https://www.accountonline.com/Register?siteId=CB"FONT

RE: [Declude.JunkMail] ALLRECIPS CONTAINS END not ending?

There is a new interim release 1.79i7 at :) Scott... Now was that real hard :) ... Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, May 13, 2004 12:00 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail]

[Declude.JunkMail] bypasswhitelisting?

Hi; I am trying to understand how this works.. We have the following in the Global: EMERGENCYBYPASS bypasswhitelisting 40 2 0 0 in the following action in the default file. EMERGENCYBYPASSDELETE Now.. We have one person in a domain that has [EMAIL PROTECTED] in the address book.

[Declude.JunkMail] bypasswhitelisting?

-- 2nd attempt- sometimes postings do not show up. Hi; I am trying to understand how this works.. We have the following in the Global: EMERGENCYBYPASS bypasswhitelisting 40 2 0 0 in the following action in the default file. EMERGENCYBYPASSDELETE Now.. We have one person in a

[Declude.JunkMail] Universities spamming..

Hi; today we have received a ton of spam from probably infected computers in Universities.. The most notable was a lot of Viagra spam from Harvard University. Considering we receive a lot of emails from them their reverse dns WASwhitelisted- not anymore.. just thought to share the

[Declude.JunkMail] Whitelisting a test?

Scott: Is there anyway we can whitelist a test? With Declude we can have combination tests and tests that give weight based on a combination of test names.. now I wonder if we can whitelist a test name: Whitelist Testsfailed spamcop :) If we can do this it can help us with whitelisting

[Declude.JunkMail] Latest interim

and the latest interim will decode encoded subjects Scott: It would be a great help if you can indicate what is the latest interim number- for one big reason... It will reduce the load on your server since we really have no way to know other than downloading it and seeing if a new version

RE: [Declude.JunkMail] Latest interim

:) This definitely will not happen -- that's one of the more time-consuming parts of the interims. Scott... All I asked for was the inclusion of this in your emails.. ... This is added in our latest interim (1.76i6) Blah blah blah That is it.. :) I know we have 1.79i6- so I won't be

[Declude.JunkMail] IP change? Declude

Scott: Have you changed the IP address for your server? I had the REVDNS for your server whitelisted and now everything with the forum is being caught as spam. Your IP is listed.. X-RBL-Warning: FIVETEN-SPAM: 124.245.186.68.blackholes.five-ten-sg.com.X-RBL-Warning: NJABL-DYNA:

[Declude.JunkMail] Phishing attempt- CitiBank

Hi; Just received an email in our spam mailbox. Filter: pumpkinpieshow.com Here is the body: X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8014000e].X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail

[Declude.JunkMail] Whitelisting issue

Hi; I know this has been discussed in the past but I am not sure if any solution is available. If one person has [EMAIL PROTECTED] in the address book it appears that an email sent to this person and many others will be whitelisted for all. We have a situation that a person receives a

[Declude.JunkMail] Mailbox-Spam

Hi; We are sending all emails that fail a certain weight to the spam mailbox of the user. The problem we are seeing is when users use aliases and not real UserID's. WEIGHT20mMAILBOX spam this sends the email to a User:First.Last@Domain.comwith Alias: [EMAIL PROTECTED] to [EMAIL

RE: [Declude.JunkMail] Mailbox-Spam

Hi Scott: No we are not using SWITCHRECIPS ON option. we are using: X-Note: This E-mail was scanned filtered by Declude [1.79i4] for SPAM virus. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, April 15,

RE: [Declude.JunkMail] Mailbox-Spam

Hi Scott: Here is the situation. UserID: [EMAIL PROTECTED] Alias: [EMAIL PROTECTED] The mailbox action: WEIGHT20m MAILBOX spam sends the spam to: [EMAIL PROTECTED] Naturally [EMAIL PROTECTED] does not exist. [EMAIL PROTECTED] exists. So spam is bouncing and mailbox is not created.

[Declude.JunkMail] Phishing?

Hi; I just received the following in our info account. I believe it is a phishing attempt. Attached is the actual email. The source: BODYpimg src="" width="296" height="51"/ppDear user!/ppWe are informing you that today, the amount of $719.00 AUD has been drawn

RE: [Declude.JunkMail] Countries List

Use this link to get the 2 letter abbrevations for the countries you want to add to your own filter: http://www.iana.org/cctld/cctld-whois.htm . Some folks add the whole list while I've only added the ones I see as a problem. Just in case it helps... Attached is the file we use. Adjust it as

RE: [Declude.JunkMail] SPF

Lyndon: Also to add to Matt's comments a lot of problems also come up with web forms. This is one reason we have not yet implemented SPF for our server.. Have not taken the time to figure out .. Imagine someone on CNN's site using the eMail friend - to show you this I went to CNN and sent

RE: [Declude.JunkMail] spam domains question

Hi Chuck: Spamdomains has been one of those topics that appear and disappear- never with a final and definitive answer. It would be good if something like this was done like Forged Virus - with a server giving the weight.. But there are so many variations and changes that perhaps this can't be

RE: [Declude.JunkMail] 2,000,000 + emails today

Hi Darryl: Do you have a sample of the email and the header you can send? Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darryl Koster Sent: Wednesday, March 10, 2004 5:49 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] 2,000,000 + emails

RE: [Declude.JunkMail] Virus scan and Declude

It depends on your setting in the cfg file. Look at the following entry: # # The DELETEVIRUSES option, when set to ON, will delete viruses, rather than quarantine them. # It is recommended to leave this at OFF. Works with v1.30 and higher. # DELETEVIRUSES ON We have ours set to on to delete

RE: [Declude.JunkMail] Habeas Porn

Dan We actually stopped using it a while back.. We are not even tracking it or even giving it any negative weight. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, February 27, 2004 4:28 PM To: [EMAIL PROTECTED]

RE: [Declude.JunkMail] GLOBAL.BAK No Longer Shared?

Oh Oh... We are... I just wasn't aware of it.. Let me check.. Check back in a minute.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Tuesday, February 24, 2004 10:52 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail]

[Declude.JunkMail] Zombie Test

"Please return the favor and share with me any FP's that you see on this test so that I can make adjustments for the benefit of myself as well as others."Matt: Interesting test.. I added your filters to our system and just checked the log files. I simply added the test withzero weight to

RE: [Declude.JunkMail] Zombie Test

Matt: What I like about Scott's new feature (not his own but that of Declude :) ) - is it makes triggering the CPU intensive filters (like our URL in body, etc.) less likely to be used. A lot of the ones that are deleted in our system hit our word filters and URL in body filters. If this

  1   2   3   4   5   >