RE: [Declude.JunkMail] Best Practices question
I've seen that most of the spam emails, regardless of the weight, seem to fail the SPAMHEADERS, BADHEADERS, and IPNOTINMX tests. Question: do you guys HOLD email based on any of these three tests? If so, how is this done? Is this a smart approach? Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Geiser Sent: Thursday, July 17, 2003 12:02 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices question Hi, Jose, Being a 2 months-old user of JunkMail I'm trying to find out best practices for dealing with spam. Sorry in advanced if this topic has been to death, but I couldn't find any helpful threads on the archives. Anyhow, I'm using the following rules but a TON of spam still making it through: WEIGHT10 WARN WEIGHT15 HOLD WEIGHT20 HOLD First of all, I believe using... WEIGHT15HOLD WEIGHT20HOLD ...in your $default$.junkmail is redundant. Using... WEIGHT15HOLD ...alone encompasses what... WEIGHT20HOLD does as well. Of course, the spam comes through because it doesn't meet the HOLD criteria. For example, I have spam emails with a weight of 7, others with 11, etc. My question is, what WEIGHT do you guys use to HOLD email? My configuration is still sub optimal. Our primary domain, NEXUSTECHGROUP.COM, has a hold weight of 9. But we use per-domain settings so some of our domains also have a hold weight of 5, 7 and 10. The thing is, there is no one one right weight. It all depends on the type of traffic that your IMail server is seeing. To any new Declude JunkMail user, the first thing I would recommend doing is establishing the optimal hold weight for either the server, if you aren't using per-domain settings, of for the domain, if you are. Now different people will have different definitions of optimal. For me, the optimal hold weight is the weight at which most spam is caught and hardly any false positives are generated. Another person might want to set their hold weight so high that zero false positives are caught. And yet another might want to set the weight so low such that zero spam makes it through. I like to have a mixture of both. Once you have established a hold weight you can then take further steps to add points to the weight of any spams making it in under the hold weight, thereby causing that spam to get caught. And you can take steps to subtract points to the weight of any legit e-mails that are over the hold weight, thereby keeping those legit e-mails from being caught. I think a good start for anyone is to establish that hold weight and then have just the one active line... WEIGHTXX HOLD ...in your $default$.junkmail file, where XX is your hold weight and WEIGHTXX is defined in GLOBAL.CFG as... WEIGHTXX weight x x XX 0 That's how I would start if I knew then when I began what I know now. Others may differ with me. TIA, Jose Take Care, Dan This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
I've seen that most of the spam emails, regardless of the weight, seem to fail the SPAMHEADERS, BADHEADERS, and IPNOTINMX tests. Question: do you guys HOLD email based on any of these three tests? If so, how is this done? Is this a smart approach? The SPAMHEADERS test will catch quite a bit of legitimate E-mail (mostly solicited E-mail, such as orders and bulk E-mail from companies you have done business with, as opposed to individual person-to-person E-mail), mostly because of all the web mailers that were written by web developers rather than purchased or written by web programmers. The IPNOTINMX test shouldn't be used to block E-mail, as it is one of the few tests that it is OK for a legitimate mailserver to fail. This is often the case with larger domains, where there are separate mailservers for incoming vs. outgoing E-mail. The BADHEADERS test, though, now catches about 50% of all spam, and will never catch any legitimate E-mail (unless it is sent from a broken mail client that needs to be fixed, and where you might not have received the E-mail anyways). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Great, thanks for the detailed explanation. I would like to HOLD all mail that fails the BADHEADERS test, then. How do I go about doing this? Thanks again -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, July 21, 2003 12:40 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question I've seen that most of the spam emails, regardless of the weight, seem to fail the SPAMHEADERS, BADHEADERS, and IPNOTINMX tests. Question: do you guys HOLD email based on any of these three tests? If so, how is this done? Is this a smart approach? The SPAMHEADERS test will catch quite a bit of legitimate E-mail (mostly solicited E-mail, such as orders and bulk E-mail from companies you have done business with, as opposed to individual person-to-person E-mail), mostly because of all the web mailers that were written by web developers rather than purchased or written by web programmers. The IPNOTINMX test shouldn't be used to block E-mail, as it is one of the few tests that it is OK for a legitimate mailserver to fail. This is often the case with larger domains, where there are separate mailservers for incoming vs. outgoing E-mail. The BADHEADERS test, though, now catches about 50% of all spam, and will never catch any legitimate E-mail (unless it is sent from a broken mail client that needs to be fixed, and where you might not have received the E-mail anyways). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
I would like to HOLD all mail that fails the BADHEADERS test, then. How do I go about doing this? To do that, you can change the BADHEADERS WARN line in your \Imail\Declude\$default$.JunkMail file can to BADHEADERS HOLD. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Thanks. One last question, since certain email addresses are more likely to receive more spam than others, is it possible to apply different tests/actions based on the TO address? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, July 21, 2003 1:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question I would like to HOLD all mail that fails the BADHEADERS test, then. How do I go about doing this? To do that, you can change the BADHEADERS WARN line in your \Imail\Declude\$default$.JunkMail file can to BADHEADERS HOLD. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Thanks. One last question, since certain email addresses are more likely to receive more spam than others, is it possible to apply different tests/actions based on the TO address? Yes (with Declude JunkMail Pro). You can either use per-user configurations to do that, or you can set up a filter that filters on ALLRECIPS (a list of the recipients). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
A fairly large number of large companies have email systems that fail badheaders -- holding on it brought daily FP's here. We use a weight on BADHEADERS instead and then a negative weight (WHITELST filter below) on known mail servers with problems. From today's samples: Received: from l-qmqp3.marketwatchmail.com [63.240.173.125] by OURDOMAIN.COM (SMTPD32-7.15) id A181222017A; Mon, 21 Jul 2003 16:48:01 -0400 Received: (qmail 23921 invoked from network); 21 Jul 2003 20:37:35 - Received: from unknown (10.10.220.86) by l-qmqp3.marketwatchmail.com with QMQP; 21 Jul 2003 20:37:35 - Mailing-List: contact [EMAIL PROTECTED] Precedence: bulk X-No-Archive: yes List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] From: CBS MarketWatch [EMAIL PROTECTED] To: [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Delivered-To: moderator for [EMAIL PROTECTED] Received: (qmail 14389 invoked from network); 21 Jul 2003 20:28:35 - Date: Mon, 21 Jul 2003 20:26:03 (GMT) X-MSMail-Priority: Normal X-mailer: AspMail 3.53 (SMTP546388) Subject: Personal Finance Daily: July 21, 2003 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: [EMAIL PROTECTED] X-RBL-Warning: WHITELST: Message failed WHITELST test (109) X-RBL-Warning: SPAMDOMAINS: Spamdomain 'OURDOMAIN.COM' found: Address of [EMAIL PROTECTED] com sent from invalid 125.173.240.63.in-addr.arpa. X-RBL-Warning: SPAMTEXT: Message failed SPAMTEXT test (15) X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c040020e]. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c040020e]. X-RBL-Warning: BFROM: RETURN2 X-Declude-Sender: [EMAIL PROTECTED] com [63.240.173.125] X-Declude-Spoolname: D51810222017aaade.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Declude: Version 1.70i14; D51810222017aaade.SMD X-Declude: Failed WHITELST, SPAMDOMAINS, SPAMTEXT, IPNOTINMX, SPAMHEADERS, BADHEADERS, BFROM [-65] X-Note: This E-mail was sent from 125.173.240.63.in-addr.arpa ([63.240.173.125]). X-Countries: UNITED STATES-destination Return-Path: [EMAIL PROTECTED] .com X-Note: - Total spam weight of this E-mail is -65. X-Spam-Prob: 0.922557 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 300602461 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jose Gosende Sent: Monday, July 21, 2003 1:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Great, thanks for the detailed explanation. I would like to HOLD all mail that fails the BADHEADERS test, then. How do I go about doing this? Thanks again -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, July 21, 2003 12:40 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question I've seen that most of the spam emails, regardless of the weight, seem to fail the SPAMHEADERS, BADHEADERS, and IPNOTINMX tests. Question: do you guys HOLD email based on any of these three tests? If so, how is this done? Is this a smart approach? The SPAMHEADERS test will catch quite a bit of legitimate E-mail (mostly solicited E-mail, such as orders and bulk E-mail from companies you have done business with, as opposed to individual person-to-person E-mail), mostly because of all the web mailers that were written by web developers rather than purchased or written by web programmers. The IPNOTINMX test shouldn't be used to block E-mail, as it is one of the few tests that it is OK for a legitimate mailserver to fail. This is often the case with larger domains, where there are separate mailservers for incoming vs. outgoing E-mail. The BADHEADERS test, though, now catches about 50% of all spam, and will never catch any legitimate E-mail (unless it is sent from a broken mail client that needs to be fixed, and where you might not have received the E-mail anyways). --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
I would also like the script, thanks. Regards, Dan Horne -- Quote of the day: Instead of talking to your plants, if you yelled at them would they still grow, only to be troubled and insecure? - Dan Horne, CCNA Systems Administrator TAIS Web Wilcox World Travel Tours [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices question
Being a 2 months-old user of JunkMail I'm trying to find out best practices for dealing with spam. Sorry in advanced if this topic has been to death, but I couldn't find any helpful threads on the archives. Anyhow, I'm using the following rules but a TON of spam still making it through: WEIGHT10WARN WEIGHT15HOLD WEIGHT20HOLD Of course, the spam comes through because it doesn't meet the HOLD criteria. My first question would be Is there a ton of spam being caught? If you're blocking 1,000 spams to your personal account a day and 50 spams get through, that's not too bad. If you're only blocking 100 spams and 50 get through, that's a problem. If it's the later -- where a large percentage of spam is getting through -- there is probably a problem with some of the tests. Does the log file report a lot of warnings or errors? Does the first DNS server listed in the IMail SMTP settings work properly? Do you have a gateway or backup mailservers that run in front of the IMail server? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, July 17, 2003 10:01 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices question Being a 2 months-old user of JunkMail I'm trying to find out best practices for dealing with spam. Sorry in advanced if this topic has been to death, but I couldn't find any helpful threads on the archives. Anyhow, I'm using the following rules but a TON of spam still making it through: WEIGHT10WARN WEIGHT15HOLD WEIGHT20HOLD Of course, the spam comes through because it doesn't meet the HOLD criteria. My first question would be Is there a ton of spam being caught? If you're blocking 1,000 spams to your personal account a day and 50 spams get through, that's not too bad. If you're only blocking 100 spams and 50 get through, that's a problem. If it's the later -- where a large percentage of spam is getting through -- there is probably a problem with some of the tests. Does the log file report a lot of warnings or errors? Does the first DNS server listed in the IMail SMTP settings work properly? Do you have a gateway or backup mailservers that run in front of the IMail server? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
In my view, the best thing to do is examine spam that got through. When you find a pattern in several messages, use that info to tweak Declude. I've been tweaking ours for months, to the point that each day I find less than 30 messages in our hold box. First I look through those for any legitimate mail that got caught (rare). Then I delete any spam that only shows up once; no time to mess with it. Of the remaining items that are multiple messages from the same spammer, I look at the header and body to find out what I should be filtering on. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, July 17, 2003 9:01 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Practices question Being a 2 months-old user of JunkMail I'm trying to find out best practices for dealing with spam. Sorry in advanced if this topic has been to death, but I couldn't find any helpful threads on the archives. Anyhow, I'm using the following rules but a TON of spam still making it through: WEIGHT10WARN WEIGHT15HOLD WEIGHT20HOLD Of course, the spam comes through because it doesn't meet the HOLD criteria. My first question would be Is there a ton of spam being caught? If you're blocking 1,000 spams to your personal account a day and 50 spams get through, that's not too bad. If you're only blocking 100 spams and 50 get through, that's a problem. If it's the later -- where a large percentage of spam is getting through -- there is probably a problem with some of the tests. Does the log file report a lot of warnings or errors? Does the first DNS server listed in the IMail SMTP settings work properly? Do you have a gateway or backup mailservers that run in front of the IMail server? -Scott --- --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW.. yuck. FIND will work, but I'd have to wash my hands afterwards. My computer is supposed to do my work FOR me, on a daily basis, and mail me my checks at home ! ( I wish ! )... Just write up a quick PERL/WSH/Shell script to parse the info, then schedule it with AT to run whenever you want. I wrote mine up a few weeks ago. If people want I'll post it. It's in PERL, so you'll need active PERL installed, and you might need to tweak it for your local settings. It's not as clean as Scott or another professional programmer might make it, but it's quick, dirty, and gets the job done. Here's a sample of what mine does ( on a pretty slow day for SPAM ): Total number of messages 665 Total Passed, including whitelisted, 523,percentage : 78.6 Total HELD 21, percentage : 3.2 Total BOUNCED 121,percentage : 18.2 Total of Whitelisted 218 Total of SPAMCOP 25 Total of NOABUSE 66 Total of NOPOSTMASTER58 Total of BADHEADERS 38 Total of BASE64 1 Total of HELOBOGUS 99 Total of MAILFROM1 Total of PERCENT 0 Total of REVDNS2 34 Total of ROUTING 13 Total of SPAMHEADERS 40 Total of FILTERWORDS 248 Total of BLACKLIST 34 Total of REVDNSPROBLEM 77 Total of IPBlacklist 31 Karl Drugge, Systems Network Engineer -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Karl -- I would be very interested in using your PERL script. Can you send it to me? Thanks, Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of IS - Systems Eng. (Karl Drugge) Sent: Thursday, July 17, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW.. yuck. FIND will work, but I'd have to wash my hands afterwards. My computer is supposed to do my work FOR me, on a daily basis, and mail me my checks at home ! ( I wish ! )... Just write up a quick PERL/WSH/Shell script to parse the info, then schedule it with AT to run whenever you want. I wrote mine up a few weeks ago. If people want I'll post it. It's in PERL, so you'll need active PERL installed, and you might need to tweak it for your local settings. It's not as clean as Scott or another professional programmer might make it, but it's quick, dirty, and gets the job done. Here's a sample of what mine does ( on a pretty slow day for SPAM ): Total number of messages 665 Total Passed, including whitelisted, 523,percentage : 78.6 Total HELD 21, percentage : 3.2 Total BOUNCED 121,percentage : 18.2 Total of Whitelisted 218 Total of SPAMCOP 25 Total of NOABUSE 66 Total of NOPOSTMASTER58 Total of BADHEADERS 38 Total of BASE64 1 Total of HELOBOGUS 99 Total of MAILFROM1 Total of PERCENT 0 Total of REVDNS2 34 Total of ROUTING 13 Total of SPAMHEADERS 40 Total of FILTERWORDS 248 Total of BLACKLIST 34 Total of REVDNSPROBLEM 77 Total of IPBlacklist 31 Karl Drugge, Systems Network Engineer -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Looks like a script we would like to use Karl, thanks for the offer to share. Thank You, JR Tatum, President Performance Dimensions, Inc. (336) 774-1849 mailto:[EMAIL PROTECTED] http://www.triadnetwork.com * This message and any included attachments are from PERFORMANCE DIMENSIONS, INC. and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail. * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS - Systems Eng. (Karl Drugge) Sent: Thursday, July 17, 2003 10:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW.. yuck. FIND will work, but I'd have to wash my hands afterwards. My computer is supposed to do my work FOR me, on a daily basis, and mail me my checks at home ! ( I wish ! )... Just write up a quick PERL/WSH/Shell script to parse the info, then schedule it with AT to run whenever you want. I wrote mine up a few weeks ago. If people want I'll post it. It's in PERL, so you'll need active PERL installed, and you might need to tweak it for your local settings. It's not as clean as Scott or another professional programmer might make it, but it's quick, dirty, and gets the job done. Here's a sample of what mine does ( on a pretty slow day for SPAM ): Total number of messages 665 Total Passed, including whitelisted, 523,percentage : 78.6 Total HELD 21, percentage : 3.2 Total BOUNCED 121,percentage : 18.2 Total of Whitelisted 218 Total of SPAMCOP 25 Total of NOABUSE 66 Total of NOPOSTMASTER58 Total of BADHEADERS 38 Total of BASE64 1 Total of HELOBOGUS 99 Total of MAILFROM1 Total of PERCENT 0 Total of REVDNS2 34 Total of ROUTING 13 Total of SPAMHEADERS 40 Total of FILTERWORDS 248 Total of BLACKLIST 34 Total of REVDNSPROBLEM 77 Total of IPBlacklist 31 Karl Drugge, Systems Network Engineer -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Karl, Please do so, I would be interested in it! Aaron Caviglia -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS - Systems Eng. (Karl Drugge) Sent: Thursday, July 17, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW.. yuck. FIND will work, but I'd have to wash my hands afterwards. My computer is supposed to do my work FOR me, on a daily basis, and mail me my checks at home ! ( I wish ! )... Just write up a quick PERL/WSH/Shell script to parse the info, then schedule it with AT to run whenever you want. I wrote mine up a few weeks ago. If people want I'll post it. It's in PERL, so you'll need active PERL installed, and you might need to tweak it for your local settings. It's not as clean as Scott or another professional programmer might make it, but it's quick, dirty, and gets the job done. Here's a sample of what mine does ( on a pretty slow day for SPAM ): Total number of messages 665 Total Passed, including whitelisted, 523,percentage : 78.6 Total HELD 21, percentage : 3.2 Total BOUNCED 121,percentage : 18.2 Total of Whitelisted 218 Total of SPAMCOP 25 Total of NOABUSE 66 Total of NOPOSTMASTER58 Total of BADHEADERS 38 Total of BASE64 1 Total of HELOBOGUS 99 Total of MAILFROM1 Total of PERCENT 0 Total of REVDNS2 34 Total of ROUTING 13 Total of SPAMHEADERS 40 Total of FILTERWORDS 248 Total of BLACKLIST 34 Total of REVDNSPROBLEM 77 Total of IPBlacklist 31 Karl Drugge, Systems Network Engineer -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Best Practices question
Hi, Jose, Being a 2 months-old user of JunkMail I'm trying to find out best practices for dealing with spam. Sorry in advanced if this topic has been to death, but I couldn't find any helpful threads on the archives. Anyhow, I'm using the following rules but a TON of spam still making it through: WEIGHT10 WARN WEIGHT15 HOLD WEIGHT20 HOLD First of all, I believe using... WEIGHT15HOLD WEIGHT20HOLD ...in your $default$.junkmail is redundant. Using... WEIGHT15HOLD ...alone encompasses what... WEIGHT20HOLD does as well. Of course, the spam comes through because it doesn't meet the HOLD criteria. For example, I have spam emails with a weight of 7, others with 11, etc. My question is, what WEIGHT do you guys use to HOLD email? My configuration is still sub optimal. Our primary domain, NEXUSTECHGROUP.COM, has a hold weight of 9. But we use per-domain settings so some of our domains also have a hold weight of 5, 7 and 10. The thing is, there is no one one right weight. It all depends on the type of traffic that your IMail server is seeing. To any new Declude JunkMail user, the first thing I would recommend doing is establishing the optimal hold weight for either the server, if you aren't using per-domain settings, of for the domain, if you are. Now different people will have different definitions of optimal. For me, the optimal hold weight is the weight at which most spam is caught and hardly any false positives are generated. Another person might want to set their hold weight so high that zero false positives are caught. And yet another might want to set the weight so low such that zero spam makes it through. I like to have a mixture of both. Once you have established a hold weight you can then take further steps to add points to the weight of any spams making it in under the hold weight, thereby causing that spam to get caught. And you can take steps to subtract points to the weight of any legit e-mails that are over the hold weight, thereby keeping those legit e-mails from being caught. I think a good start for anyone is to establish that hold weight and then have just the one active line... WEIGHTXX HOLD ...in your $default$.junkmail file, where XX is your hold weight and WEIGHTXX is defined in GLOBAL.CFG as... WEIGHTXX weight x x XX 0 That's how I would start if I knew then when I began what I know now. Others may differ with me. TIA, Jose Take Care, Dan This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Me too! Cris Porter -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of VanTech.Net Sent: Thursday, July 17, 2003 9:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Karl, Please do so, I would be interested in it! Aaron Caviglia -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS - Systems Eng. (Karl Drugge) Sent: Thursday, July 17, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW.. yuck. FIND will work, but I'd have to wash my hands afterwards. My computer is supposed to do my work FOR me, on a daily basis, and mail me my checks at home ! ( I wish ! )... Just write up a quick PERL/WSH/Shell script to parse the info, then schedule it with AT to run whenever you want. I wrote mine up a few weeks ago. If people want I'll post it. It's in PERL, so you'll need active PERL installed, and you might need to tweak it for your local settings. It's not as clean as Scott or another professional programmer might make it, but it's quick, dirty, and gets the job done. Here's a sample of what mine does ( on a pretty slow day for SPAM ): Total number of messages 665 Total Passed, including whitelisted, 523,percentage : 78.6 Total HELD 21, percentage : 3.2 Total BOUNCED 121,percentage : 18.2 Total of Whitelisted 218 Total of SPAMCOP 25 Total of NOABUSE 66 Total of NOPOSTMASTER58 Total of BADHEADERS 38 Total of BASE64 1 Total of HELOBOGUS 99 Total of MAILFROM1 Total of PERCENT 0 Total of REVDNS2 34 Total of ROUTING 13 Total of SPAMHEADERS 40 Total of FILTERWORDS 248 Total of BLACKLIST 34 Total of REVDNSPROBLEM 77 Total of IPBlacklist 31 Karl Drugge, Systems Network Engineer -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Practices question
Nicely darn, Karl. Please do post your perl script to the list. If you'd rather send it directly to interested parties, please include me in that list. I'm just starting in on perl and VB Script, because (sigh) I have indeed been using find.exe as a crutch. For example, I call this script all too often to split out my from lines in the log to check out issues or track a message without looking at every line. I have a very similar one for subject lines: @echo off if exist from.txt del from.txt nul echo Filtering by from... for %%a in (dec*.log) do find /i From: %%a From.txt echo FROM count= find /i /c From: From.txt Counting the result is a nicety. I usually do this on a subset of my logs after copying them to my workstation. Andrew 8) -Original Message- From: IS - Systems Eng. (Karl Drugge) [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW.. yuck. FIND will work, but I'd have to wash my hands afterwards. My computer is supposed to do my work FOR me, on a daily basis, and mail me my checks at home ! ( I wish ! )... Just write up a quick PERL/WSH/Shell script to parse the info, then schedule it with AT to run whenever you want. I wrote mine up a few weeks ago. If people want I'll post it. It's in PERL, so you'll need active PERL installed, and you might need to tweak it for your local settings. It's not as clean as Scott or another professional programmer might make it, but it's quick, dirty, and gets the job done. Here's a sample of what mine does ( on a pretty slow day for SPAM ): Total number of messages 665 Total Passed, including whitelisted, 523,percentage : 78.6 Total HELD 21, percentage : 3.2 Total BOUNCED 121,percentage : 18.2 Total of Whitelisted 218 Total of SPAMCOP 25 Total of NOABUSE 66 Total of NOPOSTMASTER58 Total of BADHEADERS 38 Total of BASE64 1 Total of HELOBOGUS 99 Total of MAILFROM1 Total of PERCENT 0 Total of REVDNS2 34 Total of ROUTING 13 Total of SPAMHEADERS 40 Total of FILTERWORDS 248 Total of BLACKLIST 34 Total of REVDNSPROBLEM 77 Total of IPBlacklist 31 Karl Drugge, Systems Network Engineer -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best Practices question How can I determine the amount of caught/received emails with JunkMail? It would take me an eternity to go through each log file. There are several ways that you can do this. For example, you can do a directory of the \IMail\spool\spam directory, where the held E-mails are. To find out how many are to you, you can use find with the /C switch. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.