[Declude.JunkMail] Question on SNF within Declude
Hi David I just upgraded from 4.10.72 to 4.10.78 and noticed a build-up of files in the /IMail/Declude/SNF directory with names p59us2lf.20110801.log.xml Before after the upgrade, my diag.txt file shows that SNF is OFF (see below). Have I done something wrong to cause these files to be built? Is there an automated delete procedure for these files? Thanks very much Ferrell Ard Network Admin Badpuppy Enterprises, Inc. 321-6331-9500 === Declude 4.10.78 Diagnostics Compilation Platform: IMail Copyright (c) 2000-2011 Declude, Inc. Host Name mail.beicorporate.net Declude Key I8DA6838F-E6E2-4E5C-A9AA-575E25F81F5B Daisy Chain smtp32.exe DNS Server 173.227.130.100 Product Details JunkMail ON EVAON Hijack OFF SNFOFF AVGON CommTouch ON --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on SNF within Declude
On 8/5/2011 11:13 AM, Ferrell Ard wrote: Hi David  I just upgraded from 4.10.72 to 4.10.78 and noticed a build-up of files in the /IMail/Declude/SNF directory with names p59us2lf.20110801.log.xml  Before after the upgrade, my diag.txt file shows that SNF is OFF (see below).  Have I done something wrong to cause these files to be built? Is there an automated delete procedure for these files? Hi Ferrel, I'm pretty sure these are not created by the OEM SNF in declude. They appear to be created by your external SNF installation since the log file name includes your SNF license ID. You can disable logging if you wish. You can also redirect it to a different directory. http://www.armresearch.com/support/articles/software/snfServer/logFiles/ http://www.armresearch.com/support/articles/software/snfServer/config/node/logs/scan/xml.jsp Hope this helps, _M -- Pete McNeil, President MicroNeil Research Corporation www.microneil.com 703.779.4909 x7010 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about Declude
We are seeing some viruses that are getting thru IMail/Declude and wonder if anyone might have suggestions for a way for Declude to catch/delete them. Trojan Horse Backdoor.Paproxy Trojan.Wsnpoem Backdoor.Trojan Downloader.Diliv Thanks very much Ferrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about Declude
Which virus scanner/s are you running ? David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -declude -dnsstuff From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferrell Ard Sent: Tuesday, August 19, 2008 2:06 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question about Declude We are seeing some viruses that are getting thru IMail/Declude and wonder if anyone might have suggestions for a way for Declude to catch/delete them. Trojan Horse Backdoor.Paproxy Trojan.Wsnpoem Backdoor.Trojan Downloader.Diliv Thanks very much Ferrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.image001.pngimage002.png
RE: [Declude.JunkMail] Question about Declude
Are you running the Declude AVG or other virus scanner and you are getting leakage? Or do you not have any anti-virus running? John From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferrell Ard Sent: Tuesday, August 19, 2008 11:06 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question about Declude We are seeing some viruses that are getting thru IMail/Declude and wonder if anyone might have suggestions for a way for Declude to catch/delete them. Trojan Horse Backdoor.Paproxy Trojan.Wsnpoem Backdoor.Trojan Downloader.Diliv Thanks very much Ferrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about Declude
We have Declude AVG (sure hope I have it configured correctly). We also have Symantec Corp Edit AntiVirus. This protects the rest of the Server. We also have it scan the IMail directory to identify ONLY - does NOT quarantine. This is where we are seeing the viruses in the users .mbx files. Ferrell - Original Message - From: John Doyle To: declude.junkmail@declude.com Sent: Tuesday, August 19, 2008 4:05 PM Subject: RE: [Declude.JunkMail] Question about Declude Are you running the Declude AVG or other virus scanner and you are getting leakage? Or do you not have any anti-virus running? John -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferrell Ard Sent: Tuesday, August 19, 2008 11:06 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question about Declude We are seeing some viruses that are getting thru IMail/Declude and wonder if anyone might have suggestions for a way for Declude to catch/delete them. Trojan Horse Backdoor.Paproxy Trojan.Wsnpoem Backdoor.Trojan Downloader.Diliv Thanks very much Ferrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about Declude
Looking at your account it seems you are out of date on you signatures for AVG. Check you your \declude\scanners\avg\db directory one of the files should have today or yesterdays date. Most likely a firewall issue which could be blocking the updates. Please email [EMAIL PROTECTED] David B From: Ferrell Ard [EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 8:44 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Question about Declude We have Declude AVG (sure hope I have it configured correctly). We also have Symantec Corp Edit AntiVirus. This protects the rest of the Server. We also have it scan the IMail directory to identify ONLY - does NOT quarantine. This is where we are seeing the viruses in the users .mbx files. Ferrell - Original Message - From: John Doyle To: declude.junkmail@declude.com Sent: Tuesday, August 19, 2008 4:05 PM Subject: RE: [Declude.JunkMail] Question about Declude Are you running the Declude AVG or other virus scanner and you are getting leakage? Or do you not have any anti-virus running? John From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ferrell Ard Sent: Tuesday, August 19, 2008 11:06 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question about Declude We are seeing some viruses that are getting thru IMail/Declude and wonder if anyone might have suggestions for a way for Declude to catch/delete them. Trojan Horse Backdoor.PaproxyTrojan.Wsnpoem Backdoor.Trojan Downloader.Diliv Thanks very much Ferrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on mailbox action...
I am not trying to re route the messages. What I want to do is place the email in a spam folder for each user if the message exceeds a certain weight. The mailbox action in declude would seem to do this. I just want to know if the folder will be created automatically using the mailbox action if it does not already exist. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Tuesday, April 29, 2008 4:32 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Question on mailbox action... It the mail box is [EMAIL PROTECTED] And you say ROUTETO [EMAIL PROTECTED] THEN THE FOLDER SPAM GETS CREATED AUTOMATICLY Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, April 29, 2008 5:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question on mailbox action... If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on mailbox action...
It would work the same. You know, just try it Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Wednesday, April 30, 2008 10:47 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Question on mailbox action... I am not trying to re route the messages. What I want to do is place the email in a spam folder for each user if the message exceeds a certain weight. The mailbox action in declude would seem to do this. I just want to know if the folder will be created automatically using the mailbox action if it does not already exist. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Tuesday, April 29, 2008 4:32 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Question on mailbox action... It the mail box is [EMAIL PROTECTED] And you say ROUTETO [EMAIL PROTECTED] THEN THE FOLDER SPAM GETS CREATED AUTOMATICLY Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, April 29, 2008 5:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question on mailbox action... If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on mailbox action...
The answer to your question is yes, the mailbox is created automatically. We use it all the time. Ben - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, April 30, 2008 7:47 AM Subject: RE: [Declude.JunkMail] Question on mailbox action... I am not trying to re route the messages. What I want to do is place the email in a spam folder for each user if the message exceeds a certain weight. The mailbox action in declude would seem to do this. I just want to know if the folder will be created automatically using the mailbox action if it does not already exist. Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Tuesday, April 29, 2008 4:32 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Question on mailbox action... It the mail box is [EMAIL PROTECTED] And you say ROUTETO [EMAIL PROTECTED] THEN THE FOLDER SPAM GETS CREATED AUTOMATICLY Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, April 29, 2008 5:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question on mailbox action... If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on mailbox action...
Chuck I recall for that for Declude to move the message to a spam folder for the user based on weight, You need to use the declude MAILBOX action. So something like WEIGHT20 MAILBOX Spam, as you have below. (this may only work for Imail?) However, I think you need to, for each domain, check the box Create in the Sub mail Box section under Domain Properties. If not done, it will get dropped into the main folder regardless of what Declude does. This is not the same action as ROUTETO. John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, April 29, 2008 2:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question on mailbox action... If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question on mailbox action...
If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on mailbox action...
It the mail box is [EMAIL PROTECTED] And you say ROUTETO [EMAIL PROTECTED] THEN THE FOLDER SPAM GETS CREATED AUTOMATICLY Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, April 29, 2008 5:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Question on mailbox action... If I institute a mailbox action like WEIGHT10 MAILBOX spam Will Imail automatically create the folder spam for the user if it does not already exist? Thanks Chuck Schick Warp 8, Inc. (303)-421-5140 www.warp8.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question on Smartermail Domain forwarding/Declude issue
Hi All; We have a couple customers that we used to host mail for that now have their own Exchange servers. However, we still filter their mail using the Smartermail 4.3 Domain Forwarding feature. We normally mark mail with 15 spam points and delete at 40. They have asked us to no longer delete any messages. Does anyone know, can we do an individual config for them by making a sub folder with the domain name as is normally done. From what I can see, this does not work. Anyone know for sure? Running Declude as below Declude 4.3.62 Diagnostics Compilation Platform: SmarterMail Copyright (c) 2000-2005 Declude, Inc. Host NameX Daisy Chain DNS Server X Product Details JunkMail Pro EVAPro Hijack Pro -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about filtering
I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary==_469e734c3adb39df03c2f293185d8c73 Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about filtering
I believe it starts immediately following the first double CFLF. I'm not sure if the STARTSWITH filter for BODY is tweaked in any way, but if it is it only ignores CRLF's and not other characters. Matt Kevin Bilbee wrote: I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary==_469e734c3adb39df03c2f293185d8c73 Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about filtering
So with this - Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table I would need to do the following if I was looking for table at the beginning of a message BODY 15 CONTAINS Content-Transfer-Encoding: quoted-printableTable This assumes the CRLF codes are striped instead of replaced. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Monday, December 12, 2005 1:37 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Question about filtering I believe it starts immediately following the first double CFLF. I'm not sure if the STARTSWITH filter for BODY is tweaked in any way, but if it is it only ignores CRLF's and not other characters. Matt Kevin Bilbee wrote: I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary==_469e734c3adb39df03c2f293185d8c73 Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about filtering
I thought it replaced CRLF's with a space. - Original Message - From: Matt [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, December 12, 2005 3:36 PM Subject: Re: [Declude.JunkMail] Question about filtering I believe it starts immediately following the first double CFLF. I'm not sure if the STARTSWITH filter for BODY is tweaked in any way, but if it is it only ignores CRLF's and not other characters. Matt Kevin Bilbee wrote: I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary==_469e734c3adb39df03c2f293185d8c73 Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about filtering
Can declude jup in here and settle this. Does filtering remove CRLFs or does it replace them with spaces??? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Fisher Sent: Monday, December 12, 2005 3:07 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Question about filtering I thought it replaced CRLF's with a space. - Original Message - From: Matt [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, December 12, 2005 3:36 PM Subject: Re: [Declude.JunkMail] Question about filtering I believe it starts immediately following the first double CFLF. I'm not sure if the STARTSWITH filter for BODY is tweaked in any way, but if it is it only ignores CRLF's and not other characters. Matt Kevin Bilbee wrote: I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary==_469e734c3adb39df03c2f293185d8c73 Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about filtering
Let's clarify a couple of things that might have been confused here. The original question was asking where the BODY begins. That is what my response was addressing. When it comes to filtering line breaks, that is a totally different story and it is not the question that I answered. Within the BODY, CRLF's are in fact replaced with spaces. So considering both, in the example that you gave, you would need to construct a filter that had the following (ignore line breaks if inserted by your E-mail client and pay attention to spaces): BODY 15 STARTSWITH --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Table Since almost every E-mail has a different boundary (that first string of characters), you can't use Declude's built-in filtering to check if a multipart message starts with a TABLE tag. If you are looking at single part messages, ones that have no MIME boundaries and has only one body segment, you can in fact construct a filter that checks to see if the body starts with a TABLE tag. I doubt that is of any use considering the thread. Inside joke follows: A Would recommend to anyone!!! Matt Kevin Bilbee wrote: So with this - Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table I would need to do the following if I was looking for table at the beginning of a message BODY 15 CONTAINS Content-Transfer-Encoding: quoted-printableTable This assumes the CRLF codes are striped instead of replaced. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Monday, December 12, 2005 1:37 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Question about filtering I believe it starts immediately following the first double CFLF. I'm not sure if the STARTSWITH filter for BODY is tweaked in any way, but if it is it only ignores CRLF's and not other characters. Matt Kevin Bilbee wrote: I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="=_469e734c3adb39df03c2f293185d8c73" Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about filtering
Ok that make good sence so do you think this will work BODY 15CONTAINS Content-Transfer-Encoding: quoted-printable Table Which is what I asked in the message you replied to? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of MattSent: Monday, December 12, 2005 4:43 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Question about filteringLet's clarify a couple of things that might have been confused here.The original question was asking where the BODY begins. That is what my response was addressing.When it comes to filtering line breaks, that is a totally different story and it is not the question that I answered. Within the BODY, CRLF's are in fact replaced with spaces.So considering both, in the example that you gave, you would need to construct a filter that had the following (ignore line breaks if inserted by your E-mail client and pay attention to spaces): BODY 15 STARTSWITH --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable TableSince almost every E-mail has a different boundary (that first string of characters), you can't use Declude's built-in filtering to check if a multipart message starts with a TABLE tag. If you are looking at single part messages, ones that have no MIME boundaries and has only one body segment, you can in fact construct a filter that checks to see if the body starts with a TABLE tag. I doubt that is of any use considering the thread.Inside joke follows: A Would recommend to anyone!!!MattKevin Bilbee wrote: So with this - Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table I would need to do the following if I was looking for table at the beginning of a message BODY 15 CONTAINS Content-Transfer-Encoding: quoted-printableTable This assumes the CRLF codes are striped instead of replaced. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Monday, December 12, 2005 1:37 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Question about filtering I believe it starts immediately following the first double CFLF. I'm not sure if the STARTSWITH filter for BODY is tweaked in any way, but if it is it only ignores CRLF's and not other characters. Matt Kevin Bilbee wrote: I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="=_469e734c3adb39df03c2f293185d8c73" Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing li
Re: [Declude.JunkMail] Question about filtering
Kevin, Yes, that filter should work. Matt Kevin Bilbee wrote: Ok that make good sence so do you think this will work BODY 15CONTAINS Content-Transfer-Encoding: quoted-printable Table Which is what I asked in the message you replied to? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Monday, December 12, 2005 4:43 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Question about filtering Let's clarify a couple of things that might have been confused here. The original question was asking where the BODY begins. That is what my response was addressing. When it comes to filtering line breaks, that is a totally different story and it is not the question that I answered. Within the BODY, CRLF's are in fact replaced with spaces. So considering both, in the example that you gave, you would need to construct a filter that had the following (ignore line breaks if inserted by your E-mail client and pay attention to spaces): BODY 15 STARTSWITH --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Table Since almost every E-mail has a different boundary (that first string of characters), you can't use Declude's built-in filtering to check if a multipart message starts with a TABLE tag. If you are looking at single part messages, ones that have no MIME boundaries and has only one body segment, you can in fact construct a filter that checks to see if the body starts with a TABLE tag. I doubt that is of any use considering the thread. Inside joke follows: A Would recommend to anyone!!! Matt Kevin Bilbee wrote: So with this - Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table I would need to do the following if I was looking for table at the beginning of a message BODY 15 CONTAINS Content-Transfer-Encoding: quoted-printableTable This assumes the CRLF codes are striped instead of replaced. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Monday, December 12, 2005 1:37 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Question about filtering I believe it starts immediately following the first double CFLF. I'm not sure if the STARTSWITH filter for BODY is tweaked in any way, but if it is it only ignores CRLF's and not other characters. Matt Kevin Bilbee wrote: I have a problem I have been trying to solve. When a contains filter comairs abainst the body of the email where does that body begin? Does it begin at the mime segment or does it begin at actual content? For example If I have something like this Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD-8.22) id AC660568; Mon, 12 Dec 2005 12:24:06 -0800 Received: from I295e.i.pppool.de ([85.73.41.94]) by ns1.ssc-isp.net (SMSSMTP 4.1.9.35) with SMTP id M2005121212184516674 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 12:18:46 -0800 Received: from [192.168.207.41] (port=4196 helo=parents) by I295e.i.pppool.de with esmtp id 7511378754121 for [EMAIL PROTECTED]; Mon, 12 Dec 2005 21:18:39 +0100 MIME-Version: 1.0 Content-Type: multipart/related; boundary="=_469e734c3adb39df03c2f293185d8c73" Message-Id: [EMAIL PROTECTED] Date: Mon, 12 Dec 2005 21:18:36 +0100 To: [EMAIL PROTECTED] From: Jayme Dominguez [EMAIL PROTECTED] Subject: News Alert --=_469e734c3adb39df03c2f293185d8c73 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable TabletrtdThis is a spam/td/tr/table Does the body scanning start at --= or does it start at Table Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archiv
[Declude.JunkMail] Question about load balancers and source IP
We have 3 declude gateway servers that sit in front of our Exchange system. We want to move the three round-robin DNS servers to a VIP on our Foundry Load Balancers. The load balancers can be setup in a source NAT configuration (which is easier) or DSR (Direct Server Return). In source NAT the VIP on the Foundy Load Balancer is the source address that Declude sees. In DSR the physical SMTP server is the source IP address. DSR is difficult to configure. So, here's my question. Does Declude/IMAIL care about the IP address that's making the connection? In other words, does it use that IP address for its tests? If so, will HOP=1 fix this? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about load balancers and source IP
Use SKIPIP John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Mark E. Smith Sent: Saturday, June 25, 2005 3:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Question about load balancers and source IP We have 3 declude gateway servers that sit in front of our Exchange system. We want to move the three round-robin DNS servers to a VIP on our Foundry Load Balancers. The load balancers can be setup in a source NAT configuration (which is easier) or DSR (Direct Server Return). In source NAT the VIP on the Foundy Load Balancer is the source address that Declude sees. In DSR the physical SMTP server is the source IP address. DSR is difficult to configure. So, here's my question. Does Declude/IMAIL care about the IP address that's making the connection? In other words, does it use that IP address for its tests? If so, will HOP=1 fix this? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about load balancers and source IP
SKIPIP = new setting in Declude? Sorry... Been off the list for a while. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, June 25, 2005 6:52 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Question about load balancers and source IP Use SKIPIP John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Mark E. Smith Sent: Saturday, June 25, 2005 3:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Question about load balancers and source IP We have 3 declude gateway servers that sit in front of our Exchange system. We want to move the three round-robin DNS servers to a VIP on our Foundry Load Balancers. The load balancers can be setup in a source NAT configuration (which is easier) or DSR (Direct Server Return). In source NAT the VIP on the Foundy Load Balancer is the source address that Declude sees. In DSR the physical SMTP server is the source IP address. DSR is difficult to configure. So, here's my question. Does Declude/IMAIL care about the IP address that's making the connection? In other words, does it use that IP address for its tests? If so, will HOP=1 fix this? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about load balancers and source IP
OOPS! IPBYPASS John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Mark E. Smith Sent: Saturday, June 25, 2005 4:45 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Question about load balancers and source IP SKIPIP = new setting in Declude? Sorry... Been off the list for a while. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, June 25, 2005 6:52 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Question about load balancers and source IP Use SKIPIP John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Mark E. Smith Sent: Saturday, June 25, 2005 3:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Question about load balancers and source IP We have 3 declude gateway servers that sit in front of our Exchange system. We want to move the three round-robin DNS servers to a VIP on our Foundry Load Balancers. The load balancers can be setup in a source NAT configuration (which is easier) or DSR (Direct Server Return). In source NAT the VIP on the Foundy Load Balancer is the source address that Declude sees. In DSR the physical SMTP server is the source IP address. DSR is difficult to configure. So, here's my question. Does Declude/IMAIL care about the IP address that's making the connection? In other words, does it use that IP address for its tests? If so, will HOP=1 fix this? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about load balancers and source IP
Does Declude/IMAIL care about the IP address that's making the connection? In other words, does it use that IP address for its tests? If so, will HOP=1 fix this? I have never used a Foundry Load Balancer so my response may be way off. I am assuming it is not functioning as a MTA, but is simply rewriting the source IP portion of packets. If the source IP of incoming packets destined to your declude gateways is replaced with that of your load balancer, it does not constitute an additional hop as far as declude is concerned. The message header will likely report the connecting IP address (in this case, being that of your load balancer if doing source NAT) but also with the sending MTA's HELO. The IP tests including RBL lookups and SPF checks are based on the last reported sending MTA's IP address. Also, other DNS tests such as REVDNS won't mean much of anything anymore since declude will only be checking for a PTR for the IP of your load balancer. Non-IP based tests should work fine I would think. As much of a pain as it might be, I would stick with DSR if you don't want to lose declude's IP-based tests. Landon --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about load balancers and source IP
I have never used a Foundry Load Balancer so my response may be way off. I am assuming it is not functioning as a MTA, but is simply rewriting the source IP portion of packets. Correct but it only does this at the IP level, not at the SMTP protocol level. In other words, Windows IP gets the TCP connection from the load balancer's IP but the SMTP protocol (Payload of the TCP communication) shows the sending SMTP server in any of the communication. So it sounds like I need to configure DSR. Thx If the source IP of incoming packets destined to your declude gateways is replaced with that of your load balancer, it does not constitute an additional hop as far as declude is concerned. The message header will likely report the connecting IP address (in this case, being that of your load balancer if doing source NAT) but also with the sending MTA's HELO. The IP tests including RBL lookups and SPF checks are based on the last reported sending MTA's IP address. Also, other DNS tests such as REVDNS won't mean much of anything anymore since declude will only be checking for a PTR for the IP of your load balancer. Non-IP based tests should work fine I would think. As much of a pain as it might be, I would stick with DSR if you don't want to lose declude's IP-based tests. Landon --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] question on calculating weights
Hi All, Hope you don't mind another simple question... I have a spam message with a weight of 2: X-Spam-Tests-Failed: SNIFFER [2] The problem with this line was that we have sniffer weighted at 7. So I went to the Declude JM log and came up with this: 03/01/2005 13:17:46 Qdbca042102961063 Tests failed [weight=2]: IPNOTINMX=IGNORE SNIFFER=WARN CATCHALLMAILS=IGNORE The problem here is that IPNOTINMX has a weight of -3 and CATCHALLMAILS has a weight of 0. So that would seem to imply that the total weight should have been 4 (7 - 3), instead of 2. Where did the extra -2 come from? Here are the relevant lines from the global.cfg file: IPNOTINMX ipnotinmx x x 0 -3 SNIFFER external nonzero d:\imail\sniffer\snfrv2r3.exe xnk05x5vmipeaof7 7 0 CATCHALLMAILS catchallmails x x 0 0 So somebody slap me on the side of my head and tell me what I'm missing. Thanks, Ben --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] question on calculating weights
Could it be the NOLEGITCONTENT test? - Original Message - From: Imail Admin [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, March 01, 2005 3:33 PM Subject: [Declude.JunkMail] question on calculating weights Hi All, Hope you don't mind another simple question... I have a spam message with a weight of 2: X-Spam-Tests-Failed: SNIFFER [2] The problem with this line was that we have sniffer weighted at 7. So I went to the Declude JM log and came up with this: 03/01/2005 13:17:46 Qdbca042102961063 Tests failed [weight=2]: IPNOTINMX=IGNORE SNIFFER=WARN CATCHALLMAILS=IGNORE The problem here is that IPNOTINMX has a weight of -3 and CATCHALLMAILS has a weight of 0. So that would seem to imply that the total weight should have been 4 (7 - 3), instead of 2. Where did the extra -2 come from? Here are the relevant lines from the global.cfg file: IPNOTINMX ipnotinmx x x 0 -3 SNIFFER external nonzero d:\imail\sniffer\snfrv2r3.exe xnk05x5vmipeaof7 7 0 CATCHALLMAILS catchallmails x x 0 0 So somebody slap me on the side of my head and tell me what I'm missing. Thanks, Ben --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Question on SortMonster/MessageSniffer - using Alias for update command?
On Tuesday, December 14, 2004, 6:23:58 PM, Chris wrote: CU Thanks all for the info. Went ahead, bought it, seems to be working well CU and is helping to catch a lot of what is out there. CU I've updated the script (AutoSNF.cmd) which is used to fetch the latest CU definitions. I've got it scheduled now but want to set up an alias CU which invokes the program. I thought I did so properly, but apparently not. CU I've got an alias XYZ of type Program which resolves to: CU E:\IMail\declude\SNIFFER\AutoSNF.cmd CU The logs show: CU 20041214 182050 127.0.0.1 SMTP (7550065a00b4ca5e) processing CU e:\IMAIL\spool\Q7550065a00b4ca5e.SMD CU 20041214 182050 127.0.0.1 SMTP (7550065a00b4ca5e) [x] toprog CU E:\IMail\declude\SNIFFER\AutoSNF.cmd e:\IMAIL\spool\tmpEA4.tmp CU 20041214 182050 127.0.0.1 SMTP (7550065a00b4ca5e) finished CU e:\IMAIL\spool\Q7550065a00b4ca5e.SMD status=1 CU But it is not actually running (looking in the SNIFFER folder) and updating CU the definitions file. I velieve I've run into this before -- be sure that the top line of the script changes to the correct drive and directory for the script to run. Otherwise I _think_ it will try to run in the IMail directory. Hope this helps, _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Chris, I forgot one important comment: Customer service from MessageSniffer has been fantastic! Katie LaSalle-Lowery Centric Internet Services 1410 Reserve St. Missoula, MT 59801 Local Phone 549-3337 ext. 21 Toll Free (888)593-2776 ext. 21 Fax (406)721-3438 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katie LaSalle-Lowery Sent: Monday, December 13, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer Hi Chris, I suspect that you'll find that many of the Declude users are this list are also using MessageSniffer. We only recently began using it and can tell you that we saw a dramatic increase in spam catches when we did so. If you look in your global.cfg file, you'll see there is already a line for MessageSniffer that is commented out. When you purchase MessageSniffer you remove the # and put in your pattern file name and registration key. I'll leave the other answers to more knowledgable folks and just say that we have been quite please with the results we've seen since we began to use MessageSniffer. Katie LaSalle-Lowery Centric Internet Services 1410 Reserve St. Missoula, MT 59801 Local Phone 549-3337 ext. 21 Toll Free (888)593-2776 ext. 21 Fax (406)721-3438 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Chris, Sniffer will catch ~96% of all spam with 99.8% accuracy (on my system at least). While building redundancies is important in any system, it is the single most effective tool that is available to Declude users, and it fulfills a large part of the content filtering that you have been attempting to accomplish. Once you purchase Sniffer (which you will of course do quickly), we will help you get it set up. Just ask. Regarding your word/phrase list, on a server with a little extra capacity to spare, 400 BODY filters won't make much of a difference, but Sniffer will probably remove your need to do this type of work. Matt Chris Ulrich wrote: Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
It looks like it scores pretty well... http://www2.spamchk.com/public.html Yes I can confirm this. (The results you can see on the link above are results on my Mailserver) I can highly recommend Messagesniffer because the rules are always up to date (2 - 4 each day) and as you can see highly reliable. If you've running this test I recommend splitting it up in different tests for the different return codes. As you can see in the results above most return codes are very reliable. So you can set also a very high weight (70 up to 100% of your hold weight) to this result codes. That said, and I'm embarrassed to ask two questions in one day, but what experiences have people had with SpamChk as well? Are people running the stable version (dated 7/29/03) or the beta (dated 1/31/04) SpamChk was a result of some missing features in recent (2 years ago) releases of declude junkmail. My friend Wolfgang and I decided to implement this external test as a sub-set of different content based tests. SpamChk does NOT provide automatic updates as Sniffer does. I consider it a swiss army knife and we have some ideas for new features. You can easily use the latest beta of Spamchk. SpamChk it's not a test that clearly says yes it's spam or no it's ham. This external test will return his sum of points to declude's weighting system. If there are many indicators of spam it can return also - let's say - 500 points. On the other side SpamChk can also return only one single point. And SpamChk can also return negative weights if there are many indicators for a legit message. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Do you have to configure a service with FireDaemon to check every hour or does it do it automatically by itself? At 01:07 PM 12/13/2004, you wrote: Hi, It's highly recommended. I accounts for 70% of my hold weight and it is very much on target with very few false positives. Rules are updated in a rules file and I check for updates hourly. It has really helped with dealing with new outbreaks of SPAM before the Ips are on various black-lists. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question on SortMonster/MessageSniffer
Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on SortMonster/MessageSniffer
I've never heard of it. - Original Message - From: Chris Ulrich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 13, 2004 12:45 PM Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
It looks like it scores pretty well... http://www2.spamchk.com/public.html That said, and I'm embarrassed to ask two questions in one day, but what experiences have people had with SpamChk as well? Are people running the stable version (dated 7/29/03) or the beta (dated 1/31/04) Doesn't seen to be updated often... is it an issue? Good solid results? Any thoughts? Thanks At 12:57 PM 12/13/2004, you wrote: Hi Chris, I suspect that you'll find that many of the Declude users are this list are also using MessageSniffer. We only recently began using it and can tell you that we saw a dramatic increase in spam catches when we did so. If you look in your global.cfg file, you'll see there is already a line for MessageSniffer that is commented out. When you purchase MessageSniffer you remove the # and put in your pattern file name and registration key. I'll leave the other answers to more knowledgable folks and just say that we have been quite please with the results we've seen since we began to use MessageSniffer. Katie LaSalle-Lowery Centric Internet Services 1410 Reserve St. Missoula, MT 59801 Local Phone 549-3337 ext. 21 Toll Free (888)593-2776 ext. 21 Fax (406)721-3438 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
I use, recommend, support, sell (Sniffer) both Message Sniffer and SpamCheck. Message Sniffer is subscription based and includes updated rule bases. Updates are generally 3-4 a day. SpamCheck is free, and is configuration file based. What SpamCheck does amoung others is check a lot of body coding and such and in doing so not as resource intensive as body filters in Declude. Both are valuable tools for Declude. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 10:03 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer It looks like it scores pretty well... http://www2.spamchk.com/public.html That said, and I'm embarrassed to ask two questions in one day, but what experiences have people had with SpamChk as well? Are people running the stable version (dated 7/29/03) or the beta (dated 1/31/04) Doesn't seen to be updated often... is it an issue? Good solid results? Any thoughts? Thanks At 12:57 PM 12/13/2004, you wrote: Hi Chris, I suspect that you'll find that many of the Declude users are this list are also using MessageSniffer. We only recently began using it and can tell you that we saw a dramatic increase in spam catches when we did so. If you look in your global.cfg file, you'll see there is already a line for MessageSniffer that is commented out. When you purchase MessageSniffer you remove the # and put in your pattern file name and registration key. I'll leave the other answers to more knowledgable folks and just say that we have been quite please with the results we've seen since we began to use MessageSniffer. Katie LaSalle-Lowery Centric Internet Services 1410 Reserve St. Missoula, MT 59801 Local Phone 549-3337 ext. 21 Toll Free (888)593-2776 ext. 21 Fax (406)721-3438 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Hi, It's highly recommended. I accounts for 70% of my hold weight and it is very much on target with very few false positives. Rules are updated in a rules file and I check for updates hourly. It has really helped with dealing with new outbreaks of SPAM before the Ips are on various black-lists. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
Hi Chris, I suspect that you'll find that many of the Declude users are this list are also using MessageSniffer. We only recently began using it and can tell you that we saw a dramatic increase in spam catches when we did so. If you look in your global.cfg file, you'll see there is already a line for MessageSniffer that is commented out. When you purchase MessageSniffer you remove the # and put in your pattern file name and registration key. I'll leave the other answers to more knowledgable folks and just say that we have been quite please with the results we've seen since we began to use MessageSniffer. Katie LaSalle-Lowery Centric Internet Services 1410 Reserve St. Missoula, MT 59801 Local Phone 549-3337 ext. 21 Toll Free (888)593-2776 ext. 21 Fax (406)721-3438 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 10:45 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer
It is done by scheduled batch file, or by trigger using a program alias in Imail. There are instructions on the MessageSniffer site, as well as support from SortMonster. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 11:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Question on SortMonster/MessageSniffer Do you have to configure a service with FireDaemon to check every hour or does it do it automatically by itself? At 01:07 PM 12/13/2004, you wrote: Hi, It's highly recommended. I accounts for 70% of my hold weight and it is very much on target with very few false positives. Rules are updated in a rules file and I check for updates hourly. It has really helped with dealing with new outbreaks of SPAM before the Ips are on various black-lists. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Ulrich Sent: Monday, December 13, 2004 12:45 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question on SortMonster/MessageSniffer Is anyone using this product as part of their filtering? http://www.sortmonster.com/MessageSniffer Any feedback? Does it download definition updates or something similar, or is it purely rules based and the only update would be to the program itself? How would you integrate this in to the config files? Also, I'm putting together a list of common words/phrases found in SPAM that gets through the current filters. Up to about 200, yes, there are plenty more. At what point do you take a serious performance hit doing this? I'd post the list of words, but I'd probably score about a 400 on everyone's filters and you'd never see it anyway! Thanks Chris Cydian Technologies --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Question on Dell Poweredge 1750
We only use Imail as a Gateway. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sbsi lists Sent: Tuesday, November 09, 2004 5:01 PM To: Markus Gufler Subject: Re[2]: [Declude.JunkMail] Question on Dell Poweredge 1750 Hi Markus, Interested in this too since I'm ramping up a new server install. But, one question to Matt/David/Rick/All... (by the way, thanks!) How do you handle larger mail boxes/webmail/imap if you are keeping your /imail/ main directory/program files down to a lower disk space? I understand keeping the disk space down to a minimum but I don't understand where storage would be if larger mailboxes/imap was allowed... TIA. -jason MG So considering also Matt's reply: MG - Delete the existing 69 GB partition MG - Create the two small (and so faster) partitions with around 2 or 3 MG GB for Imail program files and Spool-folder MG - Create the last partition with all the remaining space to move out MG log- and hold-files from the spool folder. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on Dell Poweredge 1750
Hello Markus, Tuesday, November 9, 2004, 10:31:27 AM, you wrote: MG I've to set up Imail/Declude on a Dell Poweredge 1750 with Dual 3 GHz Xeon MG CPUs and 4 Ethernet Ports. MG 2 x Intel NICs MG 2 x Broadcom NetXtreme Gbit NICs MG Now I have two questions: MG 1.) Anyone has had the known Imail-NIC problems with this Ethernet ports? Yep. MG 2.) The system is preconfigured with Win2003 Server on 2 x 80 GB RAID 1 SCSI MG drives. There are two preconfigured partitions: MG C: with 8 GB MG D: with the resting 69 GB MG So I plan to install Imail and the spool path on C: Don't do that. Create 2 more partitions with the rest of your 69G. One for Imail program files and one for spool only. Spool partition should NOT be larger than 4G. 2G is plenty, just make sure you move Imail log files out daily. Oh yea, and don't put your virus hold or declude log files in spool either. Both of those can be separated to another partition. (Imail log files can't) MG The second partition will be used to regulary move out fragmented files MG (hold-folder, virus-folder, logfiles) from the first partition and keep them MG for further elaboration (requeing, logfile analisis...) MG Any suggestions about the setup? MG Markus MG --- MG [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] MG --- MG This E-mail came from the Declude.JunkMail mailing list. To MG unsubscribe, just send an E-mail to [EMAIL PROTECTED], and MG type unsubscribe Declude.JunkMail. The archives can be found MG at http://www.mail-archive.com. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on Dell Poweredge 1750
Absolutely put your spool on it's own partition and have Declude and any other related application log to that partition. Both the IMail and Declude logs cause an unbelievable amount of fragmentation, and if you put these on your system partition, you will quickly diminish your system's performance. I would also recommend writing a script that moves the log files over to a separate partition after the end of the day. This will in effect defragment the drive as well as the files that are moved. I've done this on a very busy server and I no longer have any issues with fragmentation. Another piece of advice would be to keep the partitions as small as is practical. The outer edges of the disk's will read and write at 2 times the speed on the inside edge of the disks. When you partition space on drives, it will first be taken from the outer edges. So having extra space that you will never use will slow down your performance. Matt Markus Gufler wrote: I've to set up Imail/Declude on a Dell Poweredge 1750 with Dual 3 GHz Xeon CPUs and 4 Ethernet Ports. 2 x Intel NICs 2 x Broadcom NetXtreme Gbit NICs Now I have two questions: 1.) Anyone has had the known Imail-NIC problems with this Ethernet ports? 2.) The system is preconfigured with Win2003 Server on 2 x 80 GB RAID 1 SCSI drives. There are two preconfigured partitions: C: with 8 GB D: with the resting 69 GB As I can understand this configuration should work fine for the Imail/Declude server. This server should be a SMTP-gateway only, no Pop3, Imap, webmail. So I plan to install Imail and the spool path on C: The second partition will be used to regulary move out fragmented files (hold-folder, virus-folder, logfiles) from the first partition and keep them for further elaboration (requeing, logfile analisis...) Any suggestions about the setup? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on Dell Poweredge 1750
I use the same systems for my two Imail/Declude mail gateways Don't use the Broadcomm Nics! They will intermittently quit working! Like Dan said, install Imail on the D drive, there is more than enough disk space and horse power to deal with the other things you want to do. Each of mine get around 70K messages a day, I run extensive filtering files and barely push the CPUs Rick Davidson National Systems Manager North American Title Group 440-953-9346 - Office 440-953-0925 - Fax 440-487-7344 - Mobile [EMAIL PROTECTED] - - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 10:31 AM Subject: [Declude.JunkMail] Question on Dell Poweredge 1750 I've to set up Imail/Declude on a Dell Poweredge 1750 with Dual 3 GHz Xeon CPUs and 4 Ethernet Ports. 2 x Intel NICs 2 x Broadcom NetXtreme Gbit NICs Now I have two questions: 1.) Anyone has had the known Imail-NIC problems with this Ethernet ports? 2.) The system is preconfigured with Win2003 Server on 2 x 80 GB RAID 1 SCSI drives. There are two preconfigured partitions: C: with 8 GB D: with the resting 69 GB As I can understand this configuration should work fine for the Imail/Declude server. This server should be a SMTP-gateway only, no Pop3, Imap, webmail. So I plan to install Imail and the spool path on C: The second partition will be used to regulary move out fragmented files (hold-folder, virus-folder, logfiles) from the first partition and keep them for further elaboration (requeing, logfile analisis...) Any suggestions about the setup? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on Dell Poweredge 1750
MG 1.) Anyone has had the known Imail-NIC problems with this Ethernet ports? Yep. And your solution? Installing another NIC card (3Com) beside the other four existing ethernet ports? Don't do that. Create 2 more partitions with the rest of your 69G. One for Imail program files and one for spool only. Spool partition should NOT be larger than 4G. 2G is plenty, just make sure you move Imail log files out daily. Oh yea, and don't put your virus hold or declude log files in spool either. Both of those can be separated to another partition. (Imail log files can't) So considering also Matt's reply: - Delete the existing 69 GB partition - Create the two small (and so faster) partitions with around 2 or 3 GB for Imail program files and Spool-folder - Create the last partition with all the remaining space to move out log- and hold-files from the spool folder. As I know I can specify the virus-folder in virus.cfg but I don't know how to specify the hold-folder outside the Imail-spoolfolder for the Declude HOLD action. Have I missed something? Thanks in advance Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Question on Dell Poweredge 1750
Hello Markus, Tuesday, November 9, 2004, 11:20:16 AM, you wrote: MG And your solution? Installing another NIC card (3Com) beside the other four MG existing ethernet ports? Yea, that's what we reluctantly did. This is our most annoying Imail issue. We restart SMTP and Queue service as well. Check Imail list archives for No Buffer Space. MG So considering also Matt's reply: MG - Delete the existing 69 GB partition Yes. MG - Create the two small (and so faster) partitions with around 2 or 3 GB for MG Imail program files and Spool-folder Yes. MG - Create the last partition with all the remaining space to move out log- MG and hold-files from the spool folder. I'd leave about 50% of that unpartitioned for the same reason Matt (I think) mentioned. Faster access on the edge of the disk. MG As I know I can specify the virus-folder in virus.cfg but I don't know how MG to specify the hold-folder outside the Imail-spoolfolder for the Declude MG HOLD action. Have I missed something? You're correct. You can't HOLD in any directory other than /spool/spam. But, you can have Declude actively log all data to a separate partition. We process all messages in /spool/spam every 30 minutes. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Question on Dell Poweredge 1750
Hello Markus, Tuesday, November 9, 2004, 10:20:16 AM, you wrote: MG 1.) Anyone has had the known Imail-NIC problems with this Ethernet ports? Yep. MG And your solution? Installing another NIC card (3Com) beside the other four MG existing ethernet ports? Don't do that. Create 2 more partitions with the rest of your 69G. One for Imail program files and one for spool only. Spool partition should NOT be larger than 4G. 2G is plenty, just make sure you move Imail log files out daily. Oh yea, and don't put your virus hold or declude log files in spool either. Both of those can be separated to another partition. (Imail log files can't) MG So considering also Matt's reply: MG - Delete the existing 69 GB partition MG - Create the two small (and so faster) partitions with around 2 or 3 GB for MG Imail program files and Spool-folder MG - Create the last partition with all the remaining space to move out log- MG and hold-files from the spool folder. MG As I know I can specify the virus-folder in virus.cfg but I don't know how MG to specify the hold-folder outside the Imail-spoolfolder for the Declude MG HOLD action. Have I missed something? MG Thanks in advance MG Markus Just as a note, you can use Kiwi Syslog as your syslog server (it's free if you don't want to use the more advanced features), then write the log files from Kiwi to anywhere on the system you want, you can even run it from another server and log there. The log format can be customized to look like IMail logs. Be aware though, IMail only lets some of the services log to syslog. http://www.kiwisyslog.com/ -- Best regards, Charlesmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] Question on Dell Poweredge 1750
Hello Charles, Tuesday, November 9, 2004, 11:42:56 AM, you wrote: CF Just as a note, you can use Kiwi Syslog as your syslog server (it's free if CF you don't want to use the more advanced features), then write the log CF files from Kiwi to anywhere on the system you want, you can even run CF it from another server and log there. The log format can be customized to CF look like IMail logs. Be aware though, IMail only lets some of the services CF log to syslog. CF http://www.kiwisyslog.com/ Charles is right here. Kiwi is a great syslogger and you can do what he's talking about with the SMTP logs. We syslog some of Imail's logs to a *nix box but haven't moved SMTP yet. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on Dell Poweredge 1750
1.) Anyone has had the known Imail-NIC problems with this Ethernet ports? We have 4 1750's using adapter teaming without any problem. Although I've never heard of an application level issue with a NIC (in WinNT+) 2.) The system is preconfigured with Win2003 Server on 2 x 80 GB RAID 1 SCSI drives. There are two preconfigured partitions: C: with 8 GB D: with the resting 69 GB As I can understand this configuration should work fine for the Imail/Declude server. This server should be a SMTP-gateway only, no Pop3, Imap, webmail. So I plan to install Imail and the spool path on C: The second partition will be used to regulary move out fragmented files (hold-folder, virus-folder, logfiles) from the first partition and keep them for further elaboration (requeing, logfile analisis...) Any suggestions about the setup? Markus I'd make the D: partition for 8-10GB and put the Imail apps on it. Then create an E: partition and mount the filesystem to d:\imail\spool Put your declude logs, etc in d:\imail\spool\spamlogs --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] Question on Dell Poweredge 1750
Hello sbsi, Tuesday, November 9, 2004, 5:00:39 PM, you wrote: sl How do you handle larger mail boxes/webmail/imap if you are sl keeping your /imail/ main directory/program files down to a lower sl disk space? sl I understand keeping the disk space down to a minimum but I don't sl understand where storage would be if larger mailboxes/imap was sl allowed... I think the original poster was asking about an SMTP gateway only. If you're going to host mailboxes on there as well, then you need another partition solely for the mailbox store. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on Dell Poweredge 1750
Disks generally maintain throughput in 20 GB chunks these days, which leaves you with plenty of wiggle room. When creating partitions, the system obviously goes first, then followed by your IMail Users and then your Spool. The other partitions on your system shouldn't be accessed with any degree of frequency if dedicated to just being a mail server, so you could dump your logs periodically on a fourth partition without harm to performance. If you are running enough disks to give you enough I/O to outlive the processors, you don't have anything to worry about. I personally recommend RAID 5 despite the broad belief that RAID 10 is better. The reason is that you are limited in the number of drives that most servers can support, and you get better performance out of 6 drives in RAID 5 than you do with 6 drives in RAID 10. 6 Seagate Cheetah's at 15K RPM with write through cache can easily handle whatever Declude and IMail can throw at it on a dual 3GHz Xeon server. Two mirrored 10K drives however is a different story, and one would want to optimize as much as possible under that environment. My recommendation would be to figure out your current average disk space per user and multiply that by the number of users that you expect 3 years out and then double that number to account for growth in the average and you should be safe. I don't personally recommend installing IMail outside of the C: drive, just separate out both the users to their own partition, and the spool to it's own partition, and unless you are using Kiwi, log everything to the spool partition and move the files to an archive location with a scheduled process in order to mitigate the fragmentation. There is not going to be a measurable difference in performance if you make your spool 1GB or 5GB, but there would definitely be a difference between 5GB and 50GB, so don't dedicate the space unless you have to. It's also nice to have unused space present in the event of future need. I hope that helps explain at least my perspective on how to do this :) Matt sbsi lists wrote: Hi Markus, Interested in this too since I'm ramping up a new server install. But, one question to Matt/David/Rick/All... (by the way, thanks!) How do you handle larger mail boxes/webmail/imap if you are keeping your /imail/ main directory/program files down to a lower disk space? I understand keeping the disk space down to a minimum but I don't understand where storage would be if larger mailboxes/imap was allowed... TIA. -jason MG So considering also Matt's reply: MG - Delete the existing 69 GB partition MG - Create the two small (and so faster) partitions with around 2 or 3 GB for MG Imail program files and Spool-folder MG - Create the last partition with all the remaining space to move out log- MG and hold-files from the spool folder. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about Filters
Scott, Is there any size limitation (# of entries per file) imposed on fromfiles or the number or fromfiles you can have listed in the Global.cfg? Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, November 02, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about Filters After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? Both. The X-Declude-Sender: header displays the return address (MAIL FROM from the SMTP envelope), which is the same one that the fromfile test type (and anything else in Declude JunkMail) looks at. If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). That sounds like it would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about Filters
Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Wednesday, November 03, 2004 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Question about Filters Scott, Is there any size limitation (# of entries per file) imposed on fromfiles or the number or fromfiles you can have listed in the Global.cfg? Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, November 02, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about Filters After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? Both. The X-Declude-Sender: header displays the return address (MAIL FROM from the SMTP envelope), which is the same one that the fromfile test type (and anything else in Declude JunkMail) looks at. If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). That sounds like it would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about Filters
Is there any size limitation (# of entries per file) imposed on fromfiles or the number or fromfiles you can have listed in the Global.cfg? No. Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles? No. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about Filters
The skipifweight... the run order is (rbl tests, external tests, fromfile, ipfile, then filters). So weighting wise, you have only accumulated have your scores at this time. Maxweight: As of 1.78 the fromfile test type will now stop processing at first match. So Maxweight wouldn't be useful. - Original Message - From: Keith Johnson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 2:30 PM Subject: RE: [Declude.JunkMail] Question about Filters Can you use the SKIPIFWEIGHT and MAXWEIGHT in the fromfiles? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Wednesday, November 03, 2004 2:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Question about Filters Scott, Is there any size limitation (# of entries per file) imposed on fromfiles or the number or fromfiles you can have listed in the Global.cfg? Thanks, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, November 02, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about Filters After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? Both. The X-Declude-Sender: header displays the return address (MAIL FROM from the SMTP envelope), which is the same one that the fromfile test type (and anything else in Declude JunkMail) looks at. If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). That sounds like it would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about Filters
After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). Thanks for the aid. --- Keith Johnson Senior Network Engineer Network Advocates, Inc. 9001 Shelbyville Road Burhans Hall, Suite 260 Louisville, KY 40228 TEL: 502.992.5928 FAX: 502.412.1058 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about Filters
After reviewing my Debug log, I found that the FromFiles are run first. Obviously, most email is spoofed and therefore will not show up, however, does Declude actually check fromfile for the mailfrom line or what it shows up as the X-Declude-Sender line? Both. The X-Declude-Sender: header displays the return address (MAIL FROM from the SMTP envelope), which is the same one that the fromfile test type (and anything else in Declude JunkMail) looks at. If it is indeed the X-Declude-Sender, it seems it would be benefical to move the domains from our filter files into fromfiles thus allowing for a reduction on CPU processing since they are run first (while using SKIPIFWEIGHT lines in filters). That sounds like it would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question
Title: Message I think this will do Thank you all Alex V -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Friday, October 15, 2004 1:33 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Question You could use minweighttofail (1.80 or higher). This would assign 103 or more points to a something that failed three or more statements global.cfg THREEBLFAILfilter D:\IMail\Declude\3blfail.txt x 100 0 3blfail.txt: MINWEIGHTTOFAIL 3 TESTSFAILED 1 CONTAINS CBL TESTSFAILED 1 CONTAINS SBL TESTSFAILED 1 CONTAINS MAILPOLICE-BULK TESTSFAILED 1 CONTAINS MAILPOLICE-PORN - Original Message - From: Alejandro Valenzuela To: [EMAIL PROTECTED] Sent: Friday, October 15, 2004 2:49 PM Subject: [Declude.JunkMail] Question I would like to have a test that checks if a message has been found on 3 or more black lists Then if that is the case, assign more points to it... Is this posible ?? Thanks... Alex Valenzuela
[Declude.JunkMail] Question
Title: Message I would like to have a test that checks if a message has been found on 3 or more black lists Then if that is the case, assign more points to it... Is this posible ?? Thanks... Alex Valenzuela
Re: [Declude.JunkMail] Question
On 15 Oct 2004 at 12:49, Alejandro Valenzuela wrote: Alex - I would like to have a test that checks if a message has been found on 3 or more black lists Then if that is the case, assign more points to it... Is this posible ?? Well I do not know how to count the number of failed tests but if you were willing to list them something along these lines will work in a filter: combo_blacklists.txt SKIPIFWEIGHT36 TESTSFAILED END NOTCONTAINS test1 TESTSFAILED END NOTCONTAINS test2 TESTSFAILED END NOTCONTAINS test3 REMOTEIP0 CONTAINS . in Gconfig: combo_blacklists.txtfilter \IMail\Declude\Filters\combo_blacklists.txt x 10 0 -Nick Thanks... Alex Valenzuela --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question
Hi, I subscribed to this list yesterday afternoon at 3:40pm and have not received a single message from anyone. Is there nobody on this list?? Thanks, Melissa
RE: [Declude.JunkMail] Question
The list gets 4-12 messages a day, sometimes goes a couple of days with nothing. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Melissa SheldonSent: Thursday, October 07, 2004 1:50 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Question Hi, I subscribed to this list yesterday afternoon at 3:40pm and have not received a single message from anyone. Is there nobody on this list?? Thanks, Melissa
Re: [Declude.JunkMail] Question
This would be why she's not seeing anything...LOL Darin. - Content violation found in email message.From: [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] QuestionMatching Subject: *junk* - - Original Message - From: Melissa Sheldon To: [EMAIL PROTECTED] Sent: Thursday, October 07, 2004 2:50 PM Subject: [Declude.JunkMail] Question Hi, I subscribed to this list yesterday afternoon at 3:40pm and have not received a single message from anyone. Is there nobody on this list?? Thanks, Melissa
Re: [Declude.JunkMail] Question about END operation
Now that we've had two people wanting END to End with weight, can I suggest a STOP action that would STOP processing with the current weight? Essentially this would make the STOP action similar to what END was before the last released interim. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 19, 2004 9:42 AM Subject: Re: [Declude.JunkMail] Question about END operation I ran into an unexpected behavior with END statements that I could use some clarification on if you don't mind. Could you tell me which one of the following is the intended behavior: * When an END condition is matched, the processing of the file will stop and the current score of the filter file will be returned along with the status (pass or fail) for scoring the Global.cfg settings. * When an END condition is matched, the processing of the file will stop and the filter will return no score regardless of previous hits and a status of pass will be returned. It's #2. The END condition does two things: it stops further processing of the filter, and sets the test to not triggered. As a result of the test not being triggered, no weight is added to the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about END operation
Putting my two cents in ... I also would rather have both options. I would choose the keywords: ABORT (same as END, and deprecate use of END as a keyword) STOP (end processing with the accumulated weight, and the test status status as having triggered, as requested by Matthew Bramble and Scott Fisher) Andrew 8) -Original Message- From: Scott Fisher [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 7:17 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about END operation Now that we've had two people wanting END to End with weight, can I suggest a STOP action that would STOP processing with the current weight? Essentially this would make the STOP action similar to what END was before the last released interim. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 19, 2004 9:42 AM Subject: Re: [Declude.JunkMail] Question about END operation I ran into an unexpected behavior with END statements that I could use some clarification on if you don't mind. Could you tell me which one of the following is the intended behavior: * When an END condition is matched, the processing of the file will stop and the current score of the filter file will be returned along with the status (pass or fail) for scoring the Global.cfg settings. * When an END condition is matched, the processing of the file will stop and the filter will return no score regardless of previous hits and a status of pass will be returned. It's #2. The END condition does two things: it stops further processing of the filter, and sets the test to not triggered. As a result of the test not being triggered, no weight is added to the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about END operation
I ran into an unexpected behavior with END statements that I could use some clarification on if you don't mind. Could you tell me which one of the following is the intended behavior: * When an END condition is matched, the processing of the file will stop and the current score of the filter file will be returned along with the status (pass or fail) for scoring the Global.cfg settings. * When an END condition is matched, the processing of the file will stop and the filter will return no score regardless of previous hits and a status of pass will be returned. It's #2. The END condition does two things: it stops further processing of the filter, and sets the test to not triggered. As a result of the test not being triggered, no weight is added to the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about END operation
Thanks. Matt R. Scott Perry wrote: I ran into an unexpected behavior with END statements that I could use some clarification on if you don't mind. Could you tell me which one of the following is the intended behavior: * When an END condition is matched, the processing of the file will stop and the current score of the filter file will be returned along with the status (pass or fail) for scoring the Global.cfg settings. * When an END condition is matched, the processing of the file will stop and the filter will return no score regardless of previous hits and a status of pass will be returned. It's #2. The END condition does two things: it stops further processing of the filter, and sets the test to not triggered. As a result of the test not being triggered, no weight is added to the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about END operation
Matt, I believe it is #2, as the intended function is to end the test. This is in conjunction with the various body filters in use, such as GIBBERISH and so forth. FYI, thats it for me today. Have the rest of a good weekend. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, September 18, 2004 5:48 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Question about END operation Scott, I ran into an unexpected behavior with END statements that I could use some clarification on if you don't mind. Could you tell me which one of the following is the intended behavior: When an END condition is matched, the processing of the file will stop and the current score of the filter file will be returned along with the status (pass or fail) for scoring the Global.cfg settings. When an END condition is matched, the processing of the file will stop and the filter will return no score regardless of previous hits and a status of pass will be returned. If the answer is #1, which I had believed it to be, I have found that it is not functioning in that manner using the latest interim release and I can expand on that if so. #1 would of course be more desirable as well, but I need to make sure that I am working with the intended behavior in any event. Thanks, Matt -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
Re: [Declude.JunkMail] Question on Tests running
DANGER WILL ROBINSON! Scott, that might not be good newbie advice to implement that config, but thanks for the credit :) I think what Matt should probably look first at what would be how to configure the tests to do lookups from the same domain for all three tests in order to be a tad bit more efficient, and remove possible double tests when using the combo SBL-XBL domain (as you pointed out). Matt, I would first remove CBL and BLITZED tests from your config, they are also in SBL-XBL and you don't want to be scoring them twice. Assuming that you don't score on multiple hops and that you would like to score according to the accuracy of the test in question, I would recommend using the following as a starting point on a system that holds E-mail on a score of 10: SBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 10 0 XBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 7 0 BLITZED ip4r sbl-xbl.spamhaus.org 127.0.0.6 7 0 SBL is 99.9% static sources of spam, but they do have a couple of places listed that probably shouldn't despite their violations, so credit/whitelist when appropriate. XBL and BLITZED are designed to track spam zombies (hijacked computers/open relays), though there will be some static sources listed and things like virus infections can cause XBL to list a legitimate server if it looks like a broadband/DSL IP or has no reverse DNS entry, but they allow anyone to remove any IP with jut a few clicks unless you are a repeat offender. If you would like to score them all the same and you only score on the last hop, you could use the following instead: SBL-XBL ip4r sbl-xbl.spamhaus.org * 7 0 Take note of what Scott pointed out as far as what test equals what other test. Note that the config in that post that Scott linked to are only appropriate for Declude Pro users with multiple hop scanning configured. That is the best way (staggered scoring with multiple hop scanning), but you really need to know what each RBL does and how things work before you approach that. Matt Scott Fisher wrote: SBLl is a subset of SBL-XBL sbl-xbl return code 127.0.0.2 = SBL sbl-xbl return-code 127.0.0.6 = XBL from Blitzed-all sbl-xbl return-code 127.0.0.4 = XBL from CBL The blitzedall + CBL are referred to as the XBL I use some of the ideas laid out by Matt with his configuration. He posted it in early June in this thread: http://www.mail-archive.com/[EMAIL PROTECTED]/msg19062.html Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/06/04 01:55PM Hello All, I am new to declude and trying to figure all of this out. So far things have been going very well. I have been reading the mail archives and seen a few global.config examples and have pulled a few tests out to run. In my global.config I am running these two tests: SBL-XBL ip4rsbl-xbl.spamhaus.org 127.0.0.2 5 0 SBL ip4rsbl.spamhaus.org * 5 0 Are these basically the same tests? If not, what are the differences between the two? Does anyone have any links to some global.configs that I could look at as well to see where mine might need some adjusting? Thanks. Matt Goodhue CSComputing.biz --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.JunkMail] Question on Tests running
Hello All, I am new to declude and trying to figure all of this out. So far things have been going very well. I have been reading the mail archives and seen a few global.config examples and have pulled a few tests out to run. In my global.config I am running these two tests: SBL-XBL ip4r sbl-xbl.spamhaus.org 127.0.0.2 5 0 SBL ip4r sbl.spamhaus.org * 5 0 Are these basically the same tests? If not, what are the differences between the two? Does anyone have any links to some global.configs that I could look at as well to see where mine might need some adjusting? Thanks. Matt Goodhue CSComputing.biz
Re: [Declude.JunkMail] Question on Tests running
SBLl is a subset of SBL-XBL sbl-xbl return code 127.0.0.2 = SBL sbl-xbl return-code 127.0.0.6 = XBL from Blitzed-all sbl-xbl return-code 127.0.0.4 = XBL from CBL The blitzedall + CBL are referred to as the XBL I use some of the ideas laid out by Matt with his configuration. He posted it in early June in this thread: http://www.mail-archive.com/[EMAIL PROTECTED]/msg19062.html Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/06/04 01:55PM Hello All, I am new to declude and trying to figure all of this out. So far things have been going very well. I have been reading the mail archives and seen a few global.config examples and have pulled a few tests out to run. In my global.config I am running these two tests: SBL-XBL ip4rsbl-xbl.spamhaus.org 127.0.0.2 5 0 SBL ip4rsbl.spamhaus.org * 5 0 Are these basically the same tests? If not, what are the differences between the two? Does anyone have any links to some global.configs that I could look at as well to see where mine might need some adjusting? Thanks. Matt Goodhue CSComputing.biz --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on Tests running
Matt, Check this out http://www.spamhaus.org/xbl/index.lasso The sbl-xbl.spamhaus.org is a combination of both the sbl.spamhaus.org data and xbl.spamhaus.org data You are checking some of the same data twice. Stu At 02:55 PM 07/06/2004 -0400, you wrote: Hello All, I am new to declude and trying to figure all of this out. So far things have been going very well. I have been reading the mail archives and seen a few global.config examples and have pulled a few tests out to run. In my global.config I am running these two tests: SBL-XBL ip4rsbl-xbl.spamhaus.org 127.0.0.2 5 0 SBL ip4rsbl.spamhaus.org * 5 0 Are these basically the same tests? If not, what are the differences between the two? Does anyone have any links to some global.configs that I could look at as well to see where mine might need some adjusting? Thanks. Matt Goodhue CSComputing.biz html xmlns:o=urn:schemas-microsoft-com:office:office xmlns:w=urn:schemas-microsoft-com:office:word xmlns:st1=urn:schemas-microsoft-com:office:smarttags xmlns=http://www.w3.org/TR/REC-html40; head meta http-equiv=Content-Type content=text/html; charset=us-ascii meta name=Generator content=Microsoft Word 11 (filtered medium) o:SmartTagType namespaceuri=urn:schemas-microsoft-com:office:smarttags name=PersonName/ !--[if !mso] style st1\:*{behavior:url(#default#ieooui) } /style ![endif]-- style !-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:Times New Roman;} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} -- /style /head body lang=EN-US link=blue vlink=purple div class=Section1 p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'Hello All,o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'o:pnbsp;/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'I am new to declude and trying to figure all of this out.nbsp; So far things have been going very well. o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'o:pnbsp;/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'I have been reading the mail archives and seen a few global.config examples and have pulled a few tests out to run.o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'o:pnbsp;/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'In my global.config I am running these two tests:o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'o:pnbsp;/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'SBL-XBLnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; nbsp;nbsp; ip4rnbsp;nbsp;nbsp; sbl-xbl.spamhaus.orgnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;n bsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; 127.0.0.2nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; 5nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; 0o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'SBLnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp ;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; ip4rnbsp;nbsp;nbsp; sbl.spamhaus.org nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbs p;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; *nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nb sp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; 5nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; 0o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'o:pnbsp;/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'Are these basically the same tests?nbsp; If not, what are the differences between the two?o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'o:pnbsp;/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt; font-family:Arial'Does anyone have any links to some global.configs that I could look at as well to see where mine might need some adjusting?o:p/o:p/span/font/p p class=MsoNormalfont size=2 face=Arialspan style='font-size:10.0pt;
Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc
But Imail doesn't understand port 587 Or does it? I can't find a thing on their kbase about it. -d What I do think would work much better in the near term would be for every mail server to support and require SMTP AUTH through port 587 as proposed, and then have every ISP out there block port 25 which would be used exclusively for non-AUTH'ed E-mail between systems. That would cut the zombie problem down dramatically without interrupting service, but this will probably take 5 years or more to widely implement. I think this would have a much larger effect than SPF in terms of blocking forging E-mail, the majority of which comes from PC's attached to these residential ISP's presently. AUTH hacking, or even server hacking however will become much more predominant when the bar is raised in this manner, but there should be many fewer machines to track. For now, I consider broadband ISP's to be honeypots for both the spammer and for my system of blocking spammers, and I like it that way :) Probably 90% of what gets through my system is from spammers that have their own IP space assigned to them, but haven't yet been tagged. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question on SPF Setup. Was under You **May** etc
This brings up a good point, if I client is located in another part of the US and we have no way to know what IP Address they might be using. How can this be setup? For example, our server has around 16 IP's, 12.177.8.48 to 12.177.8.63, but we have clients that will not be connected within this range. They might be something like 64.77.164.248 or something. Does the SPF test use the 64. address when doing the test or the mail server that the message is being sent from which would be in the IP range listed above? Sincerely, Grant Griffith EI8HT LEGS Enhanced Web Management A Division of ETC http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, June 30, 2004 7:45 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] FW: You **MAY** have spam This is legit, coming from my own mailserver, and it failed the SPF test. Obviously something is not correct here. Any suggestions? I have used the wizard on the pobox site and pasted the text string into a text record in my DNS. The problem is that your SPF record (v=spf1 a mx ptr -all) doesn't list IPs that your users may be connecting to your mailserver from. In this case, you should whitelist your own users (WHITELIST AUTH if you are running IMail v8 and the latest Declude beta). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc
This brings up a good point, if I client is located in another part of the US and we have no way to know what IP Address they might be using. How can this be setup? For example, our server has around 16 IP's, 12.177.8.48 to 12.177.8.63, but we have clients that will not be connected within this range. They might be something like 64.77.164.248 or something. That is a good question. The best way to look at this is ask How does IMail let this client send mail, while not allowing spammers to send mail? The answer to that is SMTP AUTH. If you're using a version of IMail before IMail v8, you're stuck there -- previous versions do not record in the information that Declude JunkMail gets that SMTP AUTH was used. In that case, you would need to be creative (perhaps a filter that subtracts points for MAILFROM's that contain your domain). Does the SPF test use the 64. address when doing the test or the mail server that the message is being sent from which would be in the IP range listed above? It uses the IP that connects to the IMail server. So if the user connects directly, SPF would see the 64. address. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc
Figures we would have to upgrade. We are at 7.1x as it has been very stable. Not sure we want to upgrade to problems. If someone sends an email and it shows up on our server as a 64. address. What about when the message is delivered to someone at AOL? Will it also see the 64. address, therefore fail the SPF test on their end also? Sincerely, Grant Griffith EI8HT LEGS Enhanced Web Management A Division of ETC http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, June 30, 2004 9:44 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc This brings up a good point, if I client is located in another part of the US and we have no way to know what IP Address they might be using. How can this be setup? For example, our server has around 16 IP's, 12.177.8.48 to 12.177.8.63, but we have clients that will not be connected within this range. They might be something like 64.77.164.248 or something. That is a good question. The best way to look at this is ask How does IMail let this client send mail, while not allowing spammers to send mail? The answer to that is SMTP AUTH. If you're using a version of IMail before IMail v8, you're stuck there -- previous versions do not record in the information that Declude JunkMail gets that SMTP AUTH was used. In that case, you would need to be creative (perhaps a filter that subtracts points for MAILFROM's that contain your domain). Does the SPF test use the 64. address when doing the test or the mail server that the message is being sent from which would be in the IP range listed above? It uses the IP that connects to the IMail server. So if the user connects directly, SPF would see the 64. address. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc
If someone sends an email and it shows up on our server as a 64. address. What about when the message is delivered to someone at AOL? Will it also see the 64. address, therefore fail the SPF test on their end also? No. AOL will only see the IP address of your server, and use that for determining if the E-mail should fail SPF. Since your mailserver is listed as one of the IPs that are allowed to send per your SPF record, AOL will pass SPF. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc
Sorry to butt in on this one...Yes, SPF would fail on other systems as well in that situation. If the client connects directly to AOL, SPF would fail. But if it is sent through the mailserver, it should not fail. As far as I can tell, SPF-PASS is not useful because there is nothing stopping a spammer that owns a server to set SPF up for it. True -- but that makes it easier to detect the spammers. Once they have a domain to use, it can be blocked. People will likely start RHSBLs listing domains that have sent out spam that appear to be owned by spammers. Setting up SPF for your domain is also IMO a bad idea unless you can guarantee that all of your users will only come from certain IP's when they send E-mail. For instance, although I prefer to be the outgoing SMTP server for my clients, some of them are either blocked by their ISP from sending E-mail through my server (port 25 blocking), or they just simply chose to set up their computers to use their ISP's mail server instead of our own. Therefore, I don't have a single client that I can guarantee that they will be coming from a particular range of IP's. In this case, what you should do is use v=spf1 mx ?all. That says If the E-mail is coming from an IP in our MX record, we authorize it. If it is coming from any other IP, we can't say whether or not it is legitimate -- treat it the same as if we have no SPF record. If you don't know all the IPs that users may send mail from, using -all at the end (anyone not listed in the SPF record is not authorized to send mail from this domain is bad. But using ?all at the end lets users who do send mail through your mailserver pass SPF, whereas nobody else will fail. Yes, it provides less protection from joe jobs (spammers using your domain may or may not get their mail through, since SPF won't prevent them), but it also allows your other users to get their mail through. You can set up SPF for you domain that states that the domain can be used from any IP, however I don't see any value in stating that something can come from anywhere when that in effect is the status quo. Using +all is definitely bad (you're giving spammers permission to send mail from your domain). But ?all is fine. Practically speaking, it's the openness of E-mail and the fact that it was never designed or implemented to prevent spoofing that is the cause of this problem, and the best way to get at the issue might be to simply re-write SMTP to allow for authentication of non-local E-mail. I believe that would be the best answer. Unfortunately, that is a huge undertaking -- the amount of time it would take to get a good group of people to write it and agree to it, plus the time it would take to implement (all mail clients would need to be re-written), would make it very time consuming. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc
R. Scott Perry wrote: In this case, what you should do is use v=spf1 mx ?all. That says If the E-mail is coming from an IP in our MX record, we authorize it. If it is coming from any other IP, we can't say whether or not it is legitimate -- treat it the same as if we have no SPF record. In theory this works perfectly, but even on this list people have suggested adding at least some points for the ?all condition. You have to consider the idiot factor and the problems that this can cause (such as blocking on ?all results, and to a lesser extent adding points). For instance, even AOL is using a system that allows for blocking perfectly legitimate IP's when messages are forwarded to their servers and someone presses their spam submit button. Challenge/Response is another perfect example of mass lunacy, in fact some C|Net figurehead was on CNN just a few days ago talking about how all E-mail will eventually move into a scenario that requires C/R. Mass idiocy abounds, and spam protection has become the same thing as the Internet circa 1996. So while the danger is minimal with ?all, it is there and I would prefer to not contribute my domains until I can be sure that people can't use their systems to punish my users for not coming from my own server. I have no idea what that would take to accomplish unfortunately. Even scoring SPF-FAIL is somewhat problematic because I'm sure that there are many administrators that don't list ?all conditions when they should, and the potential of false positives aren't worth the benefit currently in spam blocking. The stats that Scott Fisher shared are certainly interesting, although anecdotal without my ability to verify them. I believe that would be the best answer. Unfortunately, that is a huge undertaking -- the amount of time it would take to get a good group of people to write it and agree to it, plus the time it would take to implement (all mail clients would need to be re-written), would make it very time consuming. Well, I'm not holding my breath waiting for that to happen :) I would of course support it if it did. As far as I can tell, the only things that are worth whitelisting are local authenticated users whereas whitelisting (or crediting in a weight system) seems to be what all of this SPF/Caller ID stuff was primarily designed for early on, yet it is it's biggest failure thus far. I don't see any possibility of that working in the foreseeable future. What I do think would work much better in the near term would be for every mail server to support and require SMTP AUTH through port 587 as proposed, and then have every ISP out there block port 25 which would be used exclusively for non-AUTH'ed E-mail between systems. That would cut the zombie problem down dramatically without interrupting service, but this will probably take 5 years or more to widely implement. I think this would have a much larger effect than SPF in terms of blocking forging E-mail, the majority of which comes from PC's attached to these residential ISP's presently. AUTH hacking, or even server hacking however will become much more predominant when the bar is raised in this manner, but there should be many fewer machines to track. For now, I consider broadband ISP's to be honeypots for both the spammer and for my system of blocking spammers, and I like it that way :) Probably 90% of what gets through my system is from spammers that have their own IP space assigned to them, but haven't yet been tagged. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc
I agree that SPF is not very useful in the situation Matt outlined. We're in the same boat with users that may use their ISP or us to send mail from their domain. While SPF attempts to handle it through a switch that references other providers' SPF records, It's just not practical to list all possible ISPs that an end user could use to send mail. However, I have seen benefit from specifying domains that do not send mail. Spam that spoofs the from address as one of these domains is getting blocked...some of which was not previously getting blocked (sorry don't have firm numbers yet). Also, it is useful for corporate customers that can guarantee that all email will pass through one of a few mail servers. Only problem there is travelers who would then need to VPN or otherwise authenticate with one of those servers in order to pass SPF. Darin. - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 30, 2004 11:24 AM Subject: Re: [Declude.JunkMail] Question on SPF Setup. Was under You **May** etc **May** etc Grant Griffith - Declude JM wrote: If someone sends an email and it shows up on our server as a 64. address. What about when the message is delivered to someone at AOL? Will it also see the 64. address, therefore fail the SPF test on their end also? Sorry to butt in on this one...Yes, SPF would fail on other systems as well in that situation. As far as I can tell, SPF-PASS is not useful because there is nothing stopping a spammer that owns a server to set SPF up for it. Setting up SPF for your domain is also IMO a bad idea unless you can guarantee that all of your users will only come from certain IP's when they send E-mail. For instance, although I prefer to be the outgoing SMTP server for my clients, some of them are either blocked by their ISP from sending E-mail through my server (port 25 blocking), or they just simply chose to set up their computers to use their ISP's mail server instead of our own. Therefore, I don't have a single client that I can guarantee that they will be coming from a particular range of IP's. While some people around here might only add a few points for such a failure, some have said that they will automatically hold any such messages that fail and I'm sure that there are people out there that will delete on such failures. You can set up SPF for you domain that states that the domain can be used from any IP, however I don't see any value in stating that something can come from anywhere when that in effect is the status quo. SPF is an interesting idea, but they're missing a step or two that would really make it useful IMO. The SPF folks recently agreed to merge their spec with Microsoft's and that might produce a more accurate test, but I haven't been following developments closely and can't say for sure. Practically speaking, it's the openness of E-mail and the fact that it was never designed or implemented to prevent spoofing that is the cause of this problem, and the best way to get at the issue might be to simply re-write SMTP to allow for authentication of non-local E-mail. I'm sure that Scott, Sandy and others have a different perspective. They are both fans of SPF and I am not. Who knows, maybe it is me that is missing something. I won't implement SPF on my domains at this time because of the possibility of some other admin blocking their E-mail in that 1% that doesn't come through my server, and to list them as non-specific to address space caries no apparent value. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about filters..
The text filters check on BODY or SUBJECT, What about the text on the HEADERS ?? Also, how can I put wildcards on filters ?? Couldn't find the manual at declude.com www.declude.com\manual.htm Anybody have the correct link ?? Thanks AV --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about filters..
The text filters check on BODY or SUBJECT, What about the text on the HEADERS ?? Yes, the filters work fine on headers, such as: HEADERS 5 CONTAINS EvilWord Also, how can I put wildcards on filters ?? You cannot, but you can do things such as: HEADERS 5 STARTSWITH EvilWord to catch EvilWord*. Couldn't find the manual at declude.com www.declude.com\manual.htm Anybody have the correct link ?? You can use the old link http://www.declude.com/junkmail/manual.htm (which redirects to the new URL, which I can never remember). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about quoted-printable encoding and filtering
Scott, I'm finding this difficult to test and thought that I would ask it instead. I've found some heavy obfuscation in some Nigerian stuff that has be scratching my head about how to filter it. One such messages contains the following: THE OWNER OF THIS ACCOUNT LATE MR.DENNIS BR= OWN ,HE DIED SINCE 1997 I'm wondering to what extent Declude clears up such encoding for the filters. For instance, would the following work in this instance: BODY 3 CONTAINS MR.DENNIS BROWN or maybe with a space for the line return: BODY 3 CONTAINS MR.DENNIS BR= OWN or rather without the space: BODY 3 CONTAINS MR.DENNIS BR=OWN Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Question about quoted-printable encoding and filtering
I'm finding this difficult to test and thought that I would ask it instead. I've found some heavy obfuscation in some Nigerian stuff that has be scratching my head about how to filter it. One such messages contains the following: THE OWNER OF THIS ACCOUNT LATE MR.DENNIS BR= OWN ,HE DIED SINCE 1997 I'm wondering to what extent Declude clears up such encoding for the filters. For instance, would the following work in this instance: BODY 3 CONTAINS MR.DENNIS BROWN or maybe with a space for the line return: BODY 3 CONTAINS MR.DENNIS BR= OWN or rather without the space: BODY 3 CONTAINS MR.DENNIS BR=OWN Declude JunkMail should translate the CRLF (linefeed) into a space, so it the second line (MR.DENNIS BR= OWN) should catch it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about quoted-printable encoding and filtering
Thanks. . I'm sure it goes without saying that MIME decoding would be a nice addition whenever that pops to the top of your to-do list. This one message was clearly obfuscated using that technique, and the sender was careful to find a free mail provider that would send quoted-printable encoding headers on plain text messages. This is most problematic on Nigerian scams because it almost always comes from legitimate mail providers and you have to rely exclusively on content filters to block it, although I'm now starting to populate a %MAILFROMBL% test for such addresses, and I should soon see how useful that may be. Matt R. Scott Perry wrote: I'm finding this difficult to test and thought that I would ask it instead. I've found some heavy obfuscation in some Nigerian stuff that has be scratching my head about how to filter it. One such messages contains the following: THE OWNER OF THIS ACCOUNT LATE MR.DENNIS BR= OWN ,HE DIED SINCE 1997 I'm wondering to what extent Declude clears up such encoding for the filters. For instance, would the following work in this instance: BODY 3 CONTAINS MR.DENNIS BROWN or maybe with a space for the line return: BODY 3 CONTAINS MR.DENNIS BR= OWN or rather without the space: BODY 3 CONTAINS MR.DENNIS BR=OWN Declude JunkMail should translate the CRLF (linefeed) into a space, so it the second line (MR.DENNIS BR= OWN) should catch it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question for Matt... COMBO-DUL test
I tripped across an e-mail from February where you put together a combo test for the DULs. Of course, I can't find that message again. I considering one for PROXY-COMBO with a maxweight so I can avoid the piling on too many points from multiple databases, yet I can still score the -DYNA and -ALL for small scores that may be false positives. Can you expound on your COMBO-DUL test again? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question for Matt... COMBO-DUL test
Scott, The idea behind DUL-COMBO is that a dynamic/residential IP is a dynamic/residential IP, so it doesn't make sense to variably score the IP based on how many DUL tests it hits. What I did was test something like 9 different DUL tests and I excluded the ones that had false positives, primarily for listing business DSL space. I was left with 4 DUL lists that never false positive according to the IP (as far as I can tell), but of course sometimes people do set up servers on DUL space and they get caught with this test. I score the tests with zero points in Global.cfg, but then use a custom filter that will give any and all DUL hits a total score of 8 on my system (mostly hold on 13, sometimes 10). This has worked beautifully. If you wanted to do a PROXY-COMBO test, I'm afraid that this might not be nearly as effective/useful. Take note that I weeded out DUL lists that had any wrong space listed in them, but with open relay lists, there are false positives everywhere, primarily because the zone administrators don't properly retest, expire, or take any action whatsoever to remove old nominations. ORDB is the best known open relay list, and their delisting process is ridiculously convoluted, and even impossible for some depending on their mail server. In a sense, you benefit from multiple hits on open relay-type tests, because the more lists that an IP appears in, the more likely that it is an active open relay, but if you combo-ed it, you would be making the test only as reliable as the most out of date test, and that would change from IP to IP. While I would discourage this, I would encourage combo-ing the FIVETEN open relay tests because they will often hit in doubles or triples, and they will false positive under those circumstances as well (it's a very poor design on their part). If you are looking for opportunity, look for killer patterns such as the combination of an open relay with a hit on SpamCop, or an XBL hit plus SpamCop, and there are dozens of killer combinations that have an extremely minute chance of throwing a false positive. Matt Scott Fisher wrote: I tripped across an e-mail from February where you put together a combo test for the DULs. Of course, I can't find that message again. I considering one for PROXY-COMBO with a maxweight so I can avoid the piling on too many points from multiple databases, yet I can still score the -DYNA and -ALL for small scores that may be false positives. Can you expound on your COMBO-DUL test again? Scott Fisher Director of IT Farm Progress Companies --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about using an equal sign in the wordfilter in Declude
I seem to be having issues trying to filter subject or body lines for the = symbol. In my wordfilter file, there is a line such as: BODY 8 CONTAINS style=font-size:1p Is this just me, or am I really missing something. What are the restricted characters in these files? I checked the manual and couldn't find a reference. Thanks Stan Lyzak BSEE, CISSP, MCSE², CCNA, Security+, A+ Network Security Engineer ASysTech, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about using an equal sign in the wordfilter in Declude
I seem to be having issues trying to filter subject or body lines for the = symbol. In my wordfilter file, there is a line such as: BODY 8 CONTAINS style=font-size:1p I'm not aware of any problems using the = sign in filters. I believe the only restricted characters are the % sign (which are used for variables, such as %MAILFROM%) and CR/LF characters (used to end the line). Are any E-mails failing that test? Are you using Declude JunkMail Pro? Are there any lines after the BODY 8 CONTAINS style=font-size:1p line? If so, can the cursor be moved to the line below it (if not, Windows can't properly process the last line)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
]Re: [Declude.JunkMail] Question about using an equal sign in the wordfilter in Declude
We are running Pro, v1.78. There are lines after this one (the = line rules are in the middle of a hundred or so rules). Let me run a manual test and see what happens.I may be taking a tech's word on something that I should have checked firsthand Thanks Stan Lyzak BSEE, CISSP, MCSE², CCNA, Security+, A+ Network Security Engineer ASysTech, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, April 05, 2004 5:13 PM To: [EMAIL PROTECTED] Subject:Re: [Declude.JunkMail] Question about using an equal sign in the wordfilter in Declude I seem to be having issues trying to filter subject or body lines for the = symbol. In my wordfilter file, there is a line such as: BODY 8 CONTAINS style=font-size:1p I'm not aware of any problems using the = sign in filters. I believe the only restricted characters are the % sign (which are used for variables, such as %MAILFROM%) and CR/LF characters (used to end the line). Are any E-mails failing that test? Are you using Declude JunkMail Pro? Are there any lines after the BODY 8 CONTAINS style=font-size:1p line? If so, can the cursor be moved to the line below it (if not, Windows can't properly process the last line)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about using an equal sign in the wordfilter in Declude
Nevermind...sorry for the wasted bandwidth. It works like it should (why did I doubt your app Scott?). Now pardon me, I have a tech to strangle. ;) Stan Lyzak BSEE, CISSP, MCSE², CCNA, Security+, A+ Network Security Engineer ASysTech, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, April 05, 2004 5:13 PM To: [EMAIL PROTECTED] Subject:Re: [Declude.JunkMail] Question about using an equal sign in the wordfilter in Declude I seem to be having issues trying to filter subject or body lines for the = symbol. In my wordfilter file, there is a line such as: BODY 8 CONTAINS style=font-size:1p I'm not aware of any problems using the = sign in filters. I believe the only restricted characters are the % sign (which are used for variables, such as %MAILFROM%) and CR/LF characters (used to end the line). Are any E-mails failing that test? Are you using Declude JunkMail Pro? Are there any lines after the BODY 8 CONTAINS style=font-size:1p line? If so, can the cursor be moved to the line below it (if not, Windows can't properly process the last line)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about these headers....
Hello all, I just received an email with the following headers... Received: from mx1.myoffer2u.com [205.138.96.41] by mail.pepperlink.net with ESMTP (SMTPD32-8.05) id A8B120AA00BA; Tue, 09 Mar 2004 17:44:01 -0500 Received: from centramedia.net (205.138.96.41) by mx1.myoffer2u.com (PowerMTA(TM) v1.5); Tue, 9 Mar 2004 14:51:09 -0800 (envelope-from [EMAIL PROTECTED]) From: terry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: hey bgc No Dor's Appointment Needed 3/9/2004 14:51:09 Reply-To: terry [EMAIL PROTECTED] Date: 09 Mar 2004 14:51:09 -0800 Message-ID: [EMAIL PROTECTED] MTA: YmdjQHBlcHBlcmxpbmsubmV0 MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 205.138.96.41 with no reverse DNS entry. X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [205.138.96.41] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: AHBL, REVDNS, WEIGHT10 [11] X-Note: QueInControl: D48b120aa00ba47ae.SMD (1) X-Spam-Tests-Failed: AHBL, REVDNS, WEIGHT10 [11] X-Note: RDNS Real Origin: [No Reverse DNS][205.138.96.41] X-Note: SMTP Real From: [EMAIL PROTECTED] X-Note: SMTP Real To: [EMAIL PROTECTED] X-Note: This E-mail was sent from [No Reverse DNS] ([205.138.96.41]). X-RBL-Warning: Total spam weight of this E-mail is 11. X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 378703842 Right after this I received an email that had no to and no from and here is the total email with headers From: Date: Tue, 9 Mar 2004 17:44:02 -0500 X-RCPT-TO: perlink.net Status: U X-UIDL: 378703843 IMA44c48b2.404e/mail.pepperlink.net Content-Type: text/plain; charset=us-ascii Message delivered successfully to [EMAIL PROTECTED] IMA44c48b2.404e/mail.pepperlink.net Content-Type: message/delivery-status Reporting-MTA: mail.pepperlink.net Final-Recipient: rfc8222;[EMAIL PROTECTED] Action: delivered Status: 2.0.0 IMA44c48b2.404e/mail.pepperlink.net Content-Type: message/rfc822 Received: from mx1.myoffer2u.com [205.138.96.41] by mail.pepperlink.net with ESMTP (SMTPD32-8.05) id A8B120AA00BA; Tue, 09 Mar 2004 17:44:01 -0500 Received: from centramedia.net (205.138.96.41) by mx1.myoffer2u.com (PowerMTA(TM) v1.5); Tue, 9 Mar 2004 14:51:09 -0800 (envelope-from [EMAIL PROTECTED]) From: terry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: hey bgc No Dor's Appointment Needed 3/9/2004 14:51:09 Reply-To: terry [EMAIL PROTECTED] Date: 09 Mar 2004 14:51:09 -0800 Message-ID: [EMAIL PROTECTED] MTA: YmdjQHBlcHBlcmxpbmsubmV0 MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 205.138.96.41 with no reverse DNS entry. IMA44c48b2.404e/mail.pepperlink.net-- Could someone let me know what is going on here.. and could I add myoffer2u.com to my kill list and catch these... Bennie --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about these headers....
The first message's source is well listed and should have been tagged better if your tests were in the default configuration, and many would probably have thrown every more at it. http://www.dnsstuff.com/tools/ip4r.ch?ip=205.138.96.41 The second E-mail looks to be severely munged and has no Declude headers. Check your IMail and JunkMail logs for this message and post what you find. I'm guessing that IMail didn't pass this to Declude, and this might have occurred while rebooting the machine or restarting the SMTP service (a known bug in IMail). It does really help knowing more than just what's on the surface, especially if you are going to give someone good advise, so take what I have said with a grain of salt. Matt Bennie wrote: Hello all, I just received an email with the following headers... Received: from mx1.myoffer2u.com [205.138.96.41] by mail.pepperlink.net with ESMTP (SMTPD32-8.05) id A8B120AA00BA; Tue, 09 Mar 2004 17:44:01 -0500 Received: from centramedia.net (205.138.96.41) by mx1.myoffer2u.com (PowerMTA(TM) v1.5); Tue, 9 Mar 2004 14:51:09 -0800 (envelope-from [EMAIL PROTECTED]) From: terry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: hey bgc No Dor's Appointment Needed 3/9/2004 14:51:09 Reply-To: terry [EMAIL PROTECTED] Date: 09 Mar 2004 14:51:09 -0800 Message-ID: [EMAIL PROTECTED] MTA: YmdjQHBlcHBlcmxpbmsubmV0 MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 205.138.96.41 with no reverse DNS entry. X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [205.138.96.41] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: AHBL, REVDNS, WEIGHT10 [11] X-Note: QueInControl: D48b120aa00ba47ae.SMD (1) X-Spam-Tests-Failed: AHBL, REVDNS, WEIGHT10 [11] X-Note: RDNS Real Origin: [No Reverse DNS][205.138.96.41] X-Note: SMTP Real From: [EMAIL PROTECTED] X-Note: SMTP Real To: [EMAIL PROTECTED] X-Note: This E-mail was sent from [No Reverse DNS] ([205.138.96.41]). X-RBL-Warning: Total spam weight of this E-mail is 11. X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 378703842 Right after this I received an email that had no to and no from and here is the total email with headers From: Date: Tue, 9 Mar 2004 17:44:02 -0500 X-RCPT-TO: perlink.net Status: U X-UIDL: 378703843 IMA44c48b2.404e/mail.pepperlink.net Content-Type: text/plain; charset=us-ascii Message delivered successfully to [EMAIL PROTECTED] IMA44c48b2.404e/mail.pepperlink.net Content-Type: message/delivery-status Reporting-MTA: mail.pepperlink.net Final-Recipient: rfc8222;[EMAIL PROTECTED] Action: delivered Status: 2.0.0 IMA44c48b2.404e/mail.pepperlink.net Content-Type: message/rfc822 Received: from mx1.myoffer2u.com [205.138.96.41] by mail.pepperlink.net with ESMTP (SMTPD32-8.05) id A8B120AA00BA; Tue, 09 Mar 2004 17:44:01 -0500 Received: from centramedia.net (205.138.96.41) by mx1.myoffer2u.com (PowerMTA(TM) v1.5); Tue, 9 Mar 2004 14:51:09 -0800 (envelope-from [EMAIL PROTECTED]) From: terry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: hey bgc No Dor's Appointment Needed 3/9/2004 14:51:09 Reply-To: terry [EMAIL PROTECTED] Date: 09 Mar 2004 14:51:09 -0800 Message-ID: [EMAIL PROTECTED] MTA: YmdjQHBlcHBlcmxpbmsubmV0 MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1252 Content-Transfer-Encoding: 7bit X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 205.138.96.41 with no reverse DNS entry. IMA44c48b2.404e/mail.pepperlink.net-- Could someone let me know what is going on here.. and could I add myoffer2u.com to my kill list and catch these... Bennie --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Question about MAILBOX action.
I don't use the MAILBOX action at all, I write a filterable header and use Imail filters to sort mail. Means it will work even on forwarded accounts to other servers or in clients with header filtering capabilities. Also, since I classify spam rank, you can take different actions based on rank, delete, hold, forward, and I can whitelist with a rule before it. Thanks, Chuck Frolick ArgoLink.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Levitsky Sent: Saturday, January 31, 2004 5:15 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Question about MAILBOX action. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 31, 2004 9:14 AM Subject: Re: [Declude.JunkMail] Question about MAILBOX action. Received: from SMTP32-FWD by joshie.com (SMTP32) id A047C0052; Fri, 30 Jan 2004 20:31:00 This line shows that the E-mail was forwarded -- note that forwarded E-mail won't have the MAILBOX action applied to it (since it may be forwarded to another server that doesn't support mailboxes the way that IMail does). After posting I realized that it is of course a forward because IMail won't let me delete the root account. Both domains are on the same IMail server though. What do others with multiple domains that use MAILBOX do for their root acocunts and such to consolidate the mail but still have the MAILBOX action do its thing? -Josh --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about MAILBOX action.
Since that change I've noticed that spam (like the attached) that is to [EMAIL PROTECTED] can end up in my inbox (I have jlevitsk as an alias to root on the server) rather than it going in to my JunkMail folder. Received: from SMTP32-FWD by joshie.com (SMTP32) id A047C0052; Fri, 30 Jan 2004 20:31:00 This line shows that the E-mail was forwarded -- note that forwarded E-mail won't have the MAILBOX action applied to it (since it may be forwarded to another server that doesn't support mailboxes the way that IMail does). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Question about MAILBOX action.
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 31, 2004 9:14 AM Subject: Re: [Declude.JunkMail] Question about MAILBOX action. Received: from SMTP32-FWD by joshie.com (SMTP32) id A047C0052; Fri, 30 Jan 2004 20:31:00 This line shows that the E-mail was forwarded -- note that forwarded E-mail won't have the MAILBOX action applied to it (since it may be forwarded to another server that doesn't support mailboxes the way that IMail does). After posting I realized that it is of course a forward because IMail won't let me delete the root account. Both domains are on the same IMail server though. What do others with multiple domains that use MAILBOX do for their root acocunts and such to consolidate the mail but still have the MAILBOX action do its thing? -Josh --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question about MAILBOX action.
Scott or anyone else that knows... Weird thing. I just started using MAILBOX JunkMail As an action for mail and I use the imail util that purges old messages to make it so junk stays for 7 days max in the JunkMail folder for any user. Since that change I've noticed that spam (like the attached) that is to [EMAIL PROTECTED] can end up in my inbox (I have jlevitsk as an alias to root on the server) rather than it going in to my JunkMail folder. Is this because the mail should end up in [EMAIL PROTECTED] but because root is an alias it ends up in [EMAIL PROTECTED] rather than [EMAIL PROTECTED] ? What is the most appropriate way to use the MAILBOX action so that doesn't happen? I'm running ... C:\IMaildeclude -diag Declude 1.77i24 (C) Copyright 2000-2004 Computerized Horizons. Diagnostics ON (Declude v1.77i24). Declude JunkMail: Config file found (C:\IMail\Declude\global.CFG). Declude Virus: Config file found (C:\IMail\Declude\Virus.CFG). Declude Hijack:Not installed (no C:\IMail\Declude\Hijack.CFG file). Declude Confirm: Config file found (C:\IMail\Declude\Confirm.CFG). 65 spam tests defined: DOSENDERACTIONS AHBL BLITZEDALL CBL SBL DSBL ORDB SORBS-H TTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-SPAM SORBS-WEB SORBS-BLOCK SORBS-ZOM BIE SORBS-DUHL SPAMASSASSIN SPAMCOP FIVETENSRC NJABL NJABLDUL NJABLPROXIES DSBLA LL FIVETENIGNORE SECURITYSAGE MAILPOLICE-BULK MAILPOLICE-PORN DSN NOABUSE NOPOST MASTER BONDEDSENDER BADHEADERS BASE64 CMDSPACE HELOBOGUS MAILFROM PERCENT REVDNS ROUTING SPAMHEADERS SPFPASS SPFFAIL COMMENTS NONENGLISH IPNOTINMX NOLEGITCONTEN T DNSFILTER HEADFILTER BODYFILTER SUBJFILTER URLFILTER FROMFILTER SPAMDOMAINS Y! DIRECTED ANTI-Y!DIRECTED OBFUSCATION ZAPTHEDINGBAT @LINKED [EMAIL PROTECTED] IPLINKED SUBSPACE-10 SUBSPACE-20 SUBSPACE-30 SPAMLOW SPAMHIGH IMail reports Official Host Name as: joshie.com. IMail's SendName registry seems OK: C:\IMail\Declude.exe. DNS Server: 64.81.214.118 Declude JunkMail Status: PRO version registered. Declude Virus Status:Standard Version Registered. Declude Hijack Status: NOT REGISTERED: No activation code. End of diagnostics. -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] ---BeginMessage--- Hey Root, just thought i would let you know what this GSC is all about. IF you suffer from ED and are paying for viagra then you may be interested in this. Everyone i know is really saving with the generic version of viagra, its the same thing and its alot cheaper. Anyways if your interested, check out http://www.pills888.com/host/defaultasp?id=1915 Have a good one! R e m o v e|| http://www.pills888.com/host/emailremove.asp ---End Message---
Re: [Declude.JunkMail] Question about MAILBOX action.
Hey Josh, MAILBOX follows the alias to the final destination. I believe that IMail writes this to the Q* file when the E-mail is received. It would not be a good idea to have it only work with the To address because these things don't always point to real accounts (think nobody alias and the trouble there). I would imagine that you could separate it out by using forwarding instead of aliasing, but that would need to be tested for accuracy. Matt Joshua Levitsky wrote: Scott or anyone else that knows... Weird thing. I just started using MAILBOX JunkMail As an action for mail and I use the imail util that purges old messages to make it so junk stays for 7 days max in the JunkMail folder for any user. Since that change I've noticed that spam (like the attached) that is to [EMAIL PROTECTED] can end up in my inbox (I have jlevitsk as an alias to root on the server) rather than it going in to my JunkMail folder. Is this because the mail should end up in [EMAIL PROTECTED] but because root is an alias it ends up in [EMAIL PROTECTED] rather than [EMAIL PROTECTED] ? What is the most appropriate way to use the MAILBOX action so that doesn't happen? I'm running ... C:\IMaildeclude -diag Declude 1.77i24 (C) Copyright 2000-2004 Computerized Horizons. Diagnostics ON (Declude v1.77i24). Declude JunkMail: Config file found (C:\IMail\Declude\global.CFG). Declude Virus: Config file found (C:\IMail\Declude\Virus.CFG). Declude Hijack:Not installed (no C:\IMail\Declude\Hijack.CFG file). Declude Confirm: Config file found (C:\IMail\Declude\Confirm.CFG). 65 spam tests defined: DOSENDERACTIONS AHBL BLITZEDALL CBL SBL DSBL ORDB SORBS-H TTP SORBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-SPAM SORBS-WEB SORBS-BLOCK SORBS-ZOM BIE SORBS-DUHL SPAMASSASSIN SPAMCOP FIVETENSRC NJABL NJABLDUL NJABLPROXIES DSBLA LL FIVETENIGNORE SECURITYSAGE MAILPOLICE-BULK MAILPOLICE-PORN DSN NOABUSE NOPOST MASTER BONDEDSENDER BADHEADERS BASE64 CMDSPACE HELOBOGUS MAILFROM PERCENT REVDNS ROUTING SPAMHEADERS SPFPASS SPFFAIL COMMENTS NONENGLISH IPNOTINMX NOLEGITCONTEN T DNSFILTER HEADFILTER BODYFILTER SUBJFILTER URLFILTER FROMFILTER SPAMDOMAINS Y! DIRECTED ANTI-Y!DIRECTED OBFUSCATION ZAPTHEDINGBAT @LINKED [EMAIL PROTECTED] IPLINKED SUBSPACE-10 SUBSPACE-20 SUBSPACE-30 SPAMLOW SPAMHIGH IMail reports Official Host Name as: "joshie.com". IMail's SendName registry seems OK: "C:\IMail\Declude.exe". DNS Server: 64.81.214.118 Declude JunkMail Status: PRO version registered. Declude Virus Status:Standard Version Registered. Declude Hijack Status: NOT REGISTERED: No activation code. End of diagnostics. -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] Subject: Onl1ne Ph4rmacy - V1agra Lowest Pr!ces! ... From: "Lily Greene" [EMAIL PROTECTED] Date: Sat, 31 Jan 2004 05:27:15 +0400 To: [EMAIL PROTECTED] Hey Root, just thought i would let you know what this GSC is all about. IF you suffer from ED and are paying for viagra then you may be interested in this. Everyone i know is really saving with the generic version of viagra, its the same thing and its alot cheaper. Anyways if your interested, check out http://www.pills888.com/host/defaultasp?id=1915 Have a good one! R e m o v e|| http://www.pills888.com/host/emailremove.asp -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =