Well I had a interesting night. A lot of my outgoing email was being returned with user unknown, even though it was correct and somehow got into a loopback and duped the emails. I finally had to shutdown Junkmail and everything is working error free now. Scott I need help when you can please or anyone else. Something is messed up. I am running iMail 7.06. I can send you all my junkmail files if needed. I love this program and would like to see it back in action
John MegaByte -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jay A. Caplan Sent: Friday, March 22, 2002 10:47 AM To: Declude. JunkMail (E-mail) Subject: DORKZTL:RE: [Declude.JunkMail] sample global cfg >>Hello, I have used this program for a while, but it still marks some legitimate mail as spam. Does anyone have a sample cfg file that blocks a good amount but doesn't mark legit mail spam I could look at? Do most people just have it mark it spam or have it automatically delete it? Thanks, Mark<< Below is the GLOBAL.CFG file I use. I have edited out our whitelist entries and custom blacklists. You'll notice a few things that are different from the default file: 1) I am using the MAPS tests, which we pay a yearly subscription for. After using it for a while, along with all the other free sites, I am not so impressed with it. From reviewing the headers of spam to see which tests caught it, I really don't recall where MAPS was the only one to catch it. There are usually a couple of other tests that also catch the same spam. I don't see any distinct advantage to MAPS at this point that is worth paying for. Literally, I could probably drop it and not affect my spam catching ability too much. 2) Where a blackhole site has separate return values for different tests, I do not look for the separate return values - I just use the wildcard "*" to accept any return value. I presently am not distinguishing which test from a site provoked a positive response. 3) I have two WEIGHT tests. I use a WEIGHT12 test to decide whether or not a particular email is spam. I use 12 because it has a number of factors, allowing me to fine tune the relative weighting of the tests. Based on my experience with the reliability of a test, those that I have high confidence in get a weight of 12, allowing a single test in some cases to impeach an email. Other tests that generally do a good job get a weight of 6, requiring two of them to concur before considering an email spam. Finally, for those tests that are less reliable, I give them a weight of 4, requiring three of them to concur before mail is branded as spam. Note that I could extend this to weights of 3 and 2, requiring concurrence of four and six tests respectively. After reviewing the headers of many messages for the weights they received, I noticed that some messages got tagged by so many tests as being spam that they had weights in the stratosphere! I decided that with that much concurrence among all the tests that I use, the chances of an email being spam approach 100%. So, I have a weight test of WEIGHT53. The value of 53 has been determined by basically trial and error of what value defines a threshold above which there were zero false positives. 4) In my "$default$.junkmail" file, all tests are assigned the "LOG" action, except for WEIGHT12, which gets "WARN" and WEIGHT53 which gets "HOLD". Our use of IMail and Declude Junkmail is in a corporate environment. All of our email users are standardized on the use of Outlook 2000. We use Outlook rules to look for email headers that contain the string "X-RBL-Warning:" and move messages with such headers to a "Junk Mail" folder. Our users are asked to periodically review the messages placed there for false positives before they delete the spam. Messages that get tagged by the WEIGHT53 test and are put in the \IMail\spool\spam folder are reviewed by me before deletion. I am looking at using the SpamReview program to assist me in this effort. Although I am sorely tempted, I presently do NOT automatically delete any mail, for fear of an important business communication receiving a false positive. This may change - I may decide on a weight threshold high enough that I would have the confidence to delete it without review. Here's my GLOBAL.CFG. The formatting of the columns got somewhat skewed when importing it into this email... # # Declude JunkMail configuration file # CODE [Insert your code here] # The "####" in the LOGFILE option gets replaced with the month/date with v1.11 and higher LOGFILE D:\IMail\spool\dec####.log LOGLEVEL LOW LOG_OK NONE # Hop is set to 4 because we outsource our virus scanning and have 4 mailservers in front of our mail server. HOP 4 #HOPHIGH 1 # # Below are some advanced options # CONSOLE OFF XINHEADER X-Note: JunkMail tests failed: %TESTSFAILED% XINHEADER X-Note: This E-mail was scanned by Declude JunkMail v%VERSION% for spam. XOUTHEADER X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. #IPBYPASS 127.0.0.1 #XSENDER OFF XSPOOLNAME ON #XINHEADER X-Note: This E-mail was sent from %REVDNS% ([%REMOTEIP%]). #XOUTHEADER Organization: Your Name Here MAPS-RBLPLUS ip4r rbl-plus.mail-abuse.org * 12 0 OSRELAY ip4r relays.osirusoft.com * 6 0 ORDB ip4r relays.ordb.org * 6 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 12 0 ORBZIN ip4r inputs.orbz.org 127.0.0.2 6 0 VISI ip4r relays.visi.com 127.0.0.2 12 0 COMPU ip4r blackhole.compu.net 127.0.0.4 6 0 COMPU-PM0 ip4r pm0-no-more.compu.net 127.0.0.4 12 0 NJABL ip4r dnsbl.njabl.org * 6 0 SUMMIT ip4r blackholes.2mbit.com 127.0.0.2 12 0 WIREHUB-DNSBL ip4r blackholes.wirehub.net 127.0.0.2 6 0 WIREHUB-DYNA ip4r dynablock.wirehub.net 127.0.0.2 6 0 DORKS ip4r orbs.dorkslayers.org 127.0.0.2 6 0 # Fiveten seems to return too many false positives FIVETENSRC ip4r blackholes.five-ten-sg.com * 4 0 GUARDBLOCK ip4r spamguard.leadmon.net * 6 0 SPAMBAG ip4r blacklist.spambag.org 127.0.0.2 6 0 # Blars tagged mail from yahoo.com as spam! BLARS ip4r block.blars.org * 6 0 BLITZED ip4r opm.blitzed.org * 6 0 DEVNULL ip4r dev.null.dk 127.0.0.2 12 0 DEWS ip4r dews.qmail.org 127.0.0.2 12 0 FABELSOURCES ip4r spamsources.fabel.dk 127.0.0.2 12 0 FLOWGO ip4r flowgoaway.com 127.0.0.2 12 0 INTERSIL ip4r blackholes.intersil.net 127.0.0.2 12 0 SELWERD ip4r xbl.selwerd.cx 127.0.0.2 12 0 MONKEYPROXIES ip4r proxies.relays.monkeys.com 127.0.0.1 12 0 MONKEYFORMMAIL ip4r formmail.relays.monkeys.com 127.0.0.1 6 0 DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 6 0 DNSUCE rhsbl in.dnsbl.org * 12 0 NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 4 0 NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 4 0 MONKEYSENDER rhsbl sender-domain.sjesl.monkeys.com 127.0.0.1 6 0 PIGS rhsbl bandwidth-pigs.monkeys.com 127.0.0.1 6 0 MAILFROM envfrom x x 12 0 SPAMHEADERS spamheaders x x 12 0 ROUTING spamrouting x x 12 0 PERCENT percent x x 12 0 BADHEADERS badheaders x x 6 0 REVDNS revdnsexists x x 4 0 WEIGHT12 weight x x 12 0 WEIGHT53 weight x x 53 0 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
