>Scott, I've now been running DECLUDE for two days and from a first look,
>I like the product. However, it has been catching a large number of
>valid messages and I'm wondering what actions to take with them. The
>most common failures are on REVDNS,
That one does have a lot of false positives -- between all the lazy admins
("I'll do it tomorrow, I guess it's OK if we lose a bit of mail in the
meantime") and the admins that *think* they have a reverse DNS entry but
really do not, there are a lot of admins on there. While the first
category (the lazy admins) are probably worth blocking (since they are very
likely to have their mailserver set up to let spammers use it), the second
category probably isn't worth blocking.
> HELOBOGUS
This is from the latest beta version. Reports in the spam community were
VERY wrong when they were saying that E-mails failing this test had about a
99.9% chance of being spam.
>and WEIGHT10.
That's bad, very bad. That means that the people sending you legitimate
mail have mailservers that are poorly set up. You may want to check to see
what the weight is for the HELOBOGUS test -- if it is set to 8, it would
cause the WEIGHT10 test to be triggered a bit too quickly (a setting of 3
or 4 might be better; I believe we have it set to 3 now).
>I remember reading about turning off WEIGHT10 and using WEIGHT20 (I
>think), but
>what about the others?
I would strongly recommend reading a bit about them in the manual, or at
http://www.declude.com/junkmail/support/ip4r.htm . If you are going to be
blocking mail, it's a very good idea to know why you are blocking it.
>Can I send something to the host postmaster to
>let them know that their servers are not properly configured? Or is
>there more to it than that?
One option is to use the BOUNCE action (or the ALERT action, when sends a
bounce-like message, but also delivers the original E-mail). By default,
these will go to the person who sent the E-mail, which is usually best for
two reasons -- first, if the E-mail is spam, it won't end up bothering an
innocent postmaster, and second, the sender of the E-mail is more likely to
get the problem solved than the postmaster (who make just delete the
automated message).
>A couple of other questions. Is there any
>way to set up two actions for a certain failed test? For instance, if I
>want to WARN and then modify the subject line?
Multiple actions per test
Declude JunkMail does not support multiple actions per test. When it was
designed, it was assumed that people would only want to use one of the two
actions that other anti-spam products use: WARN or BOUNCE.
However, since Declude JunkMail allows so many different actions to be
taken on E-mail, a number of people have requested the ability to use
multiple actions per test. Although Declude JunkMail does not support this,
there is a way to accomplish the same end result. You just need to define
two copies of the same test, each with a different name.
For example, if you wanted to have the SPAMCOP test use both the WARN and
SUBJECT actions, you would change add a new test SPAMCOP2. The
\IMail\Declude\global.cfg defines the SPAMCOP test as: SPAMCOP ip4r... You
would add another entry that is identical except with a different name, so
you would now have: SPAMCOP ip4r... SPAMCOP2 ip4r... Then, in your
$default$.JunkMail file, you could have: SPAMCOP SUBJECT Spam: SPAMCOP2
WARN Now, both actions will be used. There are some combinations of actions
that will not work together (such as DELETE and HOLD, which logically can't
both be used), but most will. Also, if you use the weighting system, you
should set the weights of the second test to 0, so that you do not end up
with double the weight.
>Can I run my
>server through these same tests to ensure that messages from our servers
>are not flagged as SPAM?
Yes -- you can go to http://www.DNSstuff.com and use the "spam database
lookup" tool (it's best to enter the IP address there, not the hostname).
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
