All, I have just extended Declude in a way that some of you may find useful. Though the code itself is not shareable, the framework could be replicated in any programming or scripting language, along with the available tools of IMail and Declude.
The client is a financial firm which is becoming increasingly apprehensive about the sheer volume of warnings (ALERTs) sent back to their clients/partners for low-level offenses (HELOBOGUS) and medium-level offenses (REVDNS, REVDNS+HELOBOGUS, REVDNS+BADHEADERS). The client (or at least their IT group!) stands with us on the theoretical customer service payoff of helping remote admins fix their stuff, and the real experience on that front has been largely positive as well. Yet the fact that they are sending back a deluge of warnings has made them worry that they are "rubbing it in" and ruining what would otherwise be helpful--this is especially true when the remote IT group has already been contacted and fixes are underway. We're not fans of *manual* temporary whitelisting, as you might imagine. But self-expiring daily and weekly whitelists seem to be just the ticket: the local users still get their Subject: modified, so they don't get too comfortable, while the remote users get one warning per day or per week, depending on the severity of their issues, so they stay aware without being frustrated to the point of bit-bucketing everything from the Postmaster. So this is what we did: - Added counterweight FROMFILE and IPFILE whitelists that, together, reduce the severity of each of our WEIGHTRANGE tests beneath the ALERT level - Wrote a couple of small EXEs that can strip out a sender and IP address from messages in a known format and write these variables to FROMFILE and IPFILE whitelists - Set the ALERT message for each WEIGHTRANGE test to be copied to Program Aliases whose targets are the EXEs above, which were written to its format - Set the action for the daily and weekly whitelists to insert the [POSSIBLE SPAM] in the subject, to make sure the mail still gets tagged - Set Task Scheduler to delete the weekly FROMFILE and IPFILE once per week, and the daily FROMFILE and IPFILE once per day This is by no means a sealed-tight solution, as it may let a little bit of spam through in certain situations. Again, it is meant as an interim measure, as we still consider all the cases "open"; and it doesn't change HOLD actions at all, just a sort of throttle for ALERTs. Perhaps some are also doing things like this and can contribute their experience, while others may now have their interests piqued. -Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] ------------------------------------ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
