Re: [Declude.JunkMail] safe way to "whitelist" this

[Matt]

Don't whitelist, negative weight if you are the administrator.  There are two things to go after, the MAILFROM, or the REMOTEIP.  It appears that the school district has only one mail server, in which case you could create a filter file called PSEUDO-WHITE and add in the following line: REMOTEIP   -10   IS   204.228.60.250 Alternatively if you are running the standard version, you can create an ipfile with the following entry and weight it negatively in your Global.cfg: 204.228.60.250/32 If you get susd.org E-mail from various sources, you can try a filter file with MAILFROM, or a fromfile in JunkMail Standard.  Choose IP over the mail from address because it is never spoofed from what I can tell (but you should never say never of course). One other thing would be to review your weighting settings because that's a little tight to be holding on IMO.  I weight BASE64 at 3 and HELOBOGUS as 4, though that is just one piece of the entire picture of course.  I suspect that this message came from Exchange Web mail, and there are 3 Microsoft X-mail headers that you might want to be counterweighting for failing BASE64 because Microsoft will base64 attach plain text in Web mail.  Search the archives for "microsoft exchange", I'd rather not post it again.  When Scott comes out with some "not" tests, you can help to protect from spammers exploiting such negative weighting by adding some END statements to the filter file since all of these have other required header elements that need be present. Matt David Dodell (by way of R. Scott Perry ) wrote: I get email from the susd.org domain on a regular basic, but they are poorly setup.  The headers appear as such: X-Declude-Sender: [EMAIL PROTECTED] [204.228.60.250] X-Spam-Tests-Failed: BASE64, HELOBOGUS, REVDNS, WEIGHT10 [10] X-Country-Chain: UNITED STATES->destination X-Note: This E-mail was sent from [No Reverse DNS] ([204.228.60.250]). X-Hello: pyle.susd.org X-Declude-Date: 01/13/2004 13:46:08 [0] I have the domain setup in a reverse domain test, but that doesn't negative weigh because they don't have a valid reverse DNS. How can I whitelist this domain safely? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================