Re: [Declude.JunkMail] Detect "Test NOT Failed"

[Matt]

Andy, That's not how MINWEIGHT works.  MINWEIGHT is used for a filter so that it doesn't subtract any more than the value that you give it, generally a negative number unless you get fancy and apply scoring tests first. The only way to do this currently would be to create an external test to run after Sniffer which passes in the %WEIGHT% variable. Matt Andy Schmidt wrote: Hi,   I'm trying to detect mails weight >= 15 that did NOT fail "Sniffer".   I have:   Global.cfg:   SNIFFER  external  nonzero "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 4 0 SNIFFER-SNAKE external  052 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 1 0 SNIFFER-SCAMS  external  053 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0 SNIFFER-PORN external  054 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0 SNIFFER-MALWARE external  055 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0 SNIFFER-OBFUSC  external  061 "D:\IMAIL\Sniffer\Win32\????????.exe ?????" 2 0   NOTSNIFFed filter  D:\IMail\Declude\NOTSNIFFEDfilter.txt x 0 0   In "NOTSNIFFEDfilter.txt"   MINWEIGHT 15 TESTSFAILED END CONTAINS SNIFFER REMOTEIP 0 CONTAINS .   Yet, the log doesn't show "NOTSNIFFed":   05/31/2004 17:48:59 Qa83f230c00e4d595 SPAMCOP:7 XBL-DYNA:7 HELOBOGUS:3 REVDNS:5 SPAMROUTING:4 .  Total weight = 26. 05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=19 (26) and at least 1 recipients (7). 05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=14 (26) and at least 4 recipients (7). 05/31/2004 17:48:59 Qa83f230c00e4d595 Bypassing whitelisting of E-mail with weight >=12 (26) and at least 6 recipients (7). 05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED] 05/31/2004 17:48:59 Qa83f230c00e4d595 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]  IP: 61.73.93.27 ID: 05/31/2004 17:48:59 Qa83f230c00e4d595 Tests failed [weight=26]: BYPASS19=IGNORE BYPASS14=IGNORE BYPASS12=IGNORE SPAMCOP=WARN NJABLDYNA=LOG SORBS=WARN SORBS-DUHL=LOG XBL-DYNA=IGNORE HELOBOGUS=WARN IPNOTINMX=IGNORE REVDNS=ALERT SPAMROUTING=WARN NOLEGITCONTENT=IGNORE WEIGHTKILL=DELETE 05/31/2004 17:48:59 Qa83f230c00e4d595 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED] [EMAIL PROTECTED] Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone:  +1 201 934-3414 x20 (Business) Fax:    +1 201 934-9206 http://www.HM-Software.com/   -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================