Well, Glen, there's a LOT more that you could be doing. I see that you've only put forward the names of built-in tests and IP4R tests. Do you have Declude Junkmail Lite, Standard or Pro? And have you upgraded to the current version of the declude.exe application?
The manual is here: http://www.declude.com/Articles.asp?ID=116 Regarding your built-in tests, I'd suggest you look at adding: CMDSPACE WARN CONTSPACES WARN COUNTRY LOG IPNOTINMX LOG LONGSUBJECT WARN CMDSPACE and CONTSPACES are good but you'll have to beware of false positives; as an ISP, you in particular may have problems with CMDSPACE and (I believe) your own clients using Outlook Express. Someone else here may have a pointer about using it safely, perhaps with the "WHITELIST AUTH" directive in your global.cfg (I'm going from memory here; I don't have that particular issue). COUNTRY is quite good at adding weight based the country the message originated in. Quite handy if you were a business that gets no legitimate mail from Singapore or Korea or Brazil. As for your existing IP4R tests, check http://www.declude.com/Articles.asp?ID=97&Redirected=Y for a long list of what's available and how to configure them. I see that you are using CBL, but not SBL or XBL. Check out http://www.spamhaus.org and replace your CBL with a SBL and XBL line. Your users will thank you. CBL is incorporated in XBL along with two other lists, and the source has a lower latency than CBL. SBL is just plain good. I see that you have one test called REYNOLDS*. Note that all the Reynolds tests have gone away and been replaced by ones at DNSBL.Net.Au ... since this is an Australian ISP, you may find their various lists far most useful than I found them, and your latency should be much lower. As with Reynolds, check out SORBS. You're only using 3 tests, but you may find that with a low latency, it's worth running more of them. I see that you're running SPAMDOMAINS; you could probably gain from using the latest; search the archives at http://www.mail-archive.com/[email protected]/ for the latest SD.txt and related material. Notes on external tests: You only listed one Sniffer test, so I'm guessing that you are running the demo version. Do yourself a favour and instead of specifying "nonzero" as the return value, make 3 tests with 3 names, and use the 63, 55, and 60 as the values. Declude is smart enough that it doesn't actually run the test 3 times, it just compares each test against the return value. See this for what these return values do: http://www.sortmonster.com/MessageSniffer/Help/ResultCodesHelp.html and at a US $1/day, consider getting the whole enchilada. I suggest setting your action for 55 to HOLD, and I seldom do that. If your server(s) are already working hard, you should also check out the nifty new ability of Sniffer to do "persistent mode". See the website for details. Your processors will thank you. Notes on counterweight tests: I see that you're using both SPFFAIL and SPFPASS; don't go crazy with too low a "reward weight" for SPFPASS. No trojan'ed zombie hosts are going to use SPF, but the kind of dyed-in-the-wool spammers on SBL certainly do. If you lean on SPFPASS to help negatively weight good mail, you're helping these spammers too. Most of the vocal subscribers on this list don't use SPFPASS at all. To help reward the good guys, you might find useful the tests at: http://www.trusted-forwarder.org/ which is designed to complement the SPF tests (fwiw, they are not listed on that Declude web page of DNS based tests). Likewise, check out http://www.ahbl.org and on their Services page, check out Exemptions. Likewise, check out BondedSender from that Declude web page of DNS based tests. For tests that have good bang-for-your-buck to catch spam: Check out AHBL for good spam tests, too. Check out FIVETEN. Check out MAILPOLICE. Check out NJABL. Check out SENDERDB. Andrew 8) p.s. Hey, mail-archive.com just got a facelift and has caught up on it's backlog! p.p.s. Since I wrote a different screed on getting up-to-date with your Declude configuration recently, you can read that here: http://www.mail-archive.com/[email protected]/msg21880.html -----Original Message----- From: Glen Harvy [mailto:[EMAIL PROTECTED] Sent: Sunday, November 07, 2004 9:07 PM To: Declude Junkmail Subject: [Declude.JunkMail] Latest Spam Tests Importance: High Hi, I'm about to review/update my spam tests which currently are: BASE64 WARN CBL WARN COMMENTS WARN DSBL WARN MYFILTERS WARN X-Warning: This E-mail failed Spam filters ORDB WARN REYNOLDSRSMT WARN SORBS-NOMAIL WARN SORBS-SMTP WARN SORBS-SPAM WARN SPAMCOP WARN DSN WARN NOABUSE WARN NOPOSTMASTER WARN BADHEADERS WARN HELOBOGUS WARN MAILFROM WARN PERCENT WARN REVDNS WARN ROUTING WARN SPAMHEADERS WARN SPAMDOMAINS WARN SPFPASS WARN SPFFAIL WARN BLACKLIST WARN SNIFFER WARN Can someone be king enough to share their's and/or comment on mine. Thanks, _____________________________________ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
