Hi Darrell: I have a number tests like the following:
============================================== TESTSFAILED END CONTAINS [MULTIPLE.COMBO. MINWEIGHTTOFAIL 4 MAXWEIGHT 4 TESTSFAILED 1 CONTAINS [COMBO.AHBL] TESTSFAILED 1 CONTAINS [COMBO.RFC-IGNORANT] TESTSFAILED 1 CONTAINS [COMBO.DNSBL] TESTSFAILED 1 CONTAINS [COMBO.DSBL] TESTSFAILED 1 CONTAINS [COMBO.BLITZED] TESTSFAILED 1 CONTAINS [COMBO.ABUSEAT] TESTSFAILED 1 CONTAINS [COMBO.FIVETEN] TESTSFAILED 1 CONTAINS [COMBO.MAILPOLICE.rhsbl] TESTSFAILED 1 CONTAINS [COMBO.MAILPOLICE.dnsbl.DYNA] TESTSFAILED 1 CONTAINS [COMBO.NJABL] TESTSFAILED 1 CONTAINS [COMBO.SPAMHAUS] TESTSFAILED 1 CONTAINS [COMBO.SORBS] TESTSFAILED 1 CONTAINS [COMBO.MPBL] TESTSFAILED 1 CONTAINS [COMBO.SPAMCOP] TESTSFAILED 1 CONTAINS [COMBO.XBL] TESTSFAILED 1 CONTAINS [COMBO.MAILPOLICE] ============================================== This is Multiple_Combo_4 I have this as th first test- then I have _3, _2, and _1 This tells me how many of these groups a test has failed. My test names are based following an OO model. So thes tests are called: [MULTIPLE.COMBO.1.2.3.4] [MULTIPLE.COMBO.1.2.3] [MULTIPLE.COMBO.1.2] [MULTIPLE.COMBO.1] Then I have combo filters that for example have: TESTSFAILED 0 CONTAINS [MULTIPLE.COMBO.1.2. That tells me if at least 2 groups have failed. The above will fail for 2, 3, or 4 groups So having said all the above- I have elevation tests that are based on various factors and the above combination. So in this case I think a logical step would be: - has more than 2 tests failed - does the email have more than 5 BCC's - etc. I have not played with BCC yet but if I were to do it I would definitely test it with failure with at least 2 other ip4r groups and perhaps REVDNS and HOLO_IP test. Hope that helps. Regards, - Kami -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, April 12, 2005 2:07 PM To: [email protected] Subject: Re: [Declude.JunkMail] DYNHELO Test Kami, Excellent point - what would you combo this with? Darrell Kami Razvan writes: > Darrell.. > > The BCC test to me is scary if used by itself- I can see it being used > as a combo test but alone with any weight is not something I would > use. We have clients that use their outlook and send 50+ people in a single BCC .. > > Emails to boards and volunteer groups in nonprofits and political > groups are quite typical with large BCC. > > Just my 2 cents.. > > Regards, > - Kami > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Darrell > ([EMAIL PROTECTED]) > Sent: Tuesday, April 12, 2005 1:12 PM > To: [email protected] > Subject: [Declude.JunkMail] DYNHELO Test > > Is anyone using the DYNHELO test in Declude - if so do you have any > information on it? What specifically is it looking for? False positive > rate? I found it in the new global.cfg file, but did not see any > references to it in the manual. > > Also, for the BCC test any thoughts on what the sweet spot tends to be > - by default it comes at 10. Has anyone tweaked this? > > Darrell > > ---------------------------------------------------------------------- > ---- Try invURIBL - an advanced URI filtering test that will block > more than 85% of all SPAM with the default configuration? Try it for > free http://www.invariantsystems.com/invuribl/default.htm > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
