Darin, Well, I tried specifying a hold path. No joy. Declude just ignored it.
However, I did find that specifying HOLD without the %DATE% or a path, even though it resulted in a path with double slashes (see below), worked. It did hold the spam in the root spam directory without errors in the log. 09/04/2005 18:28:46.540 68454539631 [6500] ACTION_HOLD - datahold [D:\APPS\SMARTERMAIL\SPOOL\spam\\68454539631.EML] 09/04/2005 18:28:46.540 68454539631 [6500] ACTION_HOLD - reciphold [D:\APPS\SMARTERMAIL\SPOOL\spam\\68454539631.HDR] I'll try this configuration for a while and see how it goes. Good advice about sniffer. I did purchase sniffer when I bought Declude. So far I haven't had any false positives but then I haven't been real aggressive yet on my filtering. I'm trying to establish a baseline and see how our legitimate business email may be scoring so that I can determine where I can safely set our hold weight. I installed invURIBL a few days ago on a trial basis but I disabled it when these other problems cropped up. I'm anxious to try it again when I get past some of these other problems. I see what you mean about filters being an ongoing process. I had to create some custom filters to catch some spam that was getting through. I used a few filters from ftp://ftp.clickandpledge.com/imail/ as a basis for setting up my own filters. Right now I have a blacklisted domain filter (URLS in bodies) and I have a viagra filter and a porno filter. That's about it for now. I'm trying not to change too much too quickly otherwise it's difficult to know if a change I may have made has contributed to one of the problems I'm seeing. Thanks again for all of your help and suggestions. I have a lot to learn about Declude and all suggestions are most welcome! Have a great day! Dave > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Sunday, September 04, 2005 2:09 PM > To: [email protected] > Subject: Re: [Declude.JunkMail] Declude bugs and problems with smartermail > > Hi Dave, > > One comment. I don't think of Declude as an set it and forget it-type > tool. > It does take maintenance to stay on top of the spam problem... adding > tests > when needed, removing old tests, adjusting weights, etc... in general > adjusting as the spam war changes. > > When we first installed it, we only did subject tagging and got about an > 80% > catch rate. For the first year we didn't do much to it except add a few > new > DNSBL or RHSBL tests here and there. It wasn't until a management change > in > 2003 that we had the freedom to pursue it more, switched to a hold policy > with no subject tagging, and got our catch rate up around 99.5% with less > than 0.5% false positives, much of it with the help of tools like Message > Sniffer from sortmonster.com. > > If you haven't looked at it, I would highly recommend you do so. By > itself, > Sniffer has a catch rate around 95% on our systems. And while we do see > almost daily false positives from Sniffer, part of it is due to a few > customers that work in subjects very similar to typical spam... like a > design/marketing firm that works with marriage and family issues, and has > occasional discussions related to pornography... or a couple of electronic > component distributors that do business with some Asian distributors that > frequently spam. Pete is very good about maintaining a quality rulebase, > though, and responds quickly to spam and false positive reports. > > I've heard good things about Invariant Systems invURIBL plug-in as well. > > Darin. > > > ----- Original Message ----- > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Sunday, September 04, 2005 2:51 PM > Subject: RE: [Declude.JunkMail] Declude bugs and problems with smartermail > > > Robert, > > I hear you. I have to admit that I'm not all that happy with Declude at > the > moment. I dropped $900 on the software last week. Which is way too much > money for this type of product when you consider all of the free options > like the various postfix based solutions that are available. > > Ultimately, I decided to spend the money on Declude because the time I > would > invest in setting up 'nix based servers and learning these new solutions > was > time I don't have available. > > Why I'm not happy is because I've now invested several days in identifying > all of these bugs. Moreover, to get them fixed will likely require yet > more > of my time working with support. So ultimately I'm probably looking at > several more days of my time just to get a functioning product. > > The reason the problems didn't show up during testing is because I didn't > want to activate the HOLD action until I was sure we didn't have a lot of > false positives. I was short on time to test, too, because I wanted to > take > advantage of their sale price. > > I left the office for about two hours. Upon my return I now have 529 spams > in my personal email in-box because I can't block them and I can only tag > them. > > Hey....I just had an idea!!! I bet I can specify a path on the HOLD > action > as a temporary workaround! Rather then using %DATE% or no path at all I > bet > if I specify a sub-directory it may work! I recall reading in the manual > we > can specify a path. Whoohoo! > > I have to leave right now for my father's birthday. I'll try my idea > later > this evening. That would rock if I could get hold working again! > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Robert E. Spivack > > Sent: Sunday, September 04, 2005 12:31 PM > > To: [email protected] > > Subject: RE: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > Once in a while, it may be worthwhile to step back and count up all the > > time > > and figure out the real cost. > > > > We did that, and although we loved using Declude, it just wasn't the > > solution anymore. > > > > We outsourced to Postini, recovered the use of several hardware servers, > > and > > freed ourselves of at least 3 hours/day of babysitting declude and spam > > settings. > > > > Not suggesting it is a solution for everyone, but when we "ran the > > numbers" > > on not renewing software support contracts, reuse of hardware (saved > > buying > > a few more servers), and reallocation of our time (saved hiring another > > engineer), we actually are saving money and most importantly - no longer > > burned-out trying to fight spam. > > > > The end-user GUI is a big plus - "problems" of too little or too much > spam > > getting through are now the responsibility of the end-user changing > their > > settings and not us. > > > > For me, the "straw that broke the camel's back" was getting two emails > > from > > clients, within a few minutes of each other -- "Your spam system sucks. > > It's letting too much junk through" followed by "Your spam system sucks. > > It's blocking important emails I need to receive". > > > > We'd tune and tune and tune and it work only work for a few days or a > > week. > > Then new spammers not covered by existing rbl's or filters would get > > through > > sending us back to square one. > > > > After two years of this, we finally decided we need to change our whole > > approach. > > > > And Postini has 24 x 7 telephone support - email is mission-critical; > our > > clients still want email even on holidays :-) - sometimes there are > > things a big company can provide that you just can't get from a small > one- > > - > > even a good one. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom > > Sent: Saturday, September 03, 2005 9:56 PM > > To: [email protected] > > Subject: RE: [Declude.JunkMail] Declude bugs and problems with > smartermail > > > > Darin, > > > > It's amazing how much time servers and software can suck up. Pretty > soon > > you're working almost around the clock.... > > > > I actually am running the 2.0.6 version of Declude for Smartermail. As > > long > > as I don't try to HOLD spam it seems that only about 2 out of every 10 > > spams > > makes it through with no Declude headers attached to the message. > > > > The software is pretty buggy. With "HOLD" turned off the .VIR > directories > > are being cleaned up in the SPOOL/PROC directory now, too. > > > > It seems that the logic in the program changes with different settings > in > > the config file and right now I have it set at the lesser of two evils. > At > > least 80% of the spam is being processed by Declude now. The rest of > the > > spam comes through to my in-box untouched. I'm starting to think that > > maybe > > my wife is going to dump me because my manhood isn't large enough and > that > > I > > just can't live without a Rolex watch! LOL!!!!! > > > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > > [EMAIL PROTECTED] On Behalf Of Darin Cox > > > Sent: Saturday, September 03, 2005 11:29 PM > > > To: [email protected] > > > Subject: Re: [Declude.JunkMail] Declude bugs and problems with > > smartermail > > > > > > Hi Dave, > > > > > > I know what you mean. After the first startup venture in the late > 90's, > > > holidays have never been the same... > > > > > > You might try running the 2.06 version for SmarterMail. I've heard > > mostly > > > success for that. That may buy you some time until the kinks get > worked > > > out > > > of the 3.0 beta. > > > > > > Darin. > > > > > > > > > ----- Original Message ----- > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > To: <[email protected]> > > > Sent: Saturday, September 03, 2005 10:19 PM > > > Subject: RE: [Declude.JunkMail] Declude bugs and problems with > > smartermail > > > > > > > > > Darin, > > > > > > Ever since I started working out of a home office I do forget about > the > > > holidays! > > > > > > Well, the "good news" is that I've made some progress in understanding > > the > > > problem. > > > > > > As long as I don't specify a "HOLD" action (EG. WEIGHT30 HOLD %DATE%) > > and > > > instead run with (WEIGHT30 SUBJECT [SPAM]) then Declude will at least > > > process MOST of the incoming email. > > > > > > When I tell Declude to hold email above a certain weight, it falls all > > > over > > > itself with problems. I'm seeing messages in the logs about attempts > to > > > move non-existent files. I see paths for these files having spaces or > > > double slashes in the path names which are obvious programming errors. > > > I'm > > > half tempted to edit the Declude.exe file with a hex editor and fix > the > > > path > > > problems myself. But there are some logic problems too so there is no > > > point. > > > > > > I hate the thought of running for 3 days not being able to block ANY > > spam > > > at > > > all. But what are you going to do? At least I can tag the majority > of > > > the > > > spam. > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > > > [EMAIL PROTECTED] On Behalf Of Darin Cox > > > > Sent: Saturday, September 03, 2005 8:15 PM > > > > To: [email protected] > > > > Subject: Re: [Declude.JunkMail] Declude bugs and problems with > > > smartermail > > > > > > > > Hi Dave, > > > > > > > > Probably not... Monday's Labor Day. Easy to forget those little > > things > > > > called holidays, isn't it? <grin> > > > > > > > > Darin. > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > > To: <[email protected]> > > > > Sent: Saturday, September 03, 2005 7:42 PM > > > > Subject: RE: [Declude.JunkMail] Declude bugs and problems with > > > smartermail > > > > > > > > > > > > Gary, > > > > > > > > Yeah, that sounds exactly like what is happening and I see messages > in > > > the > > > > log, as well, that supports what you're saying. > > > > > > > > Hopefully Declude support will be around on Monday and maybe we can > > work > > > > on > > > > getting that one solved. > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > > > > [EMAIL PROTECTED] On Behalf Of Gary Steiner > > > > > Sent: Saturday, September 03, 2005 5:51 PM > > > > > To: [email protected] > > > > > Subject: re: [Declude.JunkMail] Declude bugs and problems with > > > > smartermail > > > > > > > > > > Regarding #5. I've run into spam that was sent to multiple > > addresses > > > on > > > > > the server, and the spam was processed by Declude (it's listed in > > the > > > > log > > > > > files), but somehow when this spam is then moved to the hold > > directory > > > > it > > > > > gets confused and somehow loses track of the file, and the file > > > doesn't > > > > > end up in the hold directory (you see an error message about this > in > > > the > > > > > log file). It gets delivered, but without any Declude processing > > > > messages > > > > > in the header. > > > > > > > > > > > > > > > -------- Original Message -------- > > > > > > From: "Dave Beckstrom" <[EMAIL PROTECTED]> > > > > > > Sent: Saturday, September 03, 2005 1:01 PM > > > > > > To: [email protected] > > > > > > Subject: [Declude.JunkMail] Declude bugs and problems with > > > > smartermail > > > > > > > > > > > > I've found a few Declude bugs and other problems when running in > > the > > > > > > smartermail environment. > > > > > > > > > > > > 1) Declude leaves directories with names such as 6432144091.vir > in > > > the > > > > > > SPOOL/PROC overflow directory and it NEVER goes back and removes > > > these > > > > > > directories or cleans them up. I have to manually delete the > .vir > > > > > > directories. > > > > > > > > > > > > 2) Orphaned files. I have found files in the SPOOL/PROC > directory > > > > where > > > > > the > > > > > > .EML extension has been renamed to .EM$ and there is no matching > > > .HDR > > > > > file. > > > > > > These stay until I delete the orphans. I currently have a file > > in > > > my > > > > > SPOOL > > > > > > directory called X6432144091.EML with no matching .HDR file - > > which > > > > > means > > > > > > its an orphan file too. > > > > > > > > > > > > 3) The PROC overflow directory is being populated with files > even > > > when > > > > > the > > > > > > server is under very low utilization. This, in my opinion, > > portends > > > > > major > > > > > > performance problems ahead of us when the server is under a high > > > load. > > > > > I > > > > > > don't see any tuning parameters available which allow me to > tweak > > > > under > > > > > what > > > > > > circumstances the PROC directory is utilized. I have a dual > > > processor > > > > > > server with 2 gig of RAM on it and I should not be forced to the > > > same > > > > > > limitations as someone with a single processor server. This > > process > > > > > needs > > > > > > to be tunable. > > > > > > > > > > > > 4) This morning I had about 100 files in the SPOOL/PROC > directory. > > > I > > > > > had to > > > > > > manually copy them to the SPOOL directory for processing. Once > I > > > > moved > > > > > > them, the new files being placed into the PROC directory would > > > > > automatically > > > > > > move back to the SPOOL directory for processing. So it appears > > that > > > > > there > > > > > > is some situation where Declude forgets about some files in the > > > > > SPOOL/PROC > > > > > > directory and never goes back and moves them back to the SPOOL. > I > > > can > > > > > set > > > > > > up a script to do this (and delete the .vir folders too) every > 15 > > > > > minutes > > > > > > but I shouldn't have to do that. > > > > > > > > > > > > 5) This morning I had 45 spam emails in my in-box that had no > > header > > > > > records > > > > > > indicating that they were ever processed by Declude. Apparently > > > there > > > > > is > > > > > > some situation where Declude doesn't process messages. I > haven't > > > yet > > > > > > figured out how or why this may be happening. I'll do more > > research > > > > to > > > > > see > > > > > > what I can find. > > > > > > > > > > > > I am hoping that support will get with me ASAP and that together > > we > > > > can > > > > > > identify the cause of these problems and make some enhancements > to > > > > > Declude > > > > > > which will make it more smartemail friendly. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --- > > > > > > [This E-mail scanned for viruses by Declude Virus] > > > > > > > > > > > > > > > > > > --- > > > > > > This E-mail came from the Declude.JunkMail mailing list. To > > > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > > > > type "unsubscribe Declude.JunkMail". The archives can be found > > > > > > at http://www.mail-archive.com. > > > > > > --- > > > > > > [This E-mail scanned for viruses by Declude Virus] > > > > > > > > > > > > > > > --- > > > > > [This E-mail scanned for viruses by Declude Virus] > > > > > > > > > > > > > > > --- > > > > > This E-mail came from the Declude.JunkMail mailing list. To > > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > > > type "unsubscribe Declude.JunkMail". The archives can be found > > > > > at http://www.mail-archive.com. > > > > > --- > > > > > [This E-mail scanned for viruses by Declude Virus] > > > > > > > > > > > > --- > > > > [This E-mail scanned for viruses by Declude Virus] > > > > > > > > > > > > --- > > > > This E-mail came from the Declude.JunkMail mailing list. To > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > > type "unsubscribe Declude.JunkMail". The archives can be found > > > > at http://www.mail-archive.com. > > > > > > > > --- > > > > This E-mail came from the Declude.JunkMail mailing list. To > > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > > type "unsubscribe Declude.JunkMail". The archives can be found > > > > at http://www.mail-archive.com. > > > > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.JunkMail". The archives can be found > > > at http://www.mail-archive.com. > > > > > > --- > > > This E-mail came from the Declude.JunkMail mailing list. To > > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > > type "unsubscribe Declude.JunkMail". The archives can be found > > > at http://www.mail-archive.com. > > > --- > > > [This E-mail scanned for viruses by Declude Virus] > > > > > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > --- > > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
