If you are doing basic filtering, with dns based blacklists, and content
filter, body and subject, then you could simply add points to this IP
address, enough to reach the hold weight:
#ipbl.txt is our list of ips that we penalize, not fully block
ipbl.txt
#contents of ipbl.txt
65.249.245.0/24
#default.junkmail contents - add this line:
ipbl warn
#global.cfg contents - add this line near the bottom of your cfg file
IPBL ipfile E:\IMail\Declude\ipbl.txt x 12 0
of course change the paths to your liking. the idea here is to score the
matches in the ipbl file with a weight that nearly equals your hold weight.
Thus, another hit from a dns blacklist or keywords found in a subject/body
scan will provide the extra hit needed to hold the email. This will nearly
eliminate false positives, just in case there is a good guy on that ip
range.
Hope this helps!
Travis
----- Original Message -----
From: "Nick Hayer" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, December 01, 2005 10:27 AM
Subject: Re: [Declude.JunkMail] weighting domains
Hi Kevin
Lots you could do - to wack this guy you could have a filter that that
said
REMOTEIP END NOTCONTAINS 65.249.245.
REVDNS 0 CONTAINS csh.
I am not sure if REMOTEIP or REVDNS or MAILFROM is appropriate but you get
the idea..
In addition you could have an ipfile that you could list these particular
ip's...
-Nick
Kevin Rogers wrote:
Some of our users are getting a lot of spam from various domains that all
have this in the beginning: csh
Like:
csh.dbfm.org [65.249.245.172]
csh.mdcg.net [65.249.245.159]
csh.jtdz.org [65.249.245.150]
csh.xmdc.org [65.249.245.168]
csh.kvyh.com [65.249.245.204]
I have the Pro versions of every Declude product. How would I go about
adding some weight to emails from this domain? - Should I somehow use the
csh. property or the first three parts of the IP address 65.249.245.?
Thanks
---
[This E-mail was scanned for viruses.]
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
