[Declude.JunkMail] Baracuda

[Richard Farris]

My upstream provider just put in Baracuda for spam and my headers on one email are below...question is..can I use Declude to pick up on some of the results that Baracuda is posting to help filter more spam....For example HEADER  CONTAINS    Spam-Flag: YES  or something like that...right now my upline provider is not filtering on basis of Baracuda for me..   Received: from sa-smtp2.apid.com.api-digital.com [63.238.52.118] by ethixs.com with ESMTP   (SMTPD32-7.11) id AF3BA1550096; Mon, 23 Jan 2006 07:42:35 -0500 X-ASG-Debug-ID: 1138021008-31384-191-0 X-Barracuda-URL: http://63.238.52.118:8000/cgi-bin/mark.cgi Received: from 70-56-70-97.tukw.qwest.net (70-56-70-97.tukw.qwest.net [70.56.70.97])  by sa-smtp2.apid.com.api-digital.com (Spam Firewall) with SMTP id 43C77508AB  for <[EMAIL PROTECTED]>; Mon, 23 Jan 2006 06:56:50 -0600 (CST) Received: from ftd (unknown [192.168.0.187])  by 70-56-70-97.tukw.qwest.net (Postfix) with ESMTP  id D7BF3BB3A80; Mon, 23 Jan 2006 02:52:21 -0800 Date: Mon, 23 Jan 2006 02:48:37 -0800 From: Hermann Wilcox <[EMAIL PROTECTED]> X-Mailer: The Bat! (v1.44) Business Reply-To: Hermann Wilcox <[EMAIL PROTECTED]> X-Priority: 3 (Normal) Message-ID: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-ASG-Orig-Subj: Fwd: fax Subject: Fwd: fax MIME-Version: 1.0 Content-Type: multipart/related;  boundary="----------0ZUE4OYT4B5V4WPO" X-Virus-Scanned: by Barracuda Spam Firewall at api-digital.com X-Barracuda-Spam-Score: 5.97 X-Barracuda-Spam-Status: Yes, SCORE=5.97 using per-user scores of TAG_LEVEL=3.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=FORGED_THEBAT_HTML, HELO_DYNAMIC_IPADDR2, HTML_IMAGE_ONLY_04, HTML_MIME_NO_HTML_TAG, HTML_SHORT_LENGTH, MIME_HTML_ONLY X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.7723  Rule breakdown below pts rule name              description  ---- ---------------------- --------------------------------------------------  1.21 HELO_DYNAMIC_IPADDR2   Relay HELO'd using suspicious hostname (IP addr 2)  0.71 HTML_SHORT_LENGTH      BODY: HTML is extremely short  0.00 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts  2.88 HTML_IMAGE_ONLY_04     BODY: HTML: images with 0-400 bytes of words  0.10 HTML_MIME_NO_HTML_TAG  HTML-only message, but there is no HTML tag  1.06 FORGED_THEBAT_HTML     The Bat! can't send HTML message only X-Priority: 5 (Lowest) X-MSMail-Priority: Low Importance: Low X-Barracuda-Spam-Flag: YES X-Declude-Sender: [EMAIL PROTECTED] [70.56.70.97] X-Declude-Spoolname: Dcf3ba155009617c8.SMD X-Note: Total Spam Weight Of This Email Is 0. X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 372923745 Richard Farris Ethixs Online 1.270.247.5555 Office 1.800.548.3877 Tech Support "Crossroads to a Cleaner Internet" ----- Original Message ----- From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Monday, January 23, 2006 11:28 AM Subject: Re: [Declude.JunkMail] Filter Syntax If you wanted to whitelist you could go: MAILFROM WHITELIST IS [EMAIL PROTECTED] MAILFROM WHITELIST ENDSWITH @domain.com   If you wanted to just add negative weight. MAILFROM 0 IS [EMAIL PROTECTED] MAILFROM 0 ENDSWITH @domain.com   The tofile: ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] (You can use the IS, but the syntax is pretty harsh)   Now that said. I wouldn't whitelist on the MAILFROM, that is too easily forged. It would be better to whitelist on a REVDNS or an REMOTEIP. REVDNS -30 ENDSWITH .domain.com REMOTEIP -30 IS 192.168.0.0 REMOTEIP -30 CIDR 192.168.0.0/24 ----- Original Message ----- From: Chris Martin To: declude.junkmail@declude.com Sent: Monday, January 23, 2006 10:57 AM Subject: [Declude.JunkMail] Filter Syntax I am setting up a filter to whitelist some domains.  Currently, we have them directly in the global.cfg file but there is getting to be too many, so I am wanting to use a file to do the job and then assign a negative weight to it.  I thought I had it but I can't seem to get the file to fire.  We are using declude junkmail pro 3.0.5   In Declude I have: mywhitelist      filter     c:/location/mywhitelist.txt      x     -30    0   In the text file, I have: MAILFROM   0   IS   [EMAIL PROTECTED] <and> MAILFROM   0   IS   @domain.com   I would also like to set up a whitelist to text file: RECIP   0  IS [EMAIL PROTECTED]   Any suggestions on how to make this work would be appreciated.   Chris Martin