03/30/2006 14:57:20.725 525143023591 Msg failed BLACKIP (63.243.136.128). Action=IGNORE. 03/30/2006 14:57:20.725 525143023591 Msg failed DYNHELO (Dynamic HELO found.). Action=WARN. 03/30/2006 14:57:20.725 525143023591 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [4000400e].). Action=WARN. 03/30/2006 14:57:20.725 525143023591 Msg failed SUBSPACE-17 (Subject with at least 17 spaces found.). Action=WARN. 03/30/2006 14:57:20.725 525143023591 Msg failed SUBCHARS-70 (Subject with at least 70 characters found.). Action=WARN. 03/30/2006 14:57:20.725 525143023591 Msg failed SNIFFER-SCHEMES (Message failed SNIFFER-SCHEMES: 57.). Action=IGNORE. 03/30/2006 14:57:20.725 525143023591 Msg failed WEIGHT10 (Weight of 23 reaches or exceeds the limit of 10.). Action=WARN. 03/30/2006 14:57:20.725 525143023591 Msg failed WEIGHT16 (Weight of 23 reaches or exceeds the limit of 16.). Action=WARN.
Ok, above log lines show BLACKIP, action is IGNORE. DYNHELO action is WARN. SNIFFER-SCHEMES, action is IGNORE. Here's a snippet from my $default$.junkmail, showing actions are all set to WARN. So, why would 6 tests show WARN, while two show IGNORE, even though all are set to WARN below? #========= BLACKLISTS ========== #BLACKLIST WARN BLACKIP WARN #========= RBL IP4R TESTS ========== AHBL WARN ADNSBL WARN BLITZEDALL WARN CBL WARN CSMA-SBL WARN DSBL-CONFIRMED WARN FIVETEN-SRC WARN JAMMDNSBL WARN INTERSIL WARN IPWHOIS WARN ORDB WARN #MTLDB WARN MXRATE-BLOCK WARN MXRATE-SUSPICIOUS WARN NJABL WARN SBL WARN SORBS-HTTP WARN SORBS-SOCKS WARN SORBS-MISC WARN SORBS-SMTP WARN SORBS-SPAM WARN SORBS-WEB WARN SORBS-BLOCK WARN SORBS-ZOMBIE WARN SORBS-DUHL WARN SPAMBAG WARN SPAMCANNIBAL WARN SPAMCOP WARN UCEPROTECT-1 WARN UCEPROTECT-2 WARN UCEPROTECT-3 WARN #========= GOOD MAIL IP4R TESTS ========== BONDEDSENDER WARN IADB WARN FIVETEN-OPTIN WARN MXRATE-ALLOW WARN #========= RHBSL TESTS ========== BADWHOIS WARN DSN WARN NOABUSE WARN NOPOSTMASTER WARN MAILPOLICE-BLOCK WARN MAILPOLICE-FRAUD WARN SURBL WARN #========= OTHER TESTS ========== BADHEADERS WARN BASE64 WARN BCC WARN CONTSPACES WARN CMDSPACE WARN COMMENTS WARN DYNHELO WARN ENCODEDURL WARN HELOBOGUS WARN IPURL WARN MAILFROM WARN PERCENT HOLD REVDNS WARN ROUTING WARN SPAMHEADERS WARN #NONENGLISH WARN SPFFAIL WARN #SPFPASS WARN #SPFUNKNOWN WARN SUBSPACE-17 WARN SUBSPACE-20 WARN SUBSPACE-23 WARN SUBCHARS-70 WARN SUBCHARS-75 WARN SUBCHARS-80 WARN #========= PLUG-INS ========== #SNIFFER WARN SNIFFER-TRAVEL WARN SNIFFER-INSURANCE WARN SNIFFER-AV-PUSH WARN SNIFFER-WAREZ WARN SNIFFER-SPAMWARE WARN SNIFFER-PHARMACY WARN SNIFFER-SCAMS WARN SNIFFER-PORN WARN SNIFFER-MALWARE WARN SNIFFER-INKTONER WARN SNIFFER-SCHEMES WARN SNIFFER-CREDIT WARN SNIFFER-GAMBLING WARN SNIFFER-GENERAL WARN SNIFFER-ABSTRACT WARN SNIFFER-OBFUSCATION WARN SNIFFER-SPAMTRAP WARN -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, March 30, 2006 2:25 PM To: [email protected] Subject: RE: [Declude.JunkMail] Post in example please. David B www.declude.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Weise Sent: Thursday, March 30, 2006 1:53 PM To: [email protected] Subject: RE: [Declude.JunkMail] Ok, so the remaining question is, why do some tests say WARN in the logs, while others say IGNORE, when they are all set to WARN in the $default$.junkmail? P.s. Darin, correct about the license code, big slip on my part. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Thursday, March 30, 2006 12:24 PM To: [email protected] Subject: RE: [Declude.JunkMail] IGNORE does not mean the points would not be applied. The points are always applied for all emails. IGNORE means do not take any action regarding that specific test. David B www.declude.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Weise Sent: Thursday, March 30, 2006 11:20 AM To: [email protected] Subject: RE: [Declude.JunkMail] Local. This server runs 4 domains on Smartermail, about 350 users. It seems that the points are being applied, but that the header is just not added to the email. If IGNORE was really the action taken, the points wouldn't be applied, correct? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, March 30, 2006 11:08 AM To: [email protected] Subject: Re: [Declude.JunkMail] Ken, Is this for a gatewayed domain or a domain that is local to the server? Darrell ------------------------------------------- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Ken Weise writes: > Not sure what I did wrong here. I split the Sniffer tests into > individual tests, gave them points in the global.cfg as such: > > SNIFFER-INSURANCE external 048 --- [This E-mail scanned for viruses by Declude EVA] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude EVA] --- [This E-mail scanned for viruses by Declude EVA] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
