RE: [Declude.JunkMail] blackholes.us
Hello, what _is_ blackholes.us? Just another ip4r Test? Or something I should know? ;-) Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] blackholes.us
Alexander, Monday, November 4, 2002 you wrote: HA what _is_ blackholes.us? Just another ip4r Test? Or something I should HA know? ;-) http://www.blackholes.us/ you pick a country you want to check - for instance China - so in your CFG file you add: CHINA ip4rchina.blackholes.us 127.0.0.2 5 0 (or whatever weight you want) and then add a corresponding action in your $junkmail file add an action: CHINA LOG Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interesting article
The anti spam community has a pretty good handle on the IPv4 bank. What will IPv6 do to all our collective experience? All those new places to hide will have to be mapped out all over again! I've been thinking a lot about that. The neat thing is that IPv6 already exists and is being used, although few people know it. There could be spammers already using IPv6, but if so, they can only send to other servers using IPv6 (if they send to IPv4 servers, the mail will come from a gateway IP). So as soon as the first spammers starts using IPv6, a new standard can be developed for DNS-based lookups (there is already a format for IPv6 reverse DNS lookups, so the IPv6 spam lookups would likely mimic those, as they currently mimic the IPv4 lookups). We've already got some IPv6 tools at http://www.DNSstuff.com -- see http://www.dnsstuff.com/tools/tracert.ch?ip=%3Ans3.nic.fr for an IPv6 tracert, http://www.dnsstuff.com/tools/ptr.ch?ip=2001%3A798%3A0%3A2%3A0%3A0%3A0%3A1 for an IPv6 reverse DNS lookup, even http://www.dnsstuff.com/tools/whois.ch?ip=2001%3A798%3A0%3A2%3A0%3A0%3A0%3A1 for an IPv6WHOIS lookup, http://www.dnsstuff.com/tools/lookup.ch?name=%3Ans3.nic.frtype= for an IPv6 DNS lookup, and http://www.dnsstuff.com/tools/ping.ch?ip=%3Ans3.nic.fr for IPv6 ping. :) By the time spammers can realistically use IPv6 (likely at least a few years from now), the anti-spam community should have the tools in place to deal with it. It won't be as easy as dealing with spammers with IPv4, but it can be done. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] blackholes.us
Frederick, Monday, November 4, 2002 you wrote: FS My provider and is on the blackholes.us list. FS This what they say about it. FS Email_Message : I've inquired of that and there's no signs of FS anyone actually being blackholed. I contacted some of the bigger FS players in the abuse/spam world that started at MFN/AboveNet and FS they lend 0 credibility to this site. I don't use everything there but I find certain things very helpful. These are results just from November so far: --- Rank TestNumber%Total -- ---- 19KOREA 148 3.49% 20CN-KR 126 2.97% 21CHINA 126 2.97% 22BRAZIL 125 2.95% 26ARGENTINA29 0.68% 27JAPAN27 0.64% 28TAIWAN 24 0.57% 29RUSSIA 19 0.45% 30THAILAND 10 0.24% 31SINGAPORE10 0.24% 32MALAYSIA 10 0.24% 33NIGERIA 9 0.21% 35HONGKONG 9 0.21% CN-KR and CHINA are duplicating - I'll probably drop one of them. Not one message in the bunch that was not spam. I checked them personally. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Processing Order for IMail Antivirus
Does anyone know where IMail Antivirus fits into the processing order. According to the manual the processing order is as follows: 1. IMail's Control Access file (to block IPs) 2. IMail's Kill List (to block return addresses) 3. Declude Hijack 4. Declude Virus 5. Declude JunkMail 6. IMail's filters I thought that IMail Antivirus would take the place of Declude Virus in the processing order but this morning I received a notification message about a detected virus which had been bounced. The message had already been scanned by declude because it included the SPAM: in the subject. Is it true that declude scans the message before IMail Antivirus? Thanks. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] blackholes.us
I added this yesterday after seeing the post on this. As of 9:00pm last night I have 1,500 junk mails from this alone. I'm placing it on hold so I can review it. I did a FIND command on the subject and I have not found 1 good piece of email yet. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-owner;declude.com]On Behalf Of Smart Business Lists Sent: Monday, November 04, 2002 7:19 AM To: Frederick Samarelli Subject: Re: [Declude.JunkMail] blackholes.us Frederick, Monday, November 4, 2002 you wrote: FS My provider and is on the blackholes.us list. FS This what they say about it. FS Email_Message : I've inquired of that and there's no signs of FS anyone actually being blackholed. I contacted some of the bigger FS players in the abuse/spam world that started at MFN/AboveNet and FS they lend 0 credibility to this site. I don't use everything there but I find certain things very helpful. These are results just from November so far: --- Rank TestNumber%Total -- ---- 19KOREA 148 3.49% 20CN-KR 126 2.97% 21CHINA 126 2.97% 22BRAZIL 125 2.95% 26ARGENTINA29 0.68% 27JAPAN27 0.64% 28TAIWAN 24 0.57% 29RUSSIA 19 0.45% 30THAILAND 10 0.24% 31SINGAPORE10 0.24% 32MALAYSIA 10 0.24% 33NIGERIA 9 0.21% 35HONGKONG 9 0.21% CN-KR and CHINA are duplicating - I'll probably drop one of them. Not one message in the bunch that was not spam. I checked them personally. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Two JunkMail questions please...
Joe, Monday, November 4, 2002 you wrote: JWC #2 Is the Declude replacement to the Ipswitch mail handler that JWC much more inefficient, or does JunkMail just take alot more JWC processing? Declude doesn't replace the mail handler. It is handed the message by IMAIL, processes it, and depending upon action, passes it back. Or it could hold or delete the message. As such it impacts delivery in two significant ways: 1) it adds time to the process you can judge how much time by turning declude logging to DEBUG and parsing out the Total time: lines. However, be prepared for really, really big logs. On my system the time declude takes is usually never less than about 450 ms and the upper range is about 2500 ms. Most messages are processed in about 1100 ms. or so. 2) Queue DQ issue If declude just releases the message back to Imail I haven't observed any queue problems. However, if there are many messages coming in at once so that the DECLUDE DQ mechanism is triggered and certain messages end up in the overflow directory then those messages can take a little longer to process. However, I've seen nothing more than a few minutes so I do not believe this really interferes with the queue runs by IMAIL which in my case would be every 30 minutes. And in my case these instances occur infrequently. But I've seen nothing caused by Declude that would account for an hour delay in message handling. In my opinion that is more likely to be caused by something other than Declude. I just added a custom external test and have been observing it very closely to determine impact on delivery. That's why I've considered some of this fwiw. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Two JunkMail questions please...
Has anyone found MessageSniffer to add any significant CPU load before/after implementation? David WiSS Limited -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-owner;declude.com] On Behalf Of Uhte, Russ Sent: 04 November 2002 17:06 To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Two JunkMail questions please... Joe, I can't comment for anyone else, but I'd like to give my $.02 on question 1. We've recently purchased MessageSniffer, and its results have been outstanding. We use a weight of 20 as our breaking point on when a message can no longer be delivered. I've set MessageSniffer with a weight of 17. We've almost completely eliminated spam!!! -Russ -Original Message- From: Joe Wolf / CompuService [mailto:joe;csgo.com] Sent: Monday, November 04, 2002 11:54 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Two JunkMail questions please... First I'm still a newbie to JunkMail so forgive my ignorance. Two issues to cover: #1I am basicly using the default settings for JunkMail. I have had a few valid messages marked as spam, but I still get quite a bit of spam thru that I wish to get rid of. Does anyone have a template, or suggestion on what settings work the best for JunkMail? I know that I can customize anything I want, but at the same time I don't want to make it my life to investigate which database is best, etc. Any help would be appreciated. #2My mail server does quite a bit of list serving. I've noticed that since I installed JunkMail my server is running further and further behind. I've gone from nearly immediate delivery of messages to nearly an hour behind. Is the Declude replacement to the Ipswitch mail handler that much more inefficient, or does JunkMail just take alot more processing? My CPU utilization chart is not too high, but it take so long to process messages. Thanks, Joe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Processing Order for IMail Antivirus
Does anyone know where IMail Antivirus fits into the processing order. According to the manual the processing order is as follows: 1. IMail's Control Access file (to block IPs) 2. IMail's Kill List (to block return addresses) 3. Declude Hijack 4. Declude Virus 5. Declude JunkMail 6. IMail's filters I thought that IMail Antivirus would take the place of Declude Virus in the processing order but this morning I received a notification message about a detected virus which had been bounced. The message had already been scanned by declude because it included the SPAM: in the subject. Is it true that declude scans the message before IMail Antivirus? Thanks. Ipswitch doesn't provide much information about the inner workings of IMail AntiVirus, but as far as I know they scan the E-mail between #2 and #3 above. So if IMail AntiVirus detects a virus, Declude shouldn't see it. However, it would probably see any notifications that IMail AntiVirus sent out. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] blackholes.us
It looks like blackholes.us is listing complete ISP's regardless of offending ip's. - Original Message - From: Danny Klopfer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 12:13 PM Subject: RE: [Declude.JunkMail] blackholes.us I added this yesterday after seeing the post on this. As of 9:00pm last night I have 1,500 junk mails from this alone. I'm placing it on hold so I can review it. I did a FIND command on the subject and I have not found 1 good piece of email yet. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-owner;declude.com]On Behalf Of Smart Business Lists Sent: Monday, November 04, 2002 7:19 AM To: Frederick Samarelli Subject: Re: [Declude.JunkMail] blackholes.us Frederick, Monday, November 4, 2002 you wrote: FS My provider and is on the blackholes.us list. FS This what they say about it. FS Email_Message : I've inquired of that and there's no signs of FS anyone actually being blackholed. I contacted some of the bigger FS players in the abuse/spam world that started at MFN/AboveNet and FS they lend 0 credibility to this site. I don't use everything there but I find certain things very helpful. These are results just from November so far: --- Rank TestNumber%Total -- ---- 19KOREA 148 3.49% 20CN-KR 126 2.97% 21CHINA 126 2.97% 22BRAZIL 125 2.95% 26ARGENTINA29 0.68% 27JAPAN27 0.64% 28TAIWAN 24 0.57% 29RUSSIA 19 0.45% 30THAILAND 10 0.24% 31SINGAPORE10 0.24% 32MALAYSIA 10 0.24% 33NIGERIA 9 0.21% 35HONGKONG 9 0.21% CN-KR and CHINA are duplicating - I'll probably drop one of them. Not one message in the bunch that was not spam. I checked them personally. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Two JunkMail questions please...
Our test server does not show any significant difference between Declude alone and Declude w/ Message Sniffer. Performance logs report average processing times of about 170ms per message - and this includes the time it takes to load the rule base and the message under test. Our test bed server sees about 450ms on average - but most of that is IO rather than CPU and our test server is intentionally underpowered. Our production Linux gateway running Message Sniffer processes messages in less than 40ms per message consistently. Hope this helps, _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:Declude.JunkMail-owner;declude.com] On Behalf Of | David Lewis-Waller | Sent: Monday, November 04, 2002 12:15 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Two JunkMail questions please... | | | Has anyone found MessageSniffer to add any significant CPU | load before/after implementation? | | David | WiSS Limited | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:Declude.JunkMail-owner;declude.com] On Behalf Of Uhte, Russ | Sent: 04 November 2002 17:06 | To: '[EMAIL PROTECTED]' | Subject: RE: [Declude.JunkMail] Two JunkMail questions please... | | | Joe, | I can't comment for anyone else, but I'd like to give my $.02 | on question 1. We've recently purchased MessageSniffer, and | its results have been outstanding. We use a weight of 20 as | our breaking point on when a message can no longer be | delivered. I've set MessageSniffer with a weight of 17. | We've almost completely eliminated spam!!! -Russ | | -Original Message- | From: Joe Wolf / CompuService [mailto:joe;csgo.com] | Sent: Monday, November 04, 2002 11:54 AM | To: [EMAIL PROTECTED] | Subject: [Declude.JunkMail] Two JunkMail questions please... | | | First I'm still a newbie to JunkMail so forgive my ignorance. | Two issues to | cover: | | #1I am basicly using the default settings for JunkMail. | I have had | a | few valid messages marked as spam, but I still get quite a | bit of spam thru that I wish to get rid of. Does anyone have | a template, or suggestion on what settings work the best for | JunkMail? I know that I can customize anything I want, but | at the same time I don't want to make it my life to | investigate which database is best, etc. Any help would be | appreciated. | | #2My mail server does quite a bit of list serving. I've noticed | that | since I installed JunkMail my server is running further and | further behind. I've gone from nearly immediate delivery of | messages to nearly an hour behind. Is the Declude | replacement to the Ipswitch mail handler that much more | inefficient, or does JunkMail just take alot more processing? | My CPU utilization chart is not too high, but it take so | long to process messages. | | Thanks, | Joe | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Two JunkMail questions please...
David, Monday, November 4, 2002 you wrote: DLW Has anyone found MessageSniffer to add any significant CPU load DLW before/after implementation? No noticeable load. If you are are already using it you can get this information in the sniffer logs - see http://www.sortmonster.com/MessageSniffer/TechnicalDetails.html for log details - On my system average set up time is 173 ms and average scan time is 15 ms or a total of 188 ms. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Processing Order for IMail Antivirus
I have Weight10 setup to reroute to [EMAIL PROTECTED] and that is where IMail Antivirus caught the virus was when IMail tried to deliver it to abuse. How exactly was it caught? Do you mean that IMail AntiVirus caught the E-mail, and that the E-mail that it caught with a virus in it had SPAM: in the subject? Or did the notification have SPAM: in the subject? One possibility would be that the source of the E-mail was one of our customers (or someone running other anti-spam software) that does not have virus protection, which case SPAM: may have been added to the subject. At this point declude had seen it and scanned it. Is it possible that declude scans it then passes it to imail where it gets scanned by IMail Antivirus? That may be possible, only Ipswitch could answer for certain. Normally, IMail AntiVirus scans the E-mail while the E-mail is being delivered. However, I have heard that there is an option where you can have the E-mail scanned as a file rather than through a TCP/IP connection. If that is the case, it may be that they are scanning the E-mail after Declude scans it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Two JunkMail questions please...
Everyone thanks for the replies. I did take a look at the overflow directory and it was empty. I cleaned out the spool directory and offloaded all outbound to our production servers. We'll see how this works out before digging in too far. This server has a dedicated T1 and is saturated some of the time. On busy days it sends 100,000 messages out, but on average only about half of that. The CPU load stays at about 30 - 35%, but that's all. It should now send everything to our production machines and should keep nothing in the queue. I hope that solves it. Thanks again, Joe - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 11:13 AM Subject: Re: [Declude.JunkMail] Two JunkMail questions please... #2My mail server does quite a bit of list serving. I've noticed that since I installed JunkMail my server is running further and further behind. I've gone from nearly immediate delivery of messages to nearly an hour behind. Is the Declude replacement to the Ipswitch mail handler that much more inefficient, or does JunkMail just take alot more processing? My CPU utilization chart is not too high, but it take so long to process messages. The only thing that I can think of is that you're already close to the limits of your server. Declude JunkMail only scans mailing list messages once (when they come in), and can actually improve delivery time. I'm guessing that the extra overhead of spam scanning (which isn't that much, BTW) is pushing you to the point where the delays are occurring. When the mail is slow in being delivered, do you see lots of files in the \IMail\spool\overflow directory? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude JunkMail v1.62 (beta) released
We have just released Declude v1.62 (beta). See http://www.declude.com/junkmail/manual.htm . Changes include: o Will now handle multiple return codes in ip4r tests. o Will now record the action for each test that fails. o Changes handling of invalid [?.?.?.?]. o External tests can now have variables in their definitions. o Adds a failsafe for invalid CIDR ranges in IP blacklists. o Adds COUNTRY (of remote mailserver) and COUNTRIES (of any mailservers in chain) to filter. o Adds %COUNTRYCHAIN% variable. o Adds ipnotinmx test, which catches E-mail sent from an IP not in the MX records of sending domain. o HABEAS whitelist type, for whitelisting E-mails with Habeas headers (WHITELIST HABEAS). o New habeas test type, to allow for negative weighting of E-mails with Habeas headers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude JunkMail v1.62 (beta) released
I was just looking at the JunkMail manual page and you have the fpcmd.exe parameters marked with / fpcmd.exe is part of F-Prot, and actually used with Declude Virus. :) As of 3.12b fpcmd.exe requires parameters to be marked with - i.e. SCANFILE fpcmd.exe -TYPE -SILENT -NOMEM -ARCHIVE -NOBOOT -DUMB -REPORT=report.txt I believe both are required actually (depending on where you look), which makes no sense. G http://www.google.com/search?hl=enie=UTF-8oe=UTF-8q=fpcmd+site%3A%2F%2Ff-prot.com shows that F-Prot uses / in their examples, so that's what we are using. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.62 (beta) released
Not seeing %COUNTRYCHAIN% working in inheader here. Should I be using %COUNTRIES% instead or does a line have to be added to the Global file? Sorry, I forgot to mention that there is a data file needed for the country lookup to work (so that it doesn't require DNS lookups). I'll post a URL to the file shortly. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Two JunkMail questions please...
Last month our single Imail server running Declude AV and JM did 3,427,511 mails...roughly 76.8 emails a minute (about 13,000 a/cs). Our CPU load is small. However when you run JM you will be doing a heck of a lot of DNS queries. Scott could the delay on a slow link for all these queries pull the email delivery back by as much as an hour? It's very unlikely that the delay of a slow link would cause an hour delay on E-mail. DNS lookups often do take a long time to come back, even on a fast link (as some misconfigured DNS servers will drop packets, and there is no way to detect that until a timeout occurs). Even on an old 14.4Kbps modem, the delay due to DNS traffic shouldn't be more than a second or so per E-mail processed (versus perhaps about 5 seconds to transfer the E-mail). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude JunkMail v1.62 (beta) released
Adds ipnotinmx test, which catches E-mail sent from an IP not in the MX records of sending domain. This one sounds very useful. Is this correct? IPNOTINMX ipnotinmx x x (weight) (negweight) Yes -- the default is: IPNOTINMX ipnotinmx x x 0 -4 Now I am confused. (Not the first, won't be the last.) Why would you assign a negative weight? It seems like this test is to see if the mail came from other that a domain registered mail server, and if so, it would be an indication of possible SPAM, there by saying we should have it add weight to the weighting system, not subtract weight. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. La Habra, CA 90631 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude JunkMail v1.62 (beta) released
Yes -- the default is: IPNOTINMX ipnotinmx x x 0 -4 Now I am confused. (Not the first, won't be the last.) Why would you assign a negative weight? It seems like this test is to see if the mail came from other that a domain registered mail server, and if so, it would be an indication of possible SPAM, there by saying we should have it add weight to the weighting system, not subtract weight. The idea behind this test is that a very large percentage of spam uses return addresses that are completely bogus (typically either the recipient's address or another recipient's address), and therefore would be sent from an IP that isn't in the MX records that correspond to the sender's E-mail address. While it is a good sign of spam, quite a bit of legitimate mail is sent that way as well. The negative weight means that if an E-mail does not fail that test, it will get a negative weight. So those smaller companies that have other problems (such as no reverse DNS entry) will get credit for sending their mail from an IP that is listed in their MX records. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Declude JunkMail v1.62 (beta) released
Seems to me that this would add a LOT of false positives, especially from larger ISPs where the outgoing relay servers aren't necessarily the same as the incoming (the only ones listed in MX records) smtp servers. Am I all wet on this? I agree with you completely. In fact, even with tiny clients, we often have the IMail mailbox server send directly, while the MX is on a different box. If the test included subnet-based weighting, it might be more useful; yet this would only apply to single-provider locations and not solve the problem of virtually or geographically distributed systems committing the crime of being well-architected! I imagine it would detect the MAIL FROM: = RCPT TO: method, if it could be confined to checking local domains only (and if the sysadmin were sure that s/he did not have users BCC:'ing themselves, as discussed earlier). -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Feedback
Hello, We are a small ISP in Southeastern Massachusetts. We presently use IMail as our mail server platform. Would be interested to here from some folks who've used Declude's JunkMail software (Opinions). Any feedback would be appreciated. Thanks in advance, Steve C TMLP Online www.tmlp.com
RE: [Declude.JunkMail] Feedback
Steve: I have less than three hundred accounts on our Ipswitch Imail server, and we've been using Declude JunkMail for several weeks. The cost/benefit ratio for JunkMail is very favorable. Tech support is very good. However this is not magic bullet software; someone there must have time to really study the documentation and develop a good weighting system. I'm so busy here that I've barely started such a system. The next logical purchase to simplify my job would be SortMonster Message Sniffer but it'll be a while before our budget allows that. I don't know what special considerations you might have within an ISP. But I don't think you'll find a lot of complaints about JunkMail. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-owner;declude.com]On Behalf Of steve Sent: Monday, November 04, 2002 2:58 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Feedback Hello, We are a small ISP in Southeastern Massachusetts. We presently use IMail as our mail server platform. Would be interested to hear from some folks who've used Declude's JunkMail software (Opinions). Any feedback would be appreciated. Thanks in advance, Steve C TMLP Online www.tmlp.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Feedback
highly recommend it - we use JM Pro and wouldn;t trade it for the world. Sincerely, Randy ArmbrechtGlobal Web Solutions®, Inc.804-346-5300 x102877-800-GLOBAL (4562) x102 - Original Message - From: steve To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 3:57 PM Subject: [Declude.JunkMail] Feedback Hello, We are a small ISP in Southeastern Massachusetts. We presently use IMail as our mail server platform. Would be interested to here from some folks who've used Declude's JunkMail software (Opinions). Any feedback would be appreciated. Thanks in advance, Steve C TMLP Online www.tmlp.com
Re: [Declude.JunkMail] Feedback
Being a newbie with Declude Pro, I can't think of anything easier to use and implement. So far we have yet to set per-user settings, global ones are just fine so far. It's amazing how much junk is out there, and how much Declude will eliminate for you. While you're at it, Declude Virus would be a nice addition as well, we just started it and it's simply amazing. Scott's the man! Paul - Original Message - From: steve To: [EMAIL PROTECTED] Sent: Monday, November 04, 2002 3:57 PM Subject: [Declude.JunkMail] Feedback Hello, We are a small ISP in Southeastern Massachusetts. We presently use IMail as our mail server platform. Would be interested to here from some folks who've used Declude's JunkMail software (Opinions). Any feedback would be appreciated. Thanks in advance, Steve C TMLP Online www.tmlp.com
