RE: [Declude.JunkMail] Results with our configuration
LOL My log level is MID and I run at 100MB a day. Craig. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John TolmachoffSent: Thursday, January 23, 2003 6:39 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Results with our configuration Currently, our log level is set to HIGH and run about 4.5 mg on weekdays. Once I have added one more set of files, Kamis, and watch that for about a week, then I may go back down to MID. I will always be at MID or above. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L.Sent: Thursday, January 23, 2003 2:00 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Results with our configuration John, From your post I gathered that your log level is atleast mid. Is this a normal configuration or just a one time deal to look at the mail. Darrell Darrell LaRock Information Systems Analyst Gannett Television 716-849-2272 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John TolmachoffSent: Thursday, January 23, 2003 1:22 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Results with our configuration I wanted to post yesterdays results of Declude Junkmail: We hold on a weight of 20 and delete at 40. Messages held are reviewed using Spam Review software. There were no False Positives in the messages deleted. This was reviewed by manually going through the Declude Junkmail log for all messages deleted and looking at the subject line and sender and recipient. 3485 messages were processed by Declude Junkmail. 889 were deleted. 85 were held. Of the held, 16 were False Positives. Total found and deleted: 958 (27.49%) Individual tests like SPAMCHECK and NOXMAIL generate a number of false positives, but that is what the while filters and MATCH program is for. However, those tests are also responsible for the majority of the messages deleted. Tests used: (numbers after action is weight we use) ORDB WARN 2 OSDUL WARN 2 OSFORM WARN 2 OSLIST WARN 2 OSPROXY WARN 2 OSRELAY WARN 2 OSSMART WARN 2 OSSOFT WARN 2 OSSRC WARN 10 SPAMCOP WARN 12 DSN WARN 10 NOABUSE WARN 3 NOPOSTMASTER WARN 3 BADHEADERS WARN 5 BASE64 WARN 12 HELOBOGUS WARN 3 IPNOTINMX LOG 0 -3 MAILFROM WARN 15 PERCENT WARN 15 REVDNS WARN 2 ROUTING WARN 10 SPAMHEADERS WARN 5 ADULT1 WARN 50 JUNK WARN 30 SPAMCHECK WARN Weight NOXSPAM1 WARN 20 NOXSPAM2 WARN 15 NOXSPAM3 WARN 15 NOXADULT1 WARN 20 NOXADULT2 WARN 15 NOXADULT3 WARN 15 REVIEWER1 ROUTETO [EMAIL PROTECTED] WHITEFILTER1 WARN WHITEFILTER2 WARN WHITEFILTER3 WARN WHITEFILTER4 WARN GRAYFILTER1 WARN GRAYFILTER2 WARN GRAYFILTER3 WARN GRAYFILTER4 WARN MATCH WARN -40 Kami, I have not yet had time to try your lists. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com
RE: [Declude.JunkMail] Results with our configuration
A very interesting argument. Can you provide us some config-settings and effectivity stats about your system? We all want to have such a large large logfile. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Gittens Sent: Friday, January 24, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration LOL My log level is MID and I run at 100MB a day. Craig. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Results with our configuration
Our logs are the 100MB each day and I had to build a log file rotator so we could open and analyze the logs a little easier. I have the log file rotator running 4 times a day to keep the log files between 25-35 MB a piece. The log file rotator uses Cold Fusion, if your interested I can email the code to you. I also use this log file rotator for the Imail log files. Its simple code but saves alot of time Adam Adam Hobach CyberLynk Sales/Support [EMAIL PROTECTED] or [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Gittens Sent: Friday, January 24, 2003 6:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration LOL My log level is MID and I run at 100MB a day. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Thursday, January 23, 2003 6:39 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration Currently, our log level is set to HIGH and run about 4.5 mg on weekdays. Once I have added one more set of files, Kami's, and watch that for about a week, then I may go back down to MID. I will always be at MID or above. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L. Sent: Thursday, January 23, 2003 2:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration John, From your post I gathered that your log level is atleast mid. Is this a normal configuration or just a one time deal to look at the mail. Darrell Darrell LaRock Information Systems Analyst Gannett Television 716-849-2272 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 23, 2003 1:22 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Results with our configuration I wanted to post yesterdays results of Declude Junkmail: We hold on a weight of 20 and delete at 40. Messages held are reviewed using Spam Review software. There were no False Positives in the messages deleted. This was reviewed by manually going through the Declude Junkmail log for all messages deleted and looking at the subject line and sender and recipient. 3485 messages were processed by Declude Junkmail. 889 were deleted. 85 were held. Of the held, 16 were False Positives. Total found and deleted: 958 (27.49%) Individual tests like SPAMCHECK and NOXMAIL generate a number of false positives, but that is what the while filters and MATCH program is for. However, those tests are also responsible for the majority of the messages deleted. Tests used: (numbers after action is weight we use) ORDB WARN 2 OSDULWARN 2 OSFORM WARN 2 OSLIST WARN 2 OSPROXYWARN 2 OSRELAY WARN 2 OSSMARTWARN 2 OSSOFT WARN 2 OSSRCWARN 10 SPAMCOPWARN 12 DSNWARN 10 NOABUSEWARN 3 NOPOSTMASTER WARN 3 BADHEADERSWARN 5 BASE64 WARN 12 HELOBOGUS WARN 3 IPNOTINMX LOG0-3 MAILFROM WARN 15 PERCENT WARN 15 REVDNS WARN 2 ROUTING WARN 10 SPAMHEADERS WARN 5 ADULT1 WARN 50 JUNK WARN 30 SPAMCHECK WARN Weight NOXSPAM1 WARN 20 NOXSPAM2 WARN 15 NOXSPAM3 WARN 15 NOXADULT1 WARN 20 NOXADULT2 WARN 15 NOXADULT3 WARN 15 REVIEWER1 ROUTETO [EMAIL PROTECTED] WHITEFILTER1 WARN WHITEFILTER2 WARN WHITEFILTER3 WARN WHITEFILTER4 WARN GRAYFILTER1WARN GRAYFILTER2WARN GRAYFILTER3WARN GRAYFILTER4WARN MATCH WARN -40 Kami, I have not yet had time to try your lists. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Results with our configuration
Individual tests like SPAMCHECK and NOXMAIL generate a number of false positives... Hi John, Can you give me some example for false positives created by SpamChk? Was they triggered from header- link- or keyword-checks? We've set SpamChk to return his own opinion as a weight to declude. So SpamChk will not say clearly this is spam or this is not spam Attached you can see a report from today with over 1300 msgs and the returncode from spamchk. Notes: We've a weighting-system with hold on 100. Because we add [s%weight%] to any subject on hold messages we have no need to delete msgs automaticaly. We simply sort the hold messages in Spamreview by subject line. Then we can check the hold messages from 100 to ~200. done. We mean that for an external test like SpamChk it's very difficult to say it had created false positives. If he reports more then the hold value for a legit mail: Yes this we consider a false positive. Markus spamchk_returncode.PDF Description: Adobe PDF document
RE: [Declude.JunkMail] Results with our configuration
Adam, Would love a copy emailed ([EMAIL PROTECTED]), although my logs are just now going over 10mb, we keep adding customers weekly, so it won't be long before it is to large to handle. Thanks for the program, -Keith -Original Message- From: Adam Hobach [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 8:27 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration Our logs are the 100MB each day and I had to build a log file rotator so we could open and analyze the logs a little easier. I have the log file rotator running 4 times a day to keep the log files between 25-35 MB a piece. The log file rotator uses Cold Fusion, if your interested I can email the code to you. I also use this log file rotator for the Imail log files. Its simple code but saves alot of time Adam Adam Hobach CyberLynk Sales/Support [EMAIL PROTECTED] or [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Gittens Sent: Friday, January 24, 2003 6:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration LOL My log level is MID and I run at 100MB a day. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Thursday, January 23, 2003 6:39 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration Currently, our log level is set to HIGH and run about 4.5 mg on weekdays. Once I have added one more set of files, Kami's, and watch that for about a week, then I may go back down to MID. I will always be at MID or above. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L. Sent: Thursday, January 23, 2003 2:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration John, From your post I gathered that your log level is atleast mid. Is this a normal configuration or just a one time deal to look at the mail. Darrell Darrell LaRock Information Systems Analyst Gannett Television 716-849-2272 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 23, 2003 1:22 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Results with our configuration I wanted to post yesterdays results of Declude Junkmail: We hold on a weight of 20 and delete at 40. Messages held are reviewed using Spam Review software. There were no False Positives in the messages deleted. This was reviewed by manually going through the Declude Junkmail log for all messages deleted and looking at the subject line and sender and recipient. 3485 messages were processed by Declude Junkmail. 889 were deleted. 85 were held. Of the held, 16 were False Positives. Total found and deleted: 958 (27.49%) Individual tests like SPAMCHECK and NOXMAIL generate a number of false positives, but that is what the while filters and MATCH program is for. However, those tests are also responsible for the majority of the messages deleted. Tests used: (numbers after action is weight we use) ORDB WARN 2 OSDULWARN 2 OSFORM WARN 2 OSLIST WARN 2 OSPROXYWARN 2 OSRELAY WARN 2 OSSMARTWARN 2 OSSOFT WARN 2 OSSRCWARN 10 SPAMCOPWARN 12 DSNWARN 10 NOABUSEWARN 3 NOPOSTMASTER WARN 3 BADHEADERSWARN 5 BASE64 WARN 12 HELOBOGUS WARN 3 IPNOTINMX LOG0-3 MAILFROM WARN 15 PERCENT WARN 15 REVDNS WARN 2 ROUTING WARN 10 SPAMHEADERS WARN 5 ADULT1 WARN 50 JUNK WARN 30 SPAMCHECK WARN Weight NOXSPAM1 WARN 20 NOXSPAM2 WARN 15 NOXSPAM3 WARN 15 NOXADULT1 WARN 20 NOXADULT2 WARN 15 NOXADULT3 WARN 15 REVIEWER1 ROUTETO [EMAIL PROTECTED] WHITEFILTER1 WARN WHITEFILTER2 WARN WHITEFILTER3 WARN WHITEFILTER4 WARN GRAYFILTER1WARN GRAYFILTER2WARN GRAYFILTER3WARN GRAYFILTER4WARN MATCH WARN -40 Kami, I have not yet had time to try your lists. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com
RE: [Declude.JunkMail] Results with our configuration
Can you give me some example for false positives created by SpamChk? Was they triggered from header- link- or keyword-checks? You want me to work, don't you? ;) As soon as I am able to, I will review the SpamCheck log and check. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Results with our configuration
It's only cause we see 100,000 emails a day. About 80% fail Spamcop alone I think. It takes 7-8 hours to run one log file so I don't do it often. ~12,000 email addresses in a single domain. I can't review email otherwise I would be reviewing +15000 messages a day even after deletes. Read receipts are a bane as far as I am concerned. My setup is really bland but I think one day when I get a little time I will try Sniffer. We are an ISP so NoXmail would seriously inconvenience the guys who sign up for XXX mail. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Markus Gufler Sent: Friday, January 24, 2003 8:54 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration A very interesting argument. Can you provide us some config-settings and effectivity stats about your system? We all want to have such a large large logfile. ;-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Gittens Sent: Friday, January 24, 2003 1:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration LOL My log level is MID and I run at 100MB a day. Craig. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] OT: Dictionary Attacks
I use those same settings. But in addition, you can configure BlackICE to auto-block the too many smtp errors event (dictionary attack) by editing your issuelist.csv file. Look for this line: 2001015,SMTP too many errors,0,agg,-1,7,,Spam,The SMTP And change the agg to IP|RST: 2001015,SMTP too many errors,0,IP|RST,-1,7,,Spam,The SMTP This will tell BlackICE to auto-block the offending IP Address for 24 hours. Don't expect the people at ISS to support this though. They urged me not to edit that file when I asked. But it does work. Bill -Original Message- From: Roger Heath Sent: Thu, 23 Jan 2003 16:50:21 -0600 Subject: Re[2]: [Declude.JunkMail] OT: Dictionary Attacks Reply to: Don Schreiner Re: [Declude.JunkMail] OT: Dictionary Attacks on Thursday 11:51:25 AM From an earlier msg: Our servers are very stable with this firewall. It does not autoblock these but you can manually block them. I noticed that they do not show up in the log any more, so it appears to work fine. I know you can set to autoblock select events by editing the blackice.ini can be edited for example: http.urllimit.count=60 http.urllimit.interval=50 will temporarily block too many URL requests, like web site copying... These are the settings to block dictionary attacks. It detects too many errors brought on by many failed logins... [Settings] smtp.error.count=10 ;total errors within smtp.error.interval=120 ;this amount of time(sec)then blocked -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com - Copy of Original Message(s): - D Bill, D Also running BI as of few weeks ago and tinkering with firewal.ini. D Would you mind sharing the .ini changes you made. You can e-mail me off D list. Thanks. D Sincerely, D Don Schreiner D CompBiz, Inc. D www.compbiz.net D 407-322-8654 D 800-408-3688 D -Original Message- D From: [EMAIL PROTECTED] D [mailto:[EMAIL PROTECTED]] On Behalf Of Bill B. D Sent: Thursday, January 23, 2003 12:16 PM D To: [EMAIL PROTECTED] D Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks D We started running BlackICE last month and it has been working nice for D us. It requires a few config changes to get it to auto-block IPs that D send you dictionary attacks, but it is definitely a good solution. D Bill D -Original Message- D From: R. Scott Perry D Sent: Thu, 23 Jan 2003 10:58:09 -0500 D Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks It seems this morning that we have several dictionary attacks happening on one of Imail servers. Is there an easy to stop the person doing this? I have looked through the log files and cannot easily spot the person(s) doing this. Is there software that will prevent people from performing Dictionary Attacks in the future? The POP3 and Delcude processes are using like 50-09% of the CPU. Let me know if there is anything I can do... D Are you sure that it is a dictionary attack? If the POP3 process has D higher usage than normal, then E-mails are being sent to your users D (which D would mean that it either isn't a dictionary attack, or a hybrid attack D where they send spam as part of the dictionary attack). D You might want to check the archives of the IMail Forum for ideas on how D to D stop a dictionary attack. Some tricks are using a nobody alias (which D I D believe you are), or using a product like BlackIce Server to stop it. D Unfortunately, Declude can't stop these, because it doesn't have access D to D the TCP/IP connection (which is where it would need to be stopped). D -Scott D --- D [This E-mail was scanned for viruses by Declude Virus D (http://www.declude.com)] D --- D This E-mail came from the Declude.JunkMail mailing list. To D unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type D unsubscribe Declude.JunkMail. The archives can be found at D http://www.mail-archive.com. D --- D [This E-mail was scanned for viruses by Declude Virus D (http://www.declude.com)] D --- D This E-mail came from the Declude.JunkMail mailing list. To D unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type D unsubscribe Declude.JunkMail. The archives can be found at D http://www.mail-archive.com. D -- D Scanned by CompBiz for Viruses http://www.CompBiz.Net. D Save 15 Percent on Virus Software by visiting D http://www.compbiz.net/software_mcafee.cfm for details! D --- D [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] D --- D This E-mail came from the Declude.JunkMail mailing list. To D unsubscribe, just send an E-mail to [EMAIL PROTECTED], and D type unsubscribe Declude.JunkMail. The archives can be found D at http://www.mail-archive.com. D -- D ActivatorMail(tm) ver.122102 Scanned for all viruses by D www.activatormail.com intelligent anti-virus anti-spam service -- ActivatorMail(tm) ver.122102 Scanned for all viruses by www.activatormail.com
[Declude.JunkMail] Trouble adding latest beta version
I copied the filed from the web, but when I try to copy it to the Imail folder I get a sharing violation. I stopped all services in Imail and still get the sharing violation. The only thing open on the server is Explorer so I can see the files. Any ideas? I even tried to delete the existing file but it says it is in use... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Trouble adding latest beta version
Renaming it fixes that condition for me Have a great day! Rick Davidson Buckeye Internet Inc. www.buckeyeweb.com 440-953-1900 - - Original Message - From: Jim Rooth [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 10:07 AM Subject: [Declude.JunkMail] Trouble adding latest beta version I copied the filed from the web, but when I try to copy it to the Imail folder I get a sharing violation. I stopped all services in Imail and still get the sharing violation. The only thing open on the server is Explorer so I can see the files. Any ideas? I even tried to delete the existing file but it says it is in use... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Trouble adding latest beta version
Thanks...that fixed it. I was afraid to rename it because it said it was in use. Oh well...Declude -diag says the new one is up and running..1.66 so I reckon everything is fine in cyber land. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Davidson Sent: Friday, January 24, 2003 9:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Trouble adding latest beta version Renaming it fixes that condition for me Have a great day! Rick Davidson Buckeye Internet Inc. www.buckeyeweb.com 440-953-1900 - - Original Message - From: Jim Rooth [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 10:07 AM Subject: [Declude.JunkMail] Trouble adding latest beta version I copied the filed from the web, but when I try to copy it to the Imail folder I get a sharing violation. I stopped all services in Imail and still get the sharing violation. The only thing open on the server is Explorer so I can see the files. Any ideas? I even tried to delete the existing file but it says it is in use... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Trouble adding latest beta version
Try renaming the existing version and then copying in the new version. At 10:07 AM 1/24/2003, Jim Rooth wrote: I copied the filed from the web, but when I try to copy it to the Imail folder I get a sharing violation. I stopped all services in Imail and still get the sharing violation. The only thing open on the server is Explorer so I can see the files. Any ideas? I even tried to delete the existing file but it says it is in use... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
Re: [Declude.JunkMail] Results with our configuration
My log level is set to low and yesterday I ran 130 MB? This brings me to ask a question How can I see the total number ofEmails that Declude processed for that day? This way I can analyze or get an idea of how much traffic this machine is seeing? Thanks, Kris McElroy[EMAIL PROTECTED]Internet Systems EngineerDuracom, INC.www.duracom.net I'm retired 99.9%. Of course, there always is that .1%.--Michael Jordan, February 18, 1999 - Original Message - From: Craig Gittens To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 6:18 AM Subject: RE: [Declude.JunkMail] Results with our configuration LOL My log level is MID and I run at 100MB a day. Craig. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John TolmachoffSent: Thursday, January 23, 2003 6:39 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Results with our configuration Currently, our log level is set to HIGH and run about 4.5 mg on weekdays. Once I have added one more set of files, Kamis, and watch that for about a week, then I may go back down to MID. I will always be at MID or above. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L.Sent: Thursday, January 23, 2003 2:00 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Results with our configuration John, From your post I gathered that your log level is atleast mid. Is this a normal configuration or just a one time deal to look at the mail. Darrell Darrell LaRock Information Systems Analyst Gannett Television 716-849-2272 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John TolmachoffSent: Thursday, January 23, 2003 1:22 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Results with our configuration I wanted to post yesterdays results of Declude Junkmail: We hold on a weight of 20 and delete at 40. Messages held are reviewed using Spam Review software. There were no False Positives in the messages deleted. This was reviewed by manually going through the Declude Junkmail log for all messages deleted and looking at the subject line and sender and recipient. 3485 messages were processed by Declude Junkmail. 889 were deleted. 85 were held. Of the held, 16 were False Positives. Total found and deleted: 958 (27.49%) Individual tests like SPAMCHECK and NOXMAIL generate a number of false positives, but that is what the while filters and MATCH program is for. However, those tests are also responsible for the majority of the messages deleted. Tests used: (numbers after action is weight we use) ORDB WARN 2 OSDUL WARN 2 OSFORM WARN 2 OSLIST WARN 2 OSPROXY WARN 2 OSRELAY WARN 2 OSSMART WARN 2 OSSOFT WARN 2 OSSRC WARN 10 SPAMCOP WARN 12 DSN WARN 10 NOABUSE WARN 3 NOPOSTMASTER WARN 3 BADHEADERS WARN 5 BASE64 WARN 12 HELOBOGUS WARN 3 IPNOTINMX LOG 0 -3 MAILFROM WARN 15 PERCENT WARN 15 REVDNS WARN 2 ROUTING WARN 10 SPAMHEADERS WARN 5 ADULT1 WARN 50 JUNK WARN 30 SPAMCHECK WARN Weight NOXSPAM1 WARN 20 NOXSPAM2 WARN 15 NOXSPAM3 WARN 15 NOXADULT1 WARN 20 NOXADULT2 WARN 15 NOXADULT3 WARN 15 REVIEWER1 ROUTETO [EMAIL PROTECTED] WHITEFILTER1 WARN WHITEFILTER2 WARN WHITEFILTER3 WARN WHITEFILTER4 WARN GRAYFILTER1 WARN GRAYFILTER2 WARN GRAYFILTER3 WARN GRAYFILTER4 WARN MATCH WARN -40 Kami, I have not yet had time to try your lists. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com
[Declude.JunkMail] Updated KillListGen utility
For those using my KillListGen utility automatically download Tom's spam list and append it to their own, I have posted an updated version here: http://www.nerosoft.com/Download/KillListGenInst.exe This version is identical to the previous version, with one exception: It will accept multiple ListURL parameters in the KillListGen.txt config file. When it sees more than one, it will download and append all of them in turn: ' URLs to retrieve lists of current spam addresses/domains ListURL=http://www.imagefxonline.net/apps/delog/fromfile.txt ListURL=http://www.anotherfile.com/whatever.txt This allows using other lists in addition to Tom's. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
[Declude.JunkMail] Fwd: Updated KillListGen utility
Sorry, it was suggested to me that some newer members might have no idea what I am talking about. I wrote the utility below that retrieves one or more files via the web, appends it to a local file, and writes it out to another file. This allows the use of local blacklists added to regularly updated public blacklists. It is free for anyone who wishes to use it. The file (once installed) is called KillListGen.exe. When run, it looks for a configuration file called KillListGen.txt in the same directory as the executable. The KillListGen.txt is pretty well self-documenting, a sample file is below. Any questions, please ask. Sample KillListGen.txt file: ' Configuration file for Kill List Generator - [EMAIL PROTECTED] ' URLs to retrieve lists of current spam addresses/domains ListURL=http://www.imagefxonline.net/apps/delog/fromfile.txt ListURL=http://www.anotherfile.com/whatever.txt ' Source file of local addresses you wish to keep on the list permanently. ' Comment out if no local address list is used. SourceFile=c:\IMail\Declude\Source.txt ' Destination file that IMail reads which will be combined Source file and retrieved lists DestFile=c:\IMail\Declude\Destination.txt For those using my KillListGen utility automatically download Tom's spam list and append it to their own, I have posted an updated version here: http://www.nerosoft.com/Download/KillListGenInst.exe This version is identical to the previous version, with one exception: It will accept multiple ListURL parameters in the KillListGen.txt config file. When it sees more than one, it will download and append all of them in turn: ' URLs to retrieve lists of current spam addresses/domains ListURL=http://www.imagefxonline.net/apps/delog/fromfile.txt ListURL=http://www.anotherfile.com/whatever.txt This allows using other lists in addition to Tom's. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Results with our configuration
This is what I use, as listed on the Declude tools page: http://www.imagefxonline.net/apps/delog/ John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kris McElroy Sent: Friday, January 24, 2003 7:39 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Results with our configuration My log level is set to low and yesterday I ran 130 MB? This brings me to ask a question How can I see the total number ofEmails that Declude processed for that day? This way I can analyze or get an idea of how much traffic this machine is seeing? Thanks, Kris McElroy [EMAIL PROTECTED] Internet Systems Engineer Duracom, INC. www.duracom.net I'm retired 99.9%. Of course, there always is that .1%. --Michael Jordan, February 18, 1999 - Original Message - From: Craig Gittens To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 6:18 AM Subject: RE: [Declude.JunkMail] Results with our configuration LOL My log level is MID and I run at 100MB a day. Craig. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Thursday, January 23, 2003 6:39 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration Currently, our log level is set to HIGH and run about 4.5 mg on weekdays. Once I have added one more set of files, Kamis, and watch that for about a week, then I may go back down to MID. I will always be at MID or above. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L. Sent: Thursday, January 23, 2003 2:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration John, From your post I gathered that your log level is atleast mid. Is this a normal configuration or just a one time deal to look at the mail. Darrell Darrell LaRock Information Systems Analyst Gannett Television 716-849-2272 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 23, 2003 1:22 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Results with our configuration I wanted to post yesterdays results of Declude Junkmail: We hold on a weight of 20 and delete at 40. Messages held are reviewed using Spam Review software. There were no False Positives in the messages deleted. This was reviewed by manually going through the Declude Junkmail log for all messages deleted and looking at the subject line and sender and recipient. 3485 messages were processed by Declude Junkmail. 889 were deleted. 85 were held. Of the held, 16 were False Positives. Total found and deleted: 958 (27.49%) Individual tests like SPAMCHECK and NOXMAIL generate a number of false positives, but that is what the while filters and MATCH program is for. However, those tests are also responsible for the majority of the messages deleted. Tests used: (numbers after action is weight we use) ORDB WARN 2 OSDUL WARN 2 OSFORM WARN 2 OSLIST WARN 2 OSPROXY WARN 2 OSRELAY WARN 2 OSSMART WARN 2 OSSOFT WARN 2 OSSRC WARN 10 SPAMCOP WARN 12 DSN WARN 10 NOABUSE WARN 3 NOPOSTMASTER WARN 3 BADHEADERS WARN 5 BASE64 WARN 12 HELOBOGUS WARN 3 IPNOTINMX LOG 0 -3 MAILFROM WARN 15 PERCENT WARN 15 REVDNS WARN 2 ROUTING WARN 10 SPAMHEADERS WARN 5 ADULT1 WARN 50 JUNK WARN 30 SPAMCHECK WARN Weight NOXSPAM1 WARN 20 NOXSPAM2 WARN 15 NOXSPAM3 WARN 15 NOXADULT1 WARN 20 NOXADULT2 WARN 15 NOXADULT3 WARN 15 REVIEWER1 ROUTETO [EMAIL PROTECTED] WHITEFILTER1 WARN WHITEFILTER2 WARN WHITEFILTER3 WARN WHITEFILTER4 WARN GRAYFILTER1 WARN GRAYFILTER2 WARN GRAYFILTER3 WARN GRAYFILTER4 WARN MATCH WARN -40 Kami, I have not yet had time to try your lists. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com
RE: [Declude.JunkMail] Results with our configuration
Title: Message You could use domlist http://www.declude.com/tools/index.html. This will analyse your SMTP log file generate by Imail as opposed to those generated byDeclude. David WiSS Limited -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kris McElroySent: 24 January 2003 15:39To: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Results with our configuration My log level is set to low and yesterday I ran 130 MB? This brings me to ask a question How can I see the total number ofEmails that Declude processed for that day? This way I can analyze or get an idea of how much traffic this machine is seeing? Thanks, Kris McElroy[EMAIL PROTECTED]Internet Systems EngineerDuracom, INC.www.duracom.net I'm retired 99.9%. Of course, there always is that .1%.--Michael Jordan, February 18, 1999 - Original Message - From: Craig Gittens To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 6:18 AM Subject: RE: [Declude.JunkMail] Results with our configuration LOL My log level is MID and I run at 100MB a day. Craig. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John TolmachoffSent: Thursday, January 23, 2003 6:39 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Results with our configuration Currently, our log level is set to HIGH and run about 4.5 mg on weekdays. Once I have added one more set of files, Kamis, and watch that for about a week, then I may go back down to MID. I will always be at MID or above. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L.Sent: Thursday, January 23, 2003 2:00 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Results with our configuration John, From your post I gathered that your log level is atleast mid. Is this a normal configuration or just a one time deal to look at the mail. Darrell Darrell LaRock Information Systems Analyst Gannett Television 716-849-2272 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John TolmachoffSent: Thursday, January 23, 2003 1:22 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Results with our configuration I wanted to post yesterdays results of Declude Junkmail: We hold on a weight of 20 and delete at 40. Messages held are reviewed using Spam Review software. There were no False Positives in the messages deleted. This was reviewed by manually going through the Declude Junkmail log for all messages deleted and looking at the subject line and sender and recipient. 3485 messages were processed by Declude Junkmail. 889 were deleted. 85 were held. Of the held, 16 were False Positives. Total found and deleted: 958 (27.49%) Individual tests like SPAMCHECK and NOXMAIL generate a number of false positives, but that is what the while filters and MATCH program is for. However, those tests are also responsible for the majority of the messages deleted. Tests used: (numbers after action is weight we use) ORDB WARN 2 OSDUL WARN 2 OSFORM WARN 2 OSLIST WARN 2 OSPROXY WARN 2 OSRELAY WARN 2 OSSMART WARN 2 OSSOFT WARN 2 OSSRC WARN 10 SPAMCOP WARN 12 DSN WARN 10 NOABUSE WARN 3 NOPOSTMASTER WARN 3 BADHEADERS WARN 5 BASE64 WARN 12 HELOBOGUS WARN 3 IPNOTINMX LOG 0 -3 MAILFROM WARN 15 PERCENT WARN 15 REVDNS WARN 2 ROUTING WARN 10 SPAMHEADERS WARN 5 ADULT1 WARN 50 JUNK WARN 30 SPAMCHECK WARN Weight NOXSPAM1 WARN 20 NOXSPAM2 WARN 15 NOXSPAM3 WARN 15 NOXADULT1 WARN 20 NOXADULT2 WARN 15 NOXADULT3 WARN 15 REVIEWER1 ROUTETO
RE: [Declude.JunkMail] [Declude.Virus] Mozilla email client
The next phase of Message Sniffer development includes a compound Bayesian hinting algorythm to help modulate the black/white rule set. Since Message Sniffer works with Declude that's one way this technology will find it's way into the mix. Scott's got a good point though - Bayesian filtering (as it has been implemented) tends to work well at very specific tasks... That is, you might get it to learn your specific email preferences accuratly - but once you get to the server level where there are many people involved the accuracy drops significantly due to the diversity of the message content and the difficulties in obtaining training data... this is why we will be implementing a structured differentiation approch. One direct application that might work for Declude... If you can solve the training problem you might use a Naieve Bayesian chain rule to combine the results of the declude tests... Specifically Declude could maintain a table of rule firings (including white black lists, white black word lists etc) and collect a statistical product on the combinations of rules that fire. Then it could interpret that data as a new test which adds or subtracts a weight given the Bayesian probability of that combination of tests being spam. For example, the Bayesian Product test would learn that a specific combination of rule firings has a high probability of being spam on a given system, while another combination of test firings has a lower or negative probability (given some threshold). Additional hiting can be providided by using the external list tests to match for patterns that may be specific to that system - or shared between the group. As Declude integrates a greater number of tests it's simple weighting scheme will become less effective and difficult to tune - a Bayesian approach to combining the test results might bridge the gap. -- just a thought, _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Thursday, January 23, 2003 3:29 PM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] [Declude.Virus] Mozilla email client | | | | I read about this Bayesian filtering/scanning at some other forum as | well. Is this something that Declude Junkmail does right now | or will do | in the | (near) future? Would be nice if it were a feature of the | scanner on the | server in stead of changing all mail client software? ;-) | | There was a very similar feature (the heuristics test), but | it proved to | be too unreliable when it came to mailing list E-mail. | | Although in theory the Bayes Theory should work very well in | detecting | spam, it does not in reality (for very technical reasons). | Using the Bayes | Theory for spam testing relies on a number of assumptions | that don't hold | true -- it's kind of like saying if Sports Team X wins 2 of | the first 3 | games they play, they have a 66% chance of winning the next | game. With the | right assumptions, this could be accurate or close to it, but | otherwise it | just isn't accurate. | -Scott | | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Logfile Question
Scott, Will declude transactions ever interleave in the log file? It appears they are always like this in the log file MESSAGE1 FAILED THIS MESSAGE1 FAILED THIS MESSAGE1 FAILED THIS MESSAGE2 FAILED THIS MESSAGE2 FAILED THIS Instead of this MESSAGE1 FAILED THIS MESSAGE1 FAILED THIS MESSAGE2 FAILED THIS MESSAGE1 FAILED THIS MESSAGE2 FAILED THIS Can you confirm if this is the always the case. Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Logfile Question
Will declude transactions ever interleave in the log file? Yes, they can. Can you confirm if this is the always the case. In most cases, the log file entries will not be mixed together -- but in some cases it may occur. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Results with our configuration
From your website: Total Emails Clean = 3,464,084 Total Emails Infected = 19,565Inbound=9,556 / Outbound=10,009 Not bad, not bad! but 10,000 outgoing viri ??? What are your user's doing? We catch only around 15 viri/day found in 2,500 incoming outgoing messages/day (0,6%) More then 99% of the infected messages are inbound. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] what am I doing wrong with kill list?
I finally installed killlistgen utility that grabs imageonline file ... The global.cfg file has the following line KFROM fromfile e:\imail\declude\killlist.txt x 5 0 And KFROM WARN Am I missing something here where I'm getting an action of Ignore in my logs? David Action=WARN. 01/24/2003 11:59:05 Q8cf66b5a0210cac4 Msg failed NJABLDUL (discountdeals.net/edirectbroadcast.com spam house -- 1038402598). Action=WARN. 01/24/2003 11:59:05 Q8cf66b5a0210cac4 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [8000800e].). Action=WARN. 01/24/2003 11:59:05 Q8cf66b5a0210cac4 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 208.46.5.36 with no reverse DNS entry.). Action=WARN. 01/24/2003 11:59:05 Q8cf66b5a0210cac4 Msg failed KFROM ID-20030123-000140). Action=IGNORE. 01/24/2003 11:59:05 Q8cf66b5a0210cac4 Msg failed WEIGHT10 (Weight of 48 reaches or exceeds the limit of 10.). Action=ATTACH. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Results with our configuration
10009 outbound infected. Wow. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Gittens Sent: Friday, January 24, 2003 8:25 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Results with our configuration I get them by actually analysing my Virus file since that only takes 15 mins. I get ~1% infection rate. http://www.sunbeach.net/virii_caught.cfmStats. Craig.
RE: [Declude.JunkMail] what am I doing wrong with kill list?
The global.cfg file has the following line KFROM fromfile e:\imail\declude\killlist.txt x 5 0 KFROM WARN Am I missing something here where I'm getting an action of Ignore in my logs? What is the action listed in the $default$.junkmail file? That is the one being used. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude in PCMag
Congratulations, Scott. Declude is mentioned in PCMag, latest February 25th Issue, page 95. Sniffer is also in the same listing. Suppose we'll see price increases now. big grin -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com -- ActivatorMail(tm) ver.122102 Scanned for all viruses by www.activatormail.com intelligent anti-virus anti-spam service --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
DSN:Re: [Declude.JunkMail] Declude in PCMag
Nah, we've been in there a bunch of times and all you get is calls from people wanting to know if you have a Mac version! Just kidding, congratulations Scott! Brian On 01/24/03 3:52pm you wrote... Congratulations, Scott. Declude is mentioned in PCMag, latest February 25th Issue, page 95. Sniffer is also in the same listing. Suppose we'll see price increases now. big grin -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com -- ActivatorMail(tm) ver.122102 Scanned for all viruses by www.activatormail.com intelligent anti-virus anti-spam service --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ve.com. --- [This E-mail scanned for viruses by Solid Oak Software] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude in PCMag
No price increase here :-) _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Roger Heath | Sent: Friday, January 24, 2003 4:52 PM | To: Madscientist | Subject: [Declude.JunkMail] Declude in PCMag | | | Congratulations, Scott. Declude is mentioned in PCMag, | latest February 25th Issue, page 95. Sniffer is also in | the same listing. Suppose we'll see price increases now. | | big grin | | -- | Roger Heath | [EMAIL PROTECTED] | www.rleeheath.com | | -- | ActivatorMail(tm) ver.122102 Scanned for all viruses by | www.activatormail.com intelligent anti-virus anti-spam service | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude in PCMag
Congratulations, Scott. Declude is mentioned in PCMag, latest February 25th Issue, page 95. Sniffer is also in the same listing. Cool. :) Suppose we'll see price increases now. Well, if the demand is there for a price increase, we could probably accommodate it. A show of hands, please? G -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new declude log analyzer (BETA)
I would be interested. - Original Message - From: Duane Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 3:32 PM Subject: [Declude.JunkMail] new declude log analyzer (BETA) I have been working on (in my spare time) a declude (eventually imail log files too) analyzer that will parse the declude virus and junkmail log files (we don't have hijack ... sorry). Yeah, not another one! Seems as if everybody has one these days. Well I took it to another level. The program parses out the log files, updates that information to a mssql database (access in the future), then there is a web site that will draw all these numbers out in pie charts. I would include a few pictures with this email, but am not sure if that is allowed. But if you are interested in trying out this program or looking at screen shots, just email me at [EMAIL PROTECTED] So far, the program works as follows. Parses log file for declude virus ONLY, need more work for junkmail. Updates MSSQL database ONLY, need to add access. I am currently working on the web side of it, not sure to use PHP or ASP yet. Probably PHP. Interesting? Duane Cox [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new declude log analyzer (BETA)
Great, I will get you a copy sometime next week, and look forward to your feedback. I assume you are setup with MSSQL 7 or 2000 and IIS 5. Duane - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 6:21 PM Subject: Re: [Declude.JunkMail] new declude log analyzer (BETA) I would be interested. - Original Message - From: Duane Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 3:32 PM Subject: [Declude.JunkMail] new declude log analyzer (BETA) I have been working on (in my spare time) a declude (eventually imail log files too) analyzer that will parse the declude virus and junkmail log files (we don't have hijack ... sorry). Yeah, not another one! Seems as if everybody has one these days. Well I took it to another level. The program parses out the log files, updates that information to a mssql database (access in the future), then there is a web site that will draw all these numbers out in pie charts. I would include a few pictures with this email, but am not sure if that is allowed. But if you are interested in trying out this program or looking at screen shots, just email me at [EMAIL PROTECTED] So far, the program works as follows. Parses log file for declude virus ONLY, need more work for junkmail. Updates MSSQL database ONLY, need to add access. I am currently working on the web side of it, not sure to use PHP or ASP yet. Probably PHP. Interesting? Duane Cox [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new declude log analyzer (BETA)
Shouldn't work with Access if the datasource isn't hard coded? Like are you creating the database and tables if they don't exist? Or does it rely on a database already created? - Original Message - From: Duane Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 4:23 PM Subject: Re: [Declude.JunkMail] new declude log analyzer (BETA) Great, I will get you a copy sometime next week, and look forward to your feedback. I assume you are setup with MSSQL 7 or 2000 and IIS 5. Duane - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 6:21 PM Subject: Re: [Declude.JunkMail] new declude log analyzer (BETA) I would be interested. - Original Message - From: Duane Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 3:32 PM Subject: [Declude.JunkMail] new declude log analyzer (BETA) I have been working on (in my spare time) a declude (eventually imail log files too) analyzer that will parse the declude virus and junkmail log files (we don't have hijack ... sorry). Yeah, not another one! Seems as if everybody has one these days. Well I took it to another level. The program parses out the log files, updates that information to a mssql database (access in the future), then there is a web site that will draw all these numbers out in pie charts. I would include a few pictures with this email, but am not sure if that is allowed. But if you are interested in trying out this program or looking at screen shots, just email me at [EMAIL PROTECTED] So far, the program works as follows. Parses log file for declude virus ONLY, need more work for junkmail. Updates MSSQL database ONLY, need to add access. I am currently working on the web side of it, not sure to use PHP or ASP yet. Probably PHP. Interesting? Duane Cox [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new declude log analyzer (BETA)
Currently, the program is utilizing MSSQL only. This allows for PHP or ASP to be hosted on a separate IIS box and access the data from the MSSQL box, all separate from the IMail server. I assume you could run all 3 on the same box, or (in the future dump the data to a access file). Currently there is a .sql script that creates the user/password, database, tables, and columns. Then you just let the program run every night at 12:01am to update the database from the previous day's logs. You can also manually run the program with the --file option to specify a specific log to analyze, but with no options, it just analyzes the file(month)(today's date - 1 day).log When the access becomes available, the access file will have the tables and columns already setup. (NOT YET) Duane - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 6:27 PM Subject: Re: [Declude.JunkMail] new declude log analyzer (BETA) Shouldn't work with Access if the datasource isn't hard coded? Like are you creating the database and tables if they don't exist? Or does it rely on a database already created? - Original Message - From: Duane Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 4:23 PM Subject: Re: [Declude.JunkMail] new declude log analyzer (BETA) Great, I will get you a copy sometime next week, and look forward to your feedback. I assume you are setup with MSSQL 7 or 2000 and IIS 5. Duane - Original Message - From: Jay Calvert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 6:21 PM Subject: Re: [Declude.JunkMail] new declude log analyzer (BETA) I would be interested. - Original Message - From: Duane Cox [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 3:32 PM Subject: [Declude.JunkMail] new declude log analyzer (BETA) I have been working on (in my spare time) a declude (eventually imail log files too) analyzer that will parse the declude virus and junkmail log files (we don't have hijack ... sorry). Yeah, not another one! Seems as if everybody has one these days. Well I took it to another level. The program parses out the log files, updates that information to a mssql database (access in the future), then there is a web site that will draw all these numbers out in pie charts. I would include a few pictures with this email, but am not sure if that is allowed. But if you are interested in trying out this program or looking at screen shots, just email me at [EMAIL PROTECTED] So far, the program works as follows. Parses log file for declude virus ONLY, need more work for junkmail. Updates MSSQL database ONLY, need to add access. I am currently working on the web side of it, not sure to use PHP or ASP yet. Probably PHP. Interesting? Duane Cox [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This eMail Has Been Scanned For Viruses By Your eMail Server] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude in PCMag
As a Mac user (prone to nagging developers), I resemble that remark!;) On Friday, January 24, 2003 14:05, Brian Milburn [EMAIL PROTECTED] wrote: Nah, we've been in there a bunch of times and all you get is calls from people wanting to know if you have a Mac version! Just kidding, congratulations Scott! Brian On 01/24/03 3:52pm you wrote... Congratulations, Scott. Declude is mentioned in PCMag, latest February 25th Issue, page 95. Sniffer is also in the same listing. Suppose we'll see price increases now. big grin -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com -- ActivatorMail(tm) ver.122102 Scanned for all viruses by www.activatormail.com intelligent anti-virus anti-spam service --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ve.com. --- [This E-mail scanned for viruses by Solid Oak Software] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] new declude log analyzer (BETA)
I have been working on (in my spare time) a declude (eventually imail log files too) analyzer that will parse the declude virus and junkmail log files (we don't have hijack ... sorry). Yeah, not another one! Seems as if everybody has one these days. Well I took it to another level. The program parses out the log files, updates that information to a mssql database (access in the future), then there is a web site that will draw all these numbers out in pie charts. I would include a few pictures with this email, but am not sure if that is allowed. But if you are interested in trying out this program or looking at screen shots, just email me at [EMAIL PROTECTED] So far, the program works as follows. Parses log file for declude virus ONLY, need more work for junkmail. Updates MSSQL database ONLY, need to add access. I am currently working on the web side of it, not sure to use PHP or ASP yet. Probably PHP. Interesting? Duane Cox [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
