RE: [Declude.JunkMail] New CMD space test info
For some reason this isn't coming up in the archives (though I know I've seen it) Can someone shoot me the config line for the new CMDSPACE ? As I have understand CMDSPACE will be triggered also from every message send out from MS Outlook 2003 because they don't follow certain rules. Right? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] new dow and hour tests
Now I assume I can use: HOURhour7 23 -5 5 This should substract 5 points (note: for hold-on-100) between 07:00am and 11:00pm and add a default weight of 5 to any message comming in between 23:00pm and 07:00am. The one change I would make is to have it read: HOURhour7 22 -5 5 The 22 will end at 22:59:59. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] new dow and hour tests
On www.zcom.it/decludeupdater/returncodes.pdf you can find a diagram showing up a tipical variation of messages on our server (ISP, around 1000 mailboxes). X-line: timerange 00:00am to 12:00pm Y-line: result of decludes weighting system Red dots: messages (x:time / y:weight) Yellow line: hold weight on our server Blue line: Average value of determined weight Now (I assume) I can use: HOURhour7 23 -5 5 This should substract 5 points (note: for hold-on-100) between 07:00am and 11:00pm and add a default weight of 5 to any message comming in between 23:00pm and 07:00am. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, February 19, 2004 3:26 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] new dow and hour tests How would you add weight to these testes. Instead of: HOURhour9 16 0 0 you could use: HOURhour9 16 3 0 which would add 3 points to any E-mail sent between 9AM and 4:59PM. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New CMD space test info
[responding to two posts] For some reason this isn't coming up in the archives (though I know I've seen it) Can someone shoot me the config line for the new CMDSPACE ? CMDSPACEcmdspacex x 8 0 As I have understand CMDSPACE will be triggered also from every message send out from MS Outlook 2003 because they don't follow certain rules. Right? No -- that's the SPAMHEADERS test that Outlook 2003 will fail. I just checked the CMDSPACE test yesterday on 5,000 legitimate E-mails we've received recently, and only 2 failed the CMDSPACE test (both apparently because they are using proprietary mailservers). Even if a MUA (mail client) like Outlook has the flaws that the CMDSPACE test looks for, it won't be able to fail the test unless it connects directly to your mailserver. So while it is unlikely that any MUAs have this flaw, even if they do, it shouldn't affect the usefulness of the test. This should be a very good test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.78 (beta) released
on 2/18/04 2:51 PM, R. Scott Perry wrote: o JM ADD New test spf added for SPF support. How do you turn off the separate logs for spf (spf.log and spf.none)? Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail]
Title: Message Hi Scott: This IP shows up as "IANA Reserved" - but it seems to be a dial-up IPrange for Tiscale (a huge multi-natioinalEuropean provider). Received: from smtp.webhost.hm-software.com [63.107.174.32] by hm-software.com with ESMTP (SMTPD32-7.07) id A38E66F1013A; Thu, 19 Feb 2004 09:09:18 -0500Received: from dyn-83-154-53-225.ppp.tiscali.fr ([83.154.53.225]) by smtp.webhost.hm-software.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 19 Feb 2004 09:09:17 -0500Received: from 0.209.0.200 by 83.154.53.225; Thu, 19 Feb 2004 20:00:46 -0600Message-ID: [EMAIL PROTECTED]From: "tory farina" [EMAIL PROTECTED]Reply-To: "tory farina" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Subject: FWD: Got Pills X|A|Nax , [EMAIL PROTECTED] ( Val|i|um * Fi0ric3`t = +S+oma ? Pnter.m.in ioUcaDate: Fri, 20 Feb 2004 05:01:46 +0300MIME-Version: 1.0Content-Type: multipart/mixed;boundary="--36546696730552609573"X-Mailer: Lotus Notes Release 5.07a May 14, 2001X-Originating-IP: 65.119.204.32Return-Path: [EMAIL PROTECTED]X-OriginalArrivalTime: 19 Feb 2004 14:09:18.0415 (UTC) FILETIME=[F6C4CDF0:01C3F6F1]X-Declude: Version 1.78; Dc38e66f1013a9da0.SMD from dyn-83-154-53-225.ppp.tiscali.fr [83.154.53.225]X-Declude: Triggered None [0]X-Countries: [IANA Reserved]-UNITED STATES-destinationReturn-Path: [EMAIL PROTECTED]X-RCPT-TO: [EMAIL PROTECTED]Status: UX-UIDL: 353610086 Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
RE: [Declude.JunkMail] new dow and hour tests
Do DOW HOURS stand alone as individual tests or is there some way they could be used to run alternate versions of tests which give different scores (or even run tests that you might not during regular operations)? Maybe unclear, so example: the percentage of spam to legit mail is higher on weekends for me, so Monday-Friday MAILFROM might get 10, NOPOSTMASTER might 1, etc. But Sat.-Sunday MAILFROM gets 12 (or whatever), NOPOSTMASTER get 4, etc. Thanks, John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, February 18, 2004 8:26 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] new dow and hour tests How would you add weight to these testes. Instead of: HOURhour9 16 0 0 you could use: HOURhour9 16 3 0 which would add 3 points to any E-mail sent between 9AM and 4:59PM. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] new dow and hour tests
Do DOW HOURS stand alone as individual tests or is there some way they could be used to run alternate versions of tests which give different scores (or even run tests that you might not during regular operations)? They run as individual tests. There isn't any built-in way to combine tests logically (AND/OR/NOT). The latest beta does let you do an OR with filters (for example, a test that will be triggered if either the NOPOSTMASTER or NOABUSE test or both fail), using TESTSFAILED. But I don't believe there is a way to do AND currently. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.78 (beta) released
o JM ADD New test spf added for SPF support. How do you turn off the separate logs for spf (spf.log and spf.none)? Not yet. The spec for SPF still isn't completely frozen yet. After the spec is frozen and we make the necessary changes, we will either remove those log files or have an option for disabling them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail]
This IP shows up as IANA Reserved - but it seems to be a dial-up IP range for Tiscale (a huge multi-natioinal European provider). If you download the latest all_list.dat file from http://www.declude.com/release/178/all_list.dat , it takes care of that. That IP was just delegated less than a month ago. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] new dow and hour tests
Scott: May be AND can be easily integrated with the new test you have added by playing with the weights. Lets say... == SKIPIFWEIGHT 10 MAXWEIGHT10 Testsfailed 5 ENDSspamcop Testsfailed 5 endssorbs Testsfailed 5 endsanothertest === If we can define the test in the global statement that if minimum weight is not reached then the results is zero weight. So if in this test we don't get at least a weight of 10 then the final result weight is 0. This way we can ensure that at least 2 tests have to fail before a weight is assigned. This way we can play with the numbers and create logics that can easily be manipulated. Just a thought... Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, February 19, 2004 9:38 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] new dow and hour tests Do DOW HOURS stand alone as individual tests or is there some way they could be used to run alternate versions of tests which give different scores (or even run tests that you might not during regular operations)? They run as individual tests. There isn't any built-in way to combine tests logically (AND/OR/NOT). The latest beta does let you do an OR with filters (for example, a test that will be triggered if either the NOPOSTMASTER or NOABUSE test or both fail), using TESTSFAILED. But I don't believe there is a way to do AND currently. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] something I can add weight on?
I see this in the headers of spam: Received: from uk2.net (unknown [61.155.209.7]) Is this something I can add weight on? I assume it's a clue. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New CMD space test info
What version / release do we need to be running to use this test? CMDSPACEcmdspacex x 8 0 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New CMD space test info
What version / release do we need to be running to use this test? See http://www.declude.com/relnotes.htm . :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Combination tests (AND/OR/NOT)
R. Scott Perry wrote: They run as individual tests. There isn't any built-in way to combine tests logically (AND/OR/NOT). The latest beta does let you do an OR with filters (for example, a test that will be triggered if either the NOPOSTMASTER or NOABUSE test or both fail), using TESTSFAILED. But I don't believe there is a way to do AND currently. Since this would be of great utility to us, let me make a suggestion as to how to implement this. There are multiple ways that this could be done, however there is one way that would best suit all such needs and be the most universal, and that would be done using boolean logic and operators like so: SPAMCOP and ((SORBS-SPAM or XBL or FIVETEN-SPAM) and NOT CREDIT-FILTER) This would mean that NOT would be a reserved name for a filter file, and you test names shouldn't use parenthesis, but of course you could use a curly brace or brackets instead of parenthesis since they're less common, otherwise you could allow parenthesis if you first checked for if the test name existing before you parsed the operators as shown above. I suppose that this could be done within the Global.cfg with columns added for weights, but that isn't going to be the best way to do it because we need the ability to order this for processing within the custom filter chain. Therefore, I would recommend creating the ability to add new test definitions on the fly within custom filters like so: TESTDEF MYTEST SPAMCOP and (SORBS-SPAM or XBL or FIVETEN-SPAM) and NOT (CREDIT-FILTER) You could place that anywhere within a custom filter and then immediately do tests for it like so. TESTDEF MYTEST SPAMCOP and (SORBS-SPAM or XBL or FIVETEN-SPAM) and NOT (CREDIT-FILTER) TESTSFAILED 10 CONTAINS MYTEST I'm not saying that it couldn't be implemented another way, however some of my own immediate ideas had limitations as to how and where this could be used. The more limiting ways of doing this would be to either define the combo tests within the Global.cfg (because of ordering), or defining combo tests in a single custom file (again because of ordering). This way you could for instance have a filter that could fail it's self and then kick off a totally different test under certain conditions like so: - Global.cfg - COMBO-ZOMBIEfilter C:\IMail\Declude\Filters\Combo-Zombie.txtx 0 0 - Combo-Zombie.txt - REVDNS END ENDSWITH mx.aol.com REVDNS END ENDSWITH mail.comcast.net REVDNS END CONTAINS gateway REVDNS0ENDSWITH.aol.com REVDNS0ENDSWITH.comcast.net REVDNS0ENDSWITH.cable.rogers.com REVDNS0ENDSWITH.bredband.skanova.com REVDNS0ENDSWITH.cable.mindspring.com REVDNS0ENDSWITH.cgocable.ca TESTDEF ZOMBIE SPAMCOP and COMBO-ZOMBIE TESTSFAILED 10 CONTAINS ZOMBIE The only caveat is that people would need to keep in mind that the test name within the Global.cfg shouldn't be used for a TESTDEF name, unless you want to work around that and allow things to be redefined on the fly (more work, but would protect from error conditions). What do you think? Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New CMD space test info
Scott, The issue uncovered back when this was first released was that mail hosts using Declude and CMDSPACE will find that Outlook 2003 mail clients will fail CMDSPACE when they use your server as outgoing SMTP in a direct connection. The fix for this is to use IMail 8 and WHITELIST AUTH. Admins using IMail 7 should probably avoid this test unless they can bypass scoring such clients. It appears that all of Microsoft's latest generation of clients, even ones used on the Mac, will fail when directly connecting to your server. From watching CMDSPACE, I have found that it is most problematic with automated messages, such as postmaster bounces, password retrieval scripts and other types of system notifications. The correlation with BADHEADERS isn't large, but if you have SPAMHEADERS scoring for a missing Message-ID tag. There's one piece of spamware that is used by legit companies sometimes for newsletters that will fail this test, and because of the normal conditions for such a thing being used, there's a fairly high correlation of CMDSPACE and HELOBOGUS. I've been scoring this at 3 points with a hold weight of 10. It definitely causes problems when scored higher. While it's very accurate, especially for zombies, it hits so frequently that you have to watch out for issues. I would suggest dropping the recommended weight to 30% of hold weight, or at least being much more conservative. Matt R. Scott Perry wrote: [responding to two posts] For some reason this isn't coming up in the archives (though I know I've seen it) Can someone shoot me the config line for the new CMDSPACE ? CMDSPACEcmdspacex x 8 0 As I have understand CMDSPACE will be triggered also from every message send out from MS Outlook 2003 because they don't follow certain rules. Right? No -- that's the SPAMHEADERS test that Outlook 2003 will fail. I just checked the CMDSPACE test yesterday on 5,000 legitimate E-mails we've received recently, and only 2 failed the CMDSPACE test (both apparently because they are using proprietary mailservers). Even if a MUA (mail client) like Outlook has the flaws that the CMDSPACE test looks for, it won't be able to fail the test unless it connects directly to your mailserver. So while it is unlikely that any MUAs have this flaw, even if they do, it shouldn't affect the usefulness of the test. This should be a very good test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Combination tests (AND/OR/NOT)
BTW, we could implement all of this AND, OR, NOT functionality currently by 1. Assigning a unique power of 2 weight to every test (e.g. 1, 2, 4, 8, 16, 32, ...) 2. Setting up weightmatch and/or weightrange tests to perform an action for each desired combination (e.g. weightmatch on a weight of 9 to perform a unique action on tests that weight 1 and 8, but not 2, 4, 16, 32, ...). Note that this would work by WARNing, HOLDing, DELETEing, etc. on combinations of tests rather than a weight threshold, so using a weight of 10 to hold and weight of 15 or 20 to delete would no longer work. Instead, you would set an action for each combination that you wanted to take an action on...basically a subset of 1... (2^N)-1 for N unique tests. It would probably work best to use lower numbers for less reliable tests to allow for weightrange actions on high aggregate weights. It could be a pain to set up and manage, but it would meet all of the AND, NOT, OR criteria right now. Darin. - Original Message - From: Matt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 12:42 PM Subject: Re: [Declude.JunkMail] Combination tests (AND/OR/NOT) R. Scott Perry wrote: They run as individual tests. There isn't any built-in way to combine tests logically (AND/OR/NOT). The latest beta does let you do an OR with filters (for example, a test that will be triggered if either the NOPOSTMASTER or NOABUSE test or both fail), using TESTSFAILED. But I don't believe there is a way to do AND currently. Since this would be of great utility to us, let me make a suggestion as to how to implement this. There are multiple ways that this could be done, however there is one way that would best suit all such needs and be the most universal, and that would be done using boolean logic and operators like so: SPAMCOP and ((SORBS-SPAM or XBL or FIVETEN-SPAM) and NOT CREDIT-FILTER) This would mean that NOT would be a reserved name for a filter file, and you test names shouldn't use parenthesis, but of course you could use a curly brace or brackets instead of parenthesis since they're less common, otherwise you could allow parenthesis if you first checked for if the test name existing before you parsed the operators as shown above. I suppose that this could be done within the Global.cfg with columns added for weights, but that isn't going to be the best way to do it because we need the ability to order this for processing within the custom filter chain. Therefore, I would recommend creating the ability to add new test definitions on the fly within custom filters like so: TESTDEF MYTEST SPAMCOP and (SORBS-SPAM or XBL or FIVETEN-SPAM) and NOT (CREDIT-FILTER) You could place that anywhere within a custom filter and then immediately do tests for it like so. TESTDEF MYTEST SPAMCOP and (SORBS-SPAM or XBL or FIVETEN-SPAM) and NOT (CREDIT-FILTER) TESTSFAILED 10 CONTAINS MYTEST I'm not saying that it couldn't be implemented another way, however some of my own immediate ideas had limitations as to how and where this could be used. The more limiting ways of doing this would be to either define the combo tests within the Global.cfg (because of ordering), or defining combo tests in a single custom file (again because of ordering). This way you could for instance have a filter that could fail it's self and then kick off a totally different test under certain conditions like so: - Global.cfg - COMBO-ZOMBIEfilter C:\IMail\Declude\Filters\Combo-Zombie.txtx 0 0 - Combo-Zombie.txt - REVDNS END ENDSWITH mx.aol.com REVDNS END ENDSWITH mail.comcast.net REVDNS END CONTAINS gateway REVDNS0ENDSWITH.aol.com REVDNS0ENDSWITH.comcast.net REVDNS0ENDSWITH.cable.rogers.com REVDNS0ENDSWITH.bredband.skanova.com REVDNS0ENDSWITH.cable.mindspring.com REVDNS0ENDSWITH.cgocable.ca TESTDEF ZOMBIE SPAMCOP and COMBO-ZOMBIE TESTSFAILED 10 CONTAINS ZOMBIE The only caveat is that people would need to keep in mind that the test name within the Global.cfg shouldn't be used for a TESTDEF name, unless you want to work around that and allow things to be redefined on the fly (more work, but would protect from error conditions). What do you think? Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Acting as a gateway for domains on other servers
Acting as a gateway for domains on other servers I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. I host email for 11 of 21 school districts. The remaining 11 host their own email servers and I would like to filter their email through Imail/Declude. They want to host their own email servers... but would like to take advantage of both the virus and spam filtering offered by Imail/Declude. Does anyone have this kind of configuration in place? Any comments are appreciated. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New CMD space test info
The issue uncovered back when this was first released was that mail hosts using Declude and CMDSPACE will find that Outlook 2003 mail clients will fail CMDSPACE when they use your server as outgoing SMTP in a direct connection. The fix for this is to use IMail 8 and WHITELIST AUTH. Admins using IMail 7 should probably avoid this test unless they can bypass scoring such clients. Ah yes, this was the problem. After enabling CMDSPACE today I've seen again a lot of false positives. I've tried to search something that can be wrong on my server or by the clients that send messages. Imail 7.15 here and - I asume - over 90% of Outlook users. CMDSPACE disabled. Waiting for reason and budget to upgrade to v8. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Failed PERCENT test with no %
Hello, All, I have an e-mail that failed the PERCENT test but I can't find any % symbol in the to addresses. - Received: from pop-6.dnv.wideopenwest.com [64.233.207.24] by american-apex.com with ESMTP (SMTPD32-6.06) id A880275019C; Wed, 18 Feb 2004 17:34:40 -0500 Received: from oemcomputer (d60-65-166-134.col.wideopenwest.com [65.60.134.166]) by pop-6.dnv.wideopenwest.com (8.11.6/8.11.6) with SMTP id i1IMYJs09122; Wed, 18 Feb 2004 16:34:19 -0600 Message-ID: [EMAIL PROTECTED] From: Tracey [EMAIL PROTECTED] To: Theresa [EMAIL PROTECTED], Shelah [EMAIL PROTECTED], Patti [EMAIL PROTECTED], 'Patrick' [EMAIL PROTECTED], Nicholasr [EMAIL PROTECTED], Natalie [EMAIL PROTECTED], Marty [EMAIL PROTECTED], Marie and Mark [EMAIL PROTECTED], Jane [EMAIL PROTECTED], Julie [EMAIL PROTECTED], Joanne [EMAIL PROTECTED], Jim and Missy [EMAIL PROTECTED], Glenda [EMAIL PROTECTED], Betsy [EMAIL PROTECTED], Alison [EMAIL PROTECTED], :[EMAIL PROTECTED] Subject: Soccer Date: Wed, 18 Feb 2004 17:37:38 -0500 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0077_01C3F645.E6C8C700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-RBL-Warning: PERCENT: X-Declude-Sender: [EMAIL PROTECTED] [64.233.207.24] X-Note: This E-mail was scanned filtered by Declude [1.75] for SPAM viruses. X-Country-Chain: X-Note: Recipient(s): @american-apex.com X-Note: Sent with HELO [pop-6.dnv.wideopenwest.com] from Reverse DNS [pop-6.dnv.wideopenwest.com] X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT, PERCENT, WEIGHTRANGE-10+ [13] - I see what looks like a bogus character in the address :[EMAIL PROTECTED] but it's not a percent symbol. Any ideas? Bug? Thanks, Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] $default$ Redirect warning when it shouldn't
If that isn't the case, you may want to temporarily use LOGLEVEL HIGH (in the global.cfg file), which will record which config file Declude JunkMail is using, which can help track down the problem. I'll do this and see what I come up with. The log file is showing the Redirecting email to file d:\imail\declude\enabled.junkmail. This email account isn't listed on a REDIRECT line, but looks like we are getting a line that looks like this: REDIRECT @ d:\imail\declude\enabled.junkmail Would this catch every email address that comes through? We are trying to debug our program that creates this file, but does anyone know if this would cause the problem I'm having? Thanks for the help, ::James Nelson --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Acting as a gateway for domains on other servers
Samantha, We have had this type of setup in place for years, works great. We filter tons of email for Exchange, Domino, and other SMTP Servers. Let me know if I can give aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Acting as a gateway for domains on other servers Acting as a gateway for domains on other servers I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. I host email for 11 of 21 school districts. The remaining 11 host their own email servers and I would like to filter their email through Imail/Declude. They want to host their own email servers... but would like to take advantage of both the virus and spam filtering offered by Imail/Declude. Does anyone have this kind of configuration in place? Any comments are appreciated. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Combination tests (AND/OR/NOT)
Since this would be of great utility to us, let me make a suggestion as to how to implement this. There are multiple ways that this could be done, however there is one way that would best suit all such needs and be the most universal, and that would be done using boolean logic and operators like so: SPAMCOP and ((SORBS-SPAM or XBL or FIVETEN-SPAM) and NOT CREDIT-FILTER) Hehe, practicaly my words from last week: http://www.mail-archive.com/declude.junkmail%40declude.com/msg16114.html Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Acting as a gateway for domains on other servers
I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. Will gateway (store-and-forward) domains get scanned? Yes. However, IMail treats those domains as outgoing E-mail, since they are not stored locally. Therefore, the outgoing actions (from the \IMail\Declude\global.cfg file) will be used. If you want to use different actions for the gateway domains, you can set up per-domain settings for the domain. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Acting as a gateway for domains on other servers
Does this solution filter both spam and viruses? What about the rules via Imail...they don't run do they??? I user a lot of rules to block email and with this solution they could not take advantage of rules.ima, right? -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, February 19, 2004 2:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other servers Samantha, We have had this type of setup in place for years, works great. We filter tons of email for Exchange, Domino, and other SMTP Servers. Let me know if I can give aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Acting as a gateway for domains on other servers Acting as a gateway for domains on other servers I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. I host email for 11 of 21 school districts. The remaining 11 host their own email servers and I would like to filter their email through Imail/Declude. They want to host their own email servers... but would like to take advantage of both the virus and spam filtering offered by Imail/Declude. Does anyone have this kind of configuration in place? Any comments are appreciated. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Failed PERCENT test with no %
I have an e-mail that failed the PERCENT test but I can't find any % symbol in the to addresses. The PERCENT test catches a couple of other deprecated routing schemes, including: :[EMAIL PROTECTED] The colon there can be used to improperly re-route E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] $default$ Redirect warning when it shouldn't
The log file is showing the Redirecting email to file d:\imail\declude\enabled.junkmail. This email account isn't listed on a REDIRECT line, but looks like we are getting a line that looks like this: REDIRECT @ d:\imail\declude\enabled.junkmail Would this catch every email address that comes through? As far as I know, that would redirect all E-mail to the d:\imail\declude\enabled.junkmail file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Acting as a gateway for domains on other servers
Hello, All, I've never been able to get the Store and Forward capability of IMail to work so I could relay mail and scan external domains. Is there anyone who has this setup who would be willing to lend me a hand? TIA, Dan Geiser [EMAIL PROTECTED] I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. Will gateway (store-and-forward) domains get scanned? Yes. However, IMail treats those domains as outgoing E-mail, since they are not stored locally. Therefore, the outgoing actions (from the \IMail\Declude\global.cfg file) will be used. If you want to use different actions for the gateway domains, you can set up per-domain settings for the domain. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Emails in Use Lists
Reply to: R. Scott Perry Re: [Declude.JunkMail] $default$ Redirect warning when it shouldn't on Thursday 2:29:31 PM I know this is to redirect to a configuration, but I have a somewhat related question, I think... I would like to know how to make a list of email addresses actually passing mail through my system of a select domain. For example, for the domain.com I'd like a list generated of mails actually in use on my system in a text file: [EMAIL PROTECTED] [EMAIL PROTECTED] etc. On store and forward I have no easy way to generate a list of accounts passing mail through my system. This would be very useful for billing purposes.. -- Roger Heath [EMAIL PROTECTED] www.rleeheath.com - Copy of Original Message(s): - The log file is showing the Redirecting email to file d:\imail\declude\enabled.junkmail. This email account isn't listed on a REDIRECT line, but looks like we are getting a line that looks like this: REDIRECT @ d:\imail\declude\enabled.junkmail Would this catch every email address that comes through? RSP As far as I know, that would redirect all E-mail to the RSP d:\imail\declude\enabled.junkmail file. RSP -Scott RSP --- RSP Declude JunkMail: The advanced anti-spam solution for IMail mailservers RSP since 2000. RSP Declude Virus: Catches known viruses and is the leader in mailserver RSP vulnerability detection. RSP Find out what you've been missing: Ask for a free 30-day evaluation. RSP --- RSP [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP --- RSP This E-mail came from the Declude.JunkMail mailing list. To RSP unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP type unsubscribe Declude.JunkMail. The archives can be found RSP at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Acting as a gateway for domains on other servers
Correct, they will not have access to Imail rules. However, as someone else said, it works well. I do e-mail gateway service for 2 accounts, and I do all the spam and virus scanning via Declude. I have no Imail rules in place. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 12:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other servers Does this solution filter both spam and viruses? What about the rules via Imail...they don't run do they??? I user a lot of rules to block email and with this solution they could not take advantage of rules.ima, right? -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, February 19, 2004 2:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other servers Samantha, We have had this type of setup in place for years, works great. We filter tons of email for Exchange, Domino, and other SMTP Servers. Let me know if I can give aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Acting as a gateway for domains on other servers Acting as a gateway for domains on other servers I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. I host email for 11 of 21 school districts. The remaining 11 host their own email servers and I would like to filter their email through Imail/Declude. They want to host their own email servers... but would like to take advantage of both the virus and spam filtering offered by Imail/Declude. Does anyone have this kind of configuration in place? Any comments are appreciated. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BLACKLIST FOR OUTGOING MAIL
Hello. I am setting up a blacklist for outgoing mail. I created a file named blacklist.txt. In the Global.cfg file I put an entry in the Outgoing Mail section to: blacklist HOLD and blacklist fromfile c:\imail\declude\blacklist.txt x 5 0 When I send a message from the account that is blacklisted in the blacklist.txt file, I can see in the headers that it shows that it failed the spam test but it is still getting through. It is either not reading the blacklist.txt file or it is not recognizing the action to take. I attached my blacklist.txt file for viewing. Please help. Thanks. @attws.com Mark Cummins wanted this site blocked 042403 @cancun.rbexpress.org Sam kept getting this [EMAIL PROTECTED] to test
RE: [Declude.JunkMail] Acting as a gateway for domains on other servers
Samantha, I don't believe the rules.ima files would work due to there are no actually mailboxes stored on your Imail server in a Gateway config, thus it doesn't have any mailbox processing tied to it, i.e. rules files, storage. The beauty is, Declude setup in a per-domain config, will allow spam and virus filtering against those domains, you can even take it to the user level if necessary. Thus, you can configure Declude to tag spam, routeto another mailbox for spam lookups, etc. May take some work to transfer some of your rules.ima into Declude and let it do the work. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 3:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other servers Does this solution filter both spam and viruses? What about the rules via Imail...they don't run do they??? I user a lot of rules to block email and with this solution they could not take advantage of rules.ima, right? -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, February 19, 2004 2:59 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Acting as a gateway for domains on other servers Samantha, We have had this type of setup in place for years, works great. We filter tons of email for Exchange, Domino, and other SMTP Servers. Let me know if I can give aid. Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bridges, Samantha Sent: Thursday, February 19, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Acting as a gateway for domains on other servers Acting as a gateway for domains on other servers I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. I host email for 11 of 21 school districts. The remaining 11 host their own email servers and I would like to filter their email through Imail/Declude. They want to host their own email servers... but would like to take advantage of both the virus and spam filtering offered by Imail/Declude. Does anyone have this kind of configuration in place? Any comments are appreciated. Samantha --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BLACKLIST FOR OUTGOING MAIL
I am setting up a blacklist for outgoing mail. I created a file named blacklist.txt. In the Global.cfg file I put an entry in the Outgoing Mail section to: blacklist HOLD and blacklist fromfile c:\imail\declude\blacklist.txt x 5 0 Actually, the BLACKLIST HOLD line needs to come after the other line. The first time Declude JunkMail sees a new test name in the global.cfg file, it expects the test definition to occur on that line. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Acting as a gateway for domains on other servers
If it is not urgent, contact me off list and I can help. May take me some time to get back to you on it. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Thursday, February 19, 2004 12:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Acting as a gateway for domains on other servers Hello, All, I've never been able to get the Store and Forward capability of IMail to work so I could relay mail and scan external domains. Is there anyone who has this setup who would be willing to lend me a hand? TIA, Dan Geiser [EMAIL PROTECTED] I know this works for Declude virus but will this work for filter spam too? I would suspect that it does but I didn't see it in the documentation. Will gateway (store-and-forward) domains get scanned? Yes. However, IMail treats those domains as outgoing E-mail, since they are not stored locally. Therefore, the outgoing actions (from the \IMail\Declude\global.cfg file) will be used. If you want to use different actions for the gateway domains, you can set up per-domain settings for the domain. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Pseudo AND work around
Scott, Could you tell me the format of the new TESTSFAILED values as used in the filters. There's a work around that can be done if you search for a string with multiple tests in it, i.e. TESTSFAILED 10 CONTAINS SPAMCOP,XBL I understand the ordering issue, and I'm thinking that you could work around this by defining one line filter files that appear in your config in order like so: - Global.cfg - SPAMCOP-COPYfilter C:\IMail\Declude\Filters\SpamCop-Copy.txtx 0 0 XBL-COPY filter C:\IMail\Declude\Filters\XBL-Copy.txtx 0 0 ZOMBIEfilter C:\IMail\Declude\Filters\Zombie.txt x 0 0 - SpamCop-Copy.txt - TESTSFAILED 0 CONTAINS SPAMCOP - XBL-Copy.txt - TESTSFAILED 0 CONTAINS XBL - Zombie.txt - TESTSFAILED 20 CONTAINS SPAMCOP-COPY,XBL-COPY The only missing piece to this would be knowing how the values are separated for the string. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Pseudo AND work around
Could you tell me the format of the new TESTSFAILED values as used in the filters. Each test that failed is listed in the order they are listed in the global.cfg file, each separated by a space. There's a work around that can be done if you search for a string with multiple tests in it, i.e. TESTSFAILED 10 CONTAINS SPAMCOP,XBL So here you could use: TESTSFAILED 10 CONTAINS SPAMCOP XBL -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Pseudo AND work around
Thanks Scott. BTW, one can also pull off OR and NOT functionality doing this trick, though it's cumbersome once you get into multiple operators. I'll have something to share later on today :) Matt R. Scott Perry wrote: Could you tell me the format of the new TESTSFAILED values as used in the filters. Each test that failed is listed in the order they are listed in the global.cfg file, each separated by a space. There's a work around that can be done if you search for a string with multiple tests in it, i.e. TESTSFAILED 10 CONTAINS SPAMCOP,XBL So here you could use: TESTSFAILED 10 CONTAINS SPAMCOP XBL -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fw: iMail 8.05 LDAP service remote exploit
- Original Message - From: Iván Rodriguez Almuiña [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 10:04 AM Subject: iMail 8.05 LDAP service remote exploit iMail 8.05 LDAP service remote exploit can be found at: http://www.coromputer.net Iván Rodriguez Almuiña aka kralor [EMAIL PROTECTED] http://www.coromputer.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: iMail 8.05 LDAP service remote exploit
8.05 Hotfix 2 Details: - Fixes a possible LDAP Denial of Service vulnerability Bill - Original Message - From: Joshua Levitsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 2:57 PM Subject: [Declude.JunkMail] Fw: iMail 8.05 LDAP service remote exploit - Original Message - From: Iván Rodriguez Almuiña [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 10:04 AM Subject: iMail 8.05 LDAP service remote exploit iMail 8.05 LDAP service remote exploit can be found at: http://www.coromputer.net Iván Rodriguez Almuiña aka kralor [EMAIL PROTECTED] http://www.coromputer.net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ZOMBIE v1.0.0 for Declude JunkMail Pro v1.78 beta ---
This only works with Pro versions of the 1.78 beta just released yesterday. It didn't take but a minute or so for this test to start adding some significant points to E-mail on my system. The idea here is to give extra points to messages that fail certain combinations of tests. XBL and SPAMCOP are a great way to mark zombies, but they aren't on their own reliable enough to delete on. On the other hand, a message that fails SPAMDOMAINS and XBL, or NAJBL-DYNA and SPAMCOP is a near perfect hit for zombie generated spam. In the very least this will push messages from HOLD or (or below HOLD) to your DELETE range (or whatever you might want to call your levels). The logic of this test in the default configuration is as follows: If ( SPAMCOP and (XBL or SPAMDOMAINS or AHBL-DUL or NJABL-DUL or NJABL-DYNA or SORBS-DUL or BASE64) or XBL and (SPAMCOP or SPAMDOMAINS or AHBL-DUL or NJABL-DUL or NJABL-DYNA or SORBS-DUL or BASE64) ) Then add 15 points. I actually have a few more tests configured on my system for the long trail of OR operators. Be creative. Also, be sure that you check the test names that I provided against the ones that you might be using on your system, and of course make sure that everything is defined. You can download the newest version of ZOMBIE and other beta filters from the following location: http://www.mailpure.com/software/decludefilters/beta/ Please return the favor and share with me any FP's that you see on this test so that I can make adjustments for the benefit of myself as well as others. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Tom's Kill List
Question, Tom, is .georgewbush.comID-20040121-001584 an oversight? Just had to ask this... ;) I'd rather not say. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tom's Kill List (another erroneous entry)
Another incorrect entry is this one: @ltgsys.com ID-20040121-000433 This is a company called Lighting Systems and is one of our business partners. Please fix. That's a matter of opinion, however, I will remove it for now. If I see more from them again, then I will place them back into the list. This usually means that they were compromised or someone is abusing their domain name. Either way it would have to be dealt with one way or another. Keep in mind the list is not a public list. We do allow others (in the Declude forum) to use it. We strongly recommend you use it with a weighing system (such as Declude Pro) and one that does not delete solely based on our fromfile. With all that said, please use the list at your own risk. PS: An update has been posted and can be downloaded from the following URLs: http://www.imagefxonline.net/apps/delog/daily.txt http://www.imagefxonline.net/apps/delog/fromfile.txt Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blocking virus bounce messages
I am sure you have talked about this before, but is there any way in junkmail to block virus notifications from other servers. My users are getting tons of undeliverable messages that they never sent due to outside users infected with viruses. Any help would be appreciated Kyle
