RE: [Declude.JunkMail] Minimum weight of a filter
No -- that determines a weight at which filter processing will stop. But it sounds like you want the filter to only return a weight if multiple lines match. Great idea! In my opinion it should return only a non-zero result if a certain NUMBER of lines match. (not a certain weight is reached) This would allow us for example to set up a great AVFILTER file: avfilter.txt === BODY 0 contains virus BODY 0 contains infected BODY 0 contains detected BODY 0 contains contains BODY 0 contains attachment BODY 0 contains removed BODY 0 contains netsky RETURNONLYIF 3 === Global.cfg AVFILTER filter c:\imail\declude\avfilter.txt 15 0 If the above filter file would return a weight only if at least 3 entries matches then the 15 points should be added to the weighting system but wouldn't return any wheight only because one or two of this keywords are part of a message. The same tecnique could be used for several other filter files. For example microsoft, adobe, software, cheap, or also for combinations of negative keywords. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack Logs
Thanks for the response. I was able to take a quick look at the Imail logs today and I have an R for the message received but that is where it stops, I never receive the D for delivery. I do not have hold1 or hold2 Directories, I am assuming these are auto created and deleted, if not then it is safe to say it is not working properly. Today was very busy so I did not get much time to look at it. Have you checked any other log files (Declude JunkMail and/or Declude Virus if you have them)? Did you check the IMail SMTP log file? Specifically, the Declude Hijack log file doesn't indicate that it blocked the E-mails, and if there is no hold2 directory, it could not have. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] bug with subject filter
Regarding the bug with subject filter that Matt reported Thursday with his gibberishsub filter. I too have noticed some oddities with the Gibberishsub filter results. Matt said it was happening at the end of the subject. I believe it may also be happening at the beginning of the subject. Also some subjects appear to wrap. Good eye. :) Triggered CONTAINS filter GIBBERISHSUB on xr [weight-3; xRe: Optaflexx]. Subject was: Re: Optaflexx Triggered CONTAINS filter GIBBERISHSUB on tq [weight-3; tQ2 pay report]. Subject was: Q2 pay report What is happening here is that Declude JunkMail has a new feature that decodes the subject. But to ensure that filters also work on the undecoded subject, the subject filter is set up to check both subjects, by adding one right after the other. Needless to say, this was causing the behavior that you and Matt noticed. The code has been fixed, and I hope to have a new interim release ready later today. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Since we are running IMail (ie Windows) what is the performance of the Windows DNS service? I know that it works but how good/fast is it? If you are going to run a Windows DNS server would you recommend running it on the IMail box or on another one? The performance isn't as important as the reliability, which isn't that high. I would recommend using BIND instead (we actually run BIND on our IMail server, and it works flawlessly). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Scott, The performance isn't as important as the reliability, which isn't that high. I would recommend using BIND instead (we actually run BIND on our IMail server, and it works flawlessly). I thought that BIND was the DNS that runs on *NIX. I guess they have ported it. Is BIND free? If so where do you download it from? Is it a purchased product? Goran --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
I thought that BIND was the DNS that runs on *NIX. I guess they have ported it. It's been available on Windows for quite some time -- it just isn't as popular on Windows. I don't know why, though. Is BIND free? If so where do you download it from? Is it a purchased product? It is free, from http://www.isc.org/ (they only supply the source code, though). You can go to http://bind8nt.meiway.com/ for help with BIND (it talks about BIND v8, but the BIND v9 works about the same way). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] bug with subject filter
A new interim release today... That's excellent, I was going through interim release withdrawl. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/23/04 06:08AM Regarding the bug with subject filter that Matt reported Thursday with his gibberishsub filter. I too have noticed some oddities with the Gibberishsub filter results. Matt said it was happening at the end of the subject. I believe it may also be happening at the beginning of the subject. Also some subjects appear to wrap. Good eye. :) Triggered CONTAINS filter GIBBERISHSUB on xr [weight-3; xRe: Optaflexx]. Subject was: Re: Optaflexx Triggered CONTAINS filter GIBBERISHSUB on tq [weight-3; tQ2 pay report]. Subject was: Q2 pay report What is happening here is that Declude JunkMail has a new feature that decodes the subject. But to ensure that filters also work on the undecoded subject, the subject filter is set up to check both subjects, by adding one right after the other. Needless to say, this was causing the behavior that you and Matt noticed. The code has been fixed, and I hope to have a new interim release ready later today. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
CBL:RE: [Declude.JunkMail] Nameserver issues and Spam fighting
The easy answer to this is to use your own DNS servers -- if you do (and they are decent DNS servers; BIND is preferred), you won't be subject to the restrictions of ATT, Sprint, and others that block spam database lookups. Since we are running IMail (ie Windows) what is the performance of the Windows DNS service? I know that it works but how good/fast is it? If you are going to run a Windows DNS server would you recommend running it on the IMail box or on another one? And for another viewpoint, having run both BIND and Windows DNS for years, I've migrated solely to Windows DNS. DNS really isn't a big performance hog, so it runs fine on the iMail server itself, though you'll want a secondary for redundancy. That's assuming you're not running iMail, IIS, SQL Server, Websphere and whatever else on the system as well. :) Jeff (And actually, that's the config of my iMail server...) --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Nameserver issues and Spam fighting
We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Darin. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 7:10 AM Subject: RE: [Declude.JunkMail] Nameserver issues and Spam fighting Since we are running IMail (ie Windows) what is the performance of the Windows DNS service? I know that it works but how good/fast is it? If you are going to run a Windows DNS server would you recommend running it on the IMail box or on another one? The performance isn't as important as the reliability, which isn't that high. I would recommend using BIND instead (we actually run BIND on our IMail server, and it works flawlessly). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Minimum weight of a filter
I use Matt's modified copy of Kami's Nigerian Scam list as a test. I then use a combo test with Nigerian Scam and Sniffer-Scams (return code 53) or Nigerian-Scam Sniffer-Experimental (return code 62) to assign an additional punishment of 10 points. Matt's Nigeria-scam list can be found at: http://www.mail-archive.com/[EMAIL PROTECTED]/msg15578.html Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/22/04 10:45PM Scott, I working on trapping more Nigerian Scams. What would you do in a filter? Search the body for phrases that are found in these types of e-mails? Goran --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Minimum weight of a filter - Nigerian Scams
It sounds like a feature request! The only way I though I can get around my original problem, was possibly this: Run my Nigerian-scams filter first. Add a Weight1, weight2, and Weight 3. test Run a tests filter, If weight 1, drop one point. If weight 2 drop 2 points. If weight 3 drop 3 points. Do normal tests. Sounds like more hassle than it would be worth. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/23/04 03:21AM No -- that determines a weight at which filter processing will stop. But it sounds like you want the filter to only return a weight if multiple lines match. Great idea! In my opinion it should return only a non-zero result if a certain NUMBER of lines match. (not a certain weight is reached) This would allow us for example to set up a great AVFILTER file: avfilter.txt === BODY 0 contains virus BODY 0 contains infected BODY 0 contains detected BODY 0 contains contains BODY 0 contains attachment BODY 0 contains removed BODY 0 contains netsky RETURNONLYIF 3 === Global.cfg AVFILTER filter c:\imail\declude\avfilter.txt 15 0 If the above filter file would return a weight only if at least 3 entries matches then the 15 points should be added to the weighting system but wouldn't return any wheight only because one or two of this keywords are part of a message. The same tecnique could be used for several other filter files. For example microsoft, adobe, software, cheap, or also for combinations of negative keywords. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Nameserver issues and Spam fighting
We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities
Good to know. Hadn't heard of problems with Windows DNS, but had heard of security issues with BIND. The one thing I don't like about Windows DNS is the inability to enumerate subdomains without manually parsing the zone files. Not sure what BIND has now in terms of programmatically manipulating zone files to automate most common processes and provide simple management interfaces. A few years ago we ran DNS and hosting on Unix/BIND and had an inherited system with some automated management capabilities, but all via telnet. We now do all of our DNS management via a database driven system, with a web UI and multiple security levels to provide some customers (collocated, advanced customers, and resellers) the ability to manipulate DNS. Darin. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 10:01 AM Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Scott: Is there any advantage performance wise to run the DNS on the same machine as Imail?? I am putting up a new mail server and we are looking at implemented a DNS server with a sole function of supporting mail. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 8:01 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities
Darin: Is your DNS system home grown or did you purchase it? Sounds like it is part of a hosting control panel. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox Sent: Friday, April 23, 2004 8:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities Good to know. Hadn't heard of problems with Windows DNS, but had heard of security issues with BIND. The one thing I don't like about Windows DNS is the inability to enumerate subdomains without manually parsing the zone files. Not sure what BIND has now in terms of programmatically manipulating zone files to automate most common processes and provide simple management interfaces. A few years ago we ran DNS and hosting on Unix/BIND and had an inherited system with some automated management capabilities, but all via telnet. We now do all of our DNS management via a database driven system, with a web UI and multiple security levels to provide some customers (collocated, advanced customers, and resellers) the ability to manipulate DNS. Darin. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 10:01 AM Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Nameserver issues and Spam fighting
Is there any advantage performance wise to run the DNS on the same machine as Imail?? I am putting up a new mail server and we are looking at implemented a DNS server with a sole function of supporting mail. With DNS running on the IMail server, there would be a slight performance hit, but it should not be noticeable. A single DNS server should be able to handle 1,000s of queries per second, whereas most mailservers would likely only have 10s of queries per second at most. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities
Hi Chuck, Yes, it's part of a larger .NET-based control panel we built to manage accounts. It's primary purpose is to facilitate account setup, suspension, and deletion, but also exposes some DNS and mail functions to resellers, collocated customers, and advanced customers. We've been intending to package up modular portions of the system, but workload has put us a little behind schedule. If there's enough interest in it, we can push it up on our priority list, though. Darin. - Original Message - From: Chuck Schick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 10:46 AM Subject: RE: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities Darin: Is your DNS system home grown or did you purchase it? Sounds like it is part of a hosting control panel. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox Sent: Friday, April 23, 2004 8:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: BIND vs Windows DNS capabilities Good to know. Hadn't heard of problems with Windows DNS, but had heard of security issues with BIND. The one thing I don't like about Windows DNS is the inability to enumerate subdomains without manually parsing the zone files. Not sure what BIND has now in terms of programmatically manipulating zone files to automate most common processes and provide simple management interfaces. A few years ago we ran DNS and hosting on Unix/BIND and had an inherited system with some automated management capabilities, but all via telnet. We now do all of our DNS management via a database driven system, with a web UI and multiple security levels to provide some customers (collocated, advanced customers, and resellers) the ability to manipulate DNS. Darin. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 10:01 AM Subject: Re: [Declude.JunkMail] Nameserver issues and Spam fighting We've run Windows DNS (on our mail server as well) for several years with no problems. I haven't ever seen a performance comparison of Windows DNS vs. BIND, though. Scott, what's your rationale behind recommending BIND instead? Because I have heard many, many reports of problems with Windows DNS. There are often mysterious problems that go away by rebooting a Windows DNS server. If it is working fine for you, then I wouldn't recommend switching -- it may well be that the version you are running along with the way you have it set up (and your volume) doesn't have any problems. Part of the problem may be that Windows DNS is part of the OS (which only gets a new release every couple of years), whereas BIND is a standard product in that it is continually upgraded. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: MS Security Bulletin MS04-011: IIS/SSL Exploit Code on the Loose
Hello, All, I know this is completely off-topic but I highly value the help the readers of the list often to give to me. Sometimes I feel like the equation is a little overbalanced, i.e. I take more than I give, so I thought I'd send this your way, to save the readers of this list some grief, if possible. Last week Microsoft released a Security Bulletin MS04-011, http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx,and yesterday they posted news on their web site of some exploit code available on the Internet for that bulletin, http://www.microsoft.com/security/incident/pctdisable.asp. Yesterday afternoon around 5pm one of our web servers got hit by the exploit. The reason I knew something was up was when a number of our SSL customers calledthis morningsaying that the SSL portion of their web site was no longer working correctly. I am completely up to date now and no worse for the wear. I don't believe any damage was done other than shutting down the SSL functionality of the web server but I consider myself lucky. If you want to read an assortment of article on the issue there's some good stuff on Google News, http://news.google.com/news?hl=enedition=usq=ms04-011. One of the articles on Tom's Hardware, http://www.tomshardware.com/hardnews/20040421_093943.html,mentions some issues people have been having with the patch for the exploit so I don't want to say diving headlong into patching it is the best idea. It's what I did BUT I didn't find the Tom's Hardware article until after I had patched it. From the other stuff I've read it sounds like about 95% of the Win2k computers which apply this patch come up just fine but 5% might have issues. So if you have a test environement in place you might apply it there first. Anyway, I just wanted to make sure that you are all aware that there is live exploits going on for this Microsoft security issues released about 10 days ago. Take Care, Dan Geiser [EMAIL PROTECTED]
[Declude.JunkMail] Big Evil SURBL batch file
I have taken Roger Eriksson's SURBL batch file and using the magic of copy and paste
have altered it to use the Big Evil SURBL.
This list is much larger than the Spamcop SURBL so your performance may suffer.
Attached renamed exclusion file and the cmd file.
You'll need to rename the besurbl_filter.txt back to besurbl_filter.cmd.
You'll also need the wget.exe and the todos.exe from Roger's original SURBL. See:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg17870.html
127.0.0.
surbl.org
@echo off
setlocal
rem - besurbl_filter.cmd version 1.2 -
rem - original work by [EMAIL PROTECTED] (April 18, 2004) -
rem
rem This script downloads the rbldns zone file of the Spam URI Realtime Blocklist,
rem converts it to a body filter, and updates the existing filter file. It also
rem creates a log file (besurbl_log.txt). The filter is named besurbl.txt and requires
rem Declude JunkMail Pro 1.78b or later. Domains and ip addresses in the file
rem besurbl_exclude.txt will be excluded from the filter (by partial match). The script
rem uses wget.exe for the download and todos.exe to convert the Unix line breaks.
rem It should be scheduled to run at least once a day.
rem
rem These settings must be done (SETTINGS section below) before the script is used:
rem v_path: path to this folder
rem v_limit: update limit (max number of entries; blank or 0 if size should be
unlimited)
rem v_maxweight: filter max weight (blank or 0 if no max weight should be used)
rem and filter entry weight (defaults to 0 if blank)
rem v_skipweight: filter skip weight (blank or 0 if filter never should be skipped)
rem v_url: download URL for the rbldns zone file
rem v_exclude: test entries in the rbldns zone file (excluded from the filter file)
rem --- SETTINGS ---
rem --- Settings (see explanation above): ---
set v_path=D:\IMail\Declude\BESURBL
set v_limit=1
set v_maxweight=3
set v_skipweight=42
set v_url=http://www.surbl.org/be.surbl.org.rbldns
set v_exclude=test.surbl.org test.be.surbl.org example.com 2.0.0.127
rem --- MAIN SCRIPT ---
rem --- Create timestamp: ---
for /f tokens=* %%a in ('date /t') do set v_time=%%a
for /f tokens=* %%b in ('time /t') do set v_time=%v_time% %%b
rem --- Check settings and change current folder (or exit if path is incorrect): ---
if %v_limit%== set v_limit=0
if %v_maxweight%== set v_maxweight=0
if %v_skipweight%== set v_skipweight=0
if not exist %v_path%\nul (set v_result=path error) (goto :s_end)
cd /d %v_path%
rem --- Download rbldns zone file (or exit if download failed): ---
if exist besurbl.rbldns.tmp del besurbl.rbldns.tmp
if exist wget.exe wget %v_url% -O besurbl.rbldns.tmp
if not exist besurbl.rbldns.tmp (set v_result=download error) (goto :s_end)
rem --- Convert line breaks from LF to CRLF (or exit if conversion failed): ---
if exist todos.exe todos besurbl.rbldns.tmp
for /f tokens=* %%c in ('findstr /r $ besurbl.rbldns.tmp') do set v_result=ok
if not %v_result%==ok (set v_result=conversion error) (goto :s_end)
rem --- Add rbldns entries to file (skip header, test entries, and trailing
spaces/tabs): ---
if exist besurbl.rbldns.entries.tmp del besurbl.rbldns.entries.tmp
for /f tokens=1 delims= %%d in ('findstr /v /b /i /l $ @ : ; ! #
%v_exclude% besurbl.rbldns.tmp') do echo %%d besurbl.rbldns.entries.tmp
rem --- Add filter entries to file (unreversed ip addresses and domains): ---
if exist besurbl.filter.entries.tmp del besurbl.filter.entries.tmp
for /f tokens=1-4 delims=. %%e in ('findstr /i /r
^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\ besurbl.rbldns.entries.tmp') do echo
%%h.%%g.%%f.%%e besurbl.filter.entries.tmp
for /f tokens=1 %%i in ('findstr /i /r ^.*\.[A-Z]*\ besurbl.rbldns.entries.tmp')
do echo %%i besurbl.filter.entries.tmp
rem --- Create filter file header: ---
if exist besurbl.filter.tmp del besurbl.filter.tmp
echo # SURBL filter updated %v_time% besurbl.filter.tmp
echo # Spam URI Realtime Blocklist (%v_url%) besurbl.filter.tmp
if %v_maxweight%%v_skipweight% NEQ 0 echo # This filter will be: besurbl.filter.tmp
if %v_maxweight% NEQ 0 echo # - stopped at first match with the additional weight
%v_maxweight% besurbl.filter.tmp
if %v_skipweight% NEQ 0 echo # - skipped if the weight %v_skipweight% already has been
reached besurbl.filter.tmp
if %v_skipweight% NEQ 0 echo # - skipped if the message has not failed any previous
tests besurbl.filter.tmp
echo. besurbl.filter.tmp
if %v_maxweight% NEQ 0 echo MAXWEIGHT %v_maxweight% besurbl.filter.tmp
if %v_skipweight% NEQ 0 echo SKIPIFWEIGHT %v_skipweight% besurbl.filter.tmp
if %v_skipweight% NEQ 0 echo TESTSFAILED END ISBLANK besurbl.filter.tmp
if %v_maxweight%%v_skipweight% NEQ 0 echo. besurbl.filter.tmp
rem ---
rem ---
Rem --- Add END tests here to bypass the filter if needed
rem ---
rem ---
echo # besurbl.filter.tmp
echo # End Filter Bypasses besurbl.filter.tmp
echo # besurbl.filter.tmp
echo # besurbl.filter.tmp
rem --- sammple REVDNS END
[Declude.JunkMail] Spam Assassin SURBL batch file
I have taken Roger Eriksson's SURBL batch file and using the magic of copy and paste
have altered it to use the Spam Assassin SURBL.
This list is much larger than the Spamcop SURBL so your performance may suffer.
Attached renamed exclusion file and the cmd file.
You'll need to rename the sasurbl_filter.txt back to sasurbl_filter.cmd.
You'll also need the wget.exe and the todos.exe from Roger's original SURBL. See:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg17870.html
@echo off
setlocal
rem - sasurbl_filter.cmd version 1.2 -
rem - original work by [EMAIL PROTECTED] (April 18, 2004) -
rem
rem This script downloads the rbldns zone file of the Spam URI Realtime Blocklist,
rem converts it to a body filter, and updates the existing filter file. It also
rem creates a log file (sasurbl_log.txt). The filter is named sasurbl.txt and requires
rem Declude JunkMail Pro 1.78b or later. Domains and ip addresses in the file
rem sasurbl_exclude.txt will be excluded from the filter (by partial match). The script
rem uses wget.exe for the download and todos.exe to convert the Unix line breaks.
rem It should be scheduled to run at least once a day.
rem
rem These settings must be done (SETTINGS section below) before the script is used:
rem v_path: path to this folder
rem v_limit: update limit (max number of entries; blank or 0 if size should be
unlimited)
rem v_maxweight: filter max weight (blank or 0 if no max weight should be used)
rem and filter entry weight (defaults to 0 if blank)
rem v_skipweight: filter skip weight (blank or 0 if filter never should be skipped)
rem v_url: download URL for the rbldns zone file
rem v_exclude: test entries in the rbldns zone file (excluded from the filter file)
rem --- SETTINGS ---
rem --- Settings (see explanation above): ---
set v_path=D:\IMail\Declude\sasurbl
set v_limit=12000
set v_maxweight=12
set v_skipweight=42
set v_url=http://www.surbl.org/sa.surbl.org.rbldns
set v_exclude=test.surbl.org test.sa.surbl.org example.com 2.0.0.127
rem --- MAIN SCRIPT ---
rem --- Create timestamp: ---
for /f tokens=* %%a in ('date /t') do set v_time=%%a
for /f tokens=* %%b in ('time /t') do set v_time=%v_time% %%b
rem --- Check settings and change current folder (or exit if path is incorrect): ---
if %v_limit%== set v_limit=0
if %v_maxweight%== set v_maxweight=0
if %v_skipweight%== set v_skipweight=0
if not exist %v_path%\nul (set v_result=path error) (goto :s_end)
cd /d %v_path%
rem --- Download rbldns zone file (or exit if download failed): ---
if exist sasurbl.rbldns.tmp del sasurbl.rbldns.tmp
if exist wget.exe wget %v_url% -O sasurbl.rbldns.tmp
if not exist sasurbl.rbldns.tmp (set v_result=download error) (goto :s_end)
rem --- Convert line breaks from LF to CRLF (or exit if conversion failed): ---
if exist todos.exe todos sasurbl.rbldns.tmp
for /f tokens=* %%c in ('findstr /r $ sasurbl.rbldns.tmp') do set v_result=ok
if not %v_result%==ok (set v_result=conversion error) (goto :s_end)
rem --- Add rbldns entries to file (skip header, test entries, and trailing
spaces/tabs): ---
if exist sasurbl.rbldns.entries.tmp del sasurbl.rbldns.entries.tmp
for /f tokens=1 delims= %%d in ('findstr /v /b /i /l $ @ : ; ! #
%v_exclude% sasurbl.rbldns.tmp') do echo %%d sasurbl.rbldns.entries.tmp
rem --- Add filter entries to file (unreversed ip addresses and domains): ---
if exist sasurbl.filter.entries.tmp del sasurbl.filter.entries.tmp
for /f tokens=1-4 delims=. %%e in ('findstr /i /r
^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\ sasurbl.rbldns.entries.tmp') do echo
%%h.%%g.%%f.%%e sasurbl.filter.entries.tmp
for /f tokens=1 %%i in ('findstr /i /r ^.*\.[A-Z]*\ sasurbl.rbldns.entries.tmp')
do echo %%i sasurbl.filter.entries.tmp
rem --- Create filter file header: ---
if exist sasurbl.filter.tmp del sasurbl.filter.tmp
echo # SURBL filter updated %v_time% sasurbl.filter.tmp
echo # Spam URI Realtime Blocklist (%v_url%) sasurbl.filter.tmp
if %v_maxweight%%v_skipweight% NEQ 0 echo # This filter will be: sasurbl.filter.tmp
if %v_maxweight% NEQ 0 echo # - stopped at first match with the additional weight
%v_maxweight% sasurbl.filter.tmp
if %v_skipweight% NEQ 0 echo # - skipped if the weight %v_skipweight% already has been
reached sasurbl.filter.tmp
if %v_skipweight% NEQ 0 echo # - skipped if the message has not failed any previous
tests sasurbl.filter.tmp
echo. sasurbl.filter.tmp
if %v_maxweight% NEQ 0 echo MAXWEIGHT %v_maxweight% sasurbl.filter.tmp
if %v_skipweight% NEQ 0 echo SKIPIFWEIGHT %v_skipweight% sasurbl.filter.tmp
if %v_skipweight% NEQ 0 echo TESTSFAILED END ISBLANK sasurbl.filter.tmp
if %v_maxweight%%v_skipweight% NEQ 0 echo. sasurbl.filter.tmp
rem ---
rem ---
Rem --- Add END tests here to bypass the filter if needed
rem ---
rem ---
echo # sasurbl.filter.tmp
echo # FP Bypasses sasurbl.filter.tmp
echo # sasurbl.filter.tmp
echo # sasurbl.filter.tmp
echo MAILFROM END ENDSWITH @prnewswire.com
RE: [Declude.JunkMail] Spam Assassin SURBL batch file
Good work, but far too large even if processing only 1 message/day. CPU (P4 2,8 GHz) usage goes up to 100% after enabling this tests on our server. After running this test for some minutes I can see that the small SURBL filter seems to be more effective then the large filter files. SURBL has catched 23 spams (4 without a result from the two other tests) BESURBL has catched 5 spams (1 without a result from the two other tests) SASURBL has catched 21 spams (2 without a result from the two other tests) SURBL actually is 17 kb in size. BESURBL actually is 208 kb in size. SASURBL actually is 339 kb in size. Have a nice weekend. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, April 23, 2004 5:47 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam Assassin SURBL batch file I have taken Roger Eriksson's SURBL batch file and using the magic of copy and paste have altered it to use the Spam Assassin SURBL. This list is much larger than the Spamcop SURBL so your performance may suffer. Attached renamed exclusion file and the cmd file. You'll need to rename the sasurbl_filter.txt back to sasurbl_filter.cmd. You'll also need the wget.exe and the todos.exe from Roger's original SURBL. See: http://www.mail-archive.com/[EMAIL PROTECTED]/msg17870.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Assassin SURBL batch file
I was afraid of those size when I ran them. It's too bad there isn't a SKIPIFWEIGHTLESSTHAN command for the filters. Used with a SKIFIFWEIGHT command, it could only be called on those pesky e-mails that fall into that grey area. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/23/04 11:40AM Good work, but far too large even if processing only 1 message/day. CPU (P4 2,8 GHz) usage goes up to 100% after enabling this tests on our server. After running this test for some minutes I can see that the small SURBL filter seems to be more effective then the large filter files. SURBL has catched 23 spams (4 without a result from the two other tests) BESURBL has catched 5 spams (1 without a result from the two other tests) SASURBL has catched 21 spams (2 without a result from the two other tests) SURBL actually is 17 kb in size. BESURBL actually is 208 kb in size. SASURBL actually is 339 kb in size. Have a nice weekend. Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, April 23, 2004 5:47 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spam Assassin SURBL batch file I have taken Roger Eriksson's SURBL batch file and using the magic of copy and paste have altered it to use the Spam Assassin SURBL. This list is much larger than the Spamcop SURBL so your performance may suffer. Attached renamed exclusion file and the cmd file. You'll need to rename the sasurbl_filter.txt back to sasurbl_filter.cmd. You'll also need the wget.exe and the todos.exe from Roger's original SURBL. See: http://www.mail-archive.com/[EMAIL PROTECTED]/msg17870.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Assassin SURBL batch file
It's too bad there isn't a SKIPIFWEIGHTLESSTHAN command for the filters. Used with a SKIFIFWEIGHT command, it could only be called on those pesky e-mails that fall into that grey area. So, if a spam message has only 5 points, you do not want that test to run which may then cause it to have a higher weight and be caught? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Change to other server and declude not working anymore
Hello, I has update my imailserver to 8.10 and windows 2003 server. Now when i try to start the imalserver i get this message in the decludelog: 04/23/2004 21:53:58 Installing Declude for the first time, 04/23/2004 21:53:58 Installation Complete! 04/23/2004 21:54:01 Installing Declude for the first time, 04/23/2004 21:54:01 Installation Complete! 04/23/2004 21:54:01 Installing Declude for the first time, 04/23/2004 21:54:01 Installation Complete! 04/23/2004 21:54:02 Installing Declude for the first time, 04/23/2004 21:54:02 Installation Complete! 04/23/2004 21:54:02 Installing Declude for the first time, 04/23/2004 21:54:02 Installation Complete! 04/23/2004 21:54:02 Installing Declude for the first time, 04/23/2004 21:54:02 Installation Complete! 04/23/2004 21:54:03 Installing Declude for the first time, 04/23/2004 21:54:03 Installation Complete! 04/23/2004 21:54:03 Installing Declude for the first time, 04/23/2004 21:54:03 Installation Complete! 04/23/2004 21:54:03 Installing Declude for the first time, 04/23/2004 21:54:03 Installation Complete! I has check and correkt my clobal.cfg file and $default$.junkmail files and they are correct. Only diffrent is that on the old server was it on D:\ drive and now e:\ drive. The dictory name is same. Can somebody help me please, Tommi --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Change to other server and declude not working anymore
I has update my imailserver to 8.10 and windows 2003 server. Now when i try to start the imalserver i get this message in the decludelog: 04/23/2004 21:53:58 Installing Declude for the first time, 04/23/2004 21:53:58 Installation Complete! 04/23/2004 21:54:01 Installing Declude for the first time, 04/23/2004 21:54:01 Installation Complete! I has check and correkt my clobal.cfg file and $default$.junkmail files and they are correct. Only diffrent is that on the old server was it on D:\ drive and now e:\ drive. The dictory name is same. We've had 2 other people encounter this. One fixed it by reinstalling IMail. However, before trying such a drastic measure, I would recommend going to the Advanced tab in the SMTP settings in IMail Administrator, and change the Delivery Application option to point to smtp32.exe instead of Declude.exe, and then stop/restart the IMail SMTP service. Then, you can run the \IMail\Declude.exe file once and stop/restart the SMTP service again, which should re-install Declude correctly. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] WHITELISTFILE for per-domain
Hello, Just a quick question about this option. In the domain that has a separate configuration file, I would edit the $default$.junkmail file and add the following line, correct? WHITELISTFILE c:\imail\declude\domain.com\whitelist.txt And then put in the e-mail addresses or domains I wish to have whitelisted for that domain in the whitelist.txt file. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam Assassin SURBL batch file
If I have a hold weight of 20, and the Spam Assassin SURBL test would create at most 10 points, an e-mail that went in with 5 points would end up with at most 15, which is still below my minimum action weight. It certainly only applies to the last filters to be run. Which would be in my case Body-URL filters, which are the most painful on the CPU. Here's my logic based on the 7368 e-mail's yesterday: 1562 scored less than 10 weight. Running these through my Body-URL filters would have no impact as the +10 points would not get them up to a tag weight of 20. But running these 1562 through numerous body contains filters does cause lots of CPU spikes that will most likely to find nothing. 549 scored between 10 and 42 weight. These are the most likely candidates as the potential SPAM. I definitely want to run these through the Body-URL filters. This is a more manageable number to put a high CPU test on. 5257 scored over 42 weight which should have triggered the skipifweight bypass in the Body-URL filters. It's all about saving CPU time. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 04/23/04 01:39PM It's too bad there isn't a SKIPIFWEIGHTLESSTHAN command for the filters. Used with a SKIFIFWEIGHT command, it could only be called on those pesky e-mails that fall into that grey area. So, if a spam message has only 5 points, you do not want that test to run which may then cause it to have a higher weight and be caught? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELISTFILE for per-domain
Just a quick question about this option. In the domain that has a separate configuration file, I would edit the $default$.junkmail file and add the following line, correct? WHITELISTFILE c:\imail\declude\domain.com\whitelist.txt And then put in the e-mail addresses or domains I wish to have whitelisted for that domain in the whitelist.txt file. Correct. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WHITELISTFILE for per-domain
Thanks.. That works.. One quick question.. If that entry is in for the per-domain $default$.junkmail file, I assume it will not use the main $default$.junkmail file within the main declude sub-folder for whitelists, correct? Or do they work in tandum. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, April 23, 2004 3:30 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] WHITELISTFILE for per-domain Just a quick question about this option. In the domain that has a separate configuration file, I would edit the $default$.junkmail file and add the following line, correct? WHITELISTFILE c:\imail\declude\domain.com\whitelist.txt And then put in the e-mail addresses or domains I wish to have whitelisted for that domain in the whitelist.txt file. Correct. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WHITELISTFILE for per-domain
One quick question.. If that entry is in for the per-domain $default$.junkmail file, I assume it will not use the main $default$.junkmail file within the main declude sub-folder for whitelists, correct? Correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] WHITELISTFILE Question
if you have an entry in myWhiteList.txt .domain.com shouldn't it cover? @domain.com currently you need 2 entry's to cover (domain.com) .domain.com @domain.com I think that just 1 should do it. .domain.com Thanks Chuck - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 12:29 PM Subject: Re: [Declude.JunkMail] WHITELISTFILE for per-domain Just a quick question about this option. In the domain that has a separate configuration file, I would edit the $default$.junkmail file and add the following line, correct? WHITELISTFILE c:\imail\declude\domain.com\whitelist.txt And then put in the e-mail addresses or domains I wish to have whitelisted for that domain in the whitelist.txt file. Correct. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELISTFILE Question
if you have an entry in myWhiteList.txt .domain.com shouldn't it cover? @domain.com No. [EMAIL PROTECTED] doesn't contain .example.com. currently you need 2 entry's to cover (domain.com) .domain.com @domain.com I think that just 1 should do it. .domain.com But what about the people that want to whitelist E-mail from subdomains at example.com (@*.example.com), but not @example.com? There may be some people who want to do that, and they would be confused if .example.com whitelisted [EMAIL PROTECTED]. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELISTFILE Question
Scott I'm not tring to whitelist [EMAIL PROTECTED] only all mail from example.com including subdomains. would somthing like (below)work for all of the example.com? @*.example.com or @*example.com Chuck - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 23, 2004 4:07 PM Subject: Re: [Declude.JunkMail] WHITELISTFILE Question if you have an entry in myWhiteList.txt .domain.com shouldn't it cover? @domain.com No. [EMAIL PROTECTED] doesn't contain .example.com. currently you need 2 entry's to cover (domain.com) .domain.com @domain.com I think that just 1 should do it. .domain.com But what about the people that want to whitelist E-mail from subdomains at example.com (@*.example.com), but not @example.com? There may be some people who want to do that, and they would be confused if .example.com whitelisted [EMAIL PROTECTED]. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CMDSPACE Test
According to a note I found in the archives, CMDSPACE needs Imail v8, with SMTP-Authentication, and AUTOWHITELIST ON in global.cfg to work correctly. Otherwise, you get false positives from Outlook clients. Not quite correct. AUTOWHITELIST is not needed in conjunction with CMDSPACE. However, WHITELIST AUTH is. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELISTFILE Question
I'm not tring to whitelist [EMAIL PROTECTED] only all mail from example.com including subdomains. I do realize that -- but the only way to do that with one phrase would be example.com, which would also whitelist [EMAIL PROTECTED]. So you need both @example.com and .example.com in this case. would somthing like (below)work for all of the example.com? @*.example.com or @*example.com No, Declude does not use wildcards. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] WHITELISTFILE Question
Scott I do realize that -- but the only way to do that with one phrase would be example.com, which would also whitelist [EMAIL PROTECTED]. Does example.com work? I tried it with no luck, I'll try again. Also what effect would this have? #example.com would it just get passed by as a comment? Chuck --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
