Re: [Declude.JunkMail] ROUTING and COUNTRIES
Yes. - Original Message - From: "Nick Hayer" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 7:32 PM Subject: Re: [Declude.JunkMail] ROUTING and COUNTRIES Scott - Scott Fisher wrote: Yes COUNTRIES 0 CONTAINS *A is correct. The Asterick is a literal. So COUNTRY 0 CONTAINS *A would work as well? Thanks! -Nick codes I know of: *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Gary Steiner" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 2:06 PM Subject: re: [Declude.JunkMail] ROUTING and COUNTRIES I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like "Checking countries: *A ." Is it actually looking for an asterisk followed by an A? Here are some "non-countries" and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message From: Nick Hayer <[EMAIL PROTECTED]> Sent: Friday, September 16, 2005 12:36 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ROUTING and COUNTRIES Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES->[IANA Reserved]->UNITED STATES->destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ROUTING and COUNTRIES
Scott - Scott Fisher wrote: Yes COUNTRIES 0 CONTAINS *A is correct. The Asterick is a literal. So COUNTRY 0 CONTAINS *A would work as well? Thanks! -Nick codes I know of: *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Gary Steiner" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 2:06 PM Subject: re: [Declude.JunkMail] ROUTING and COUNTRIES I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like "Checking countries: *A ." Is it actually looking for an asterisk followed by an A? Here are some "non-countries" and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message From: Nick Hayer <[EMAIL PROTECTED]> Sent: Friday, September 16, 2005 12:36 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ROUTING and COUNTRIES Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES->[IANA Reserved]->UNITED STATES->destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beta 3.0.4
More information: The problem appears to be caused/centered/triggered/co-incidental to 4 spam messages. Also, a large Dr Watson log file and dmp were created when this happened. After isolating these messages, stopping the Imail SMTP, QueueManager services, disabling and stopping the decludeproc service, clearing both the proc and proc\work directories of everything, then reenabling the decludeproc service and restarting the SMTP and QueueManger services, the server is running as expected. I also trimmed my THREADS to 5. I will be sending the suspected message files, logs and dr Watson to Declude for review. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) > Sent: Friday, September 16, 2005 4:44 PM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] Beta 3.0.4 > > I am confirming this is occurring in 3.0.4.1 as well. 3.0.4.1 was sent to me > to hopefully fix this. In my case, I am getting error lines in the Virus > log, left over .vir directories, misplaced log lines, (JM line in the virus > log and hijack log) and events in the windows event log. > > John T > eServices For You > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Kim Premuda > > Sent: Friday, September 16, 2005 4:01 PM > > To: Declude JunkMail Forum > > Subject: [Declude.JunkMail] Beta 3.0.4 > > > > IMail 8.05 HF3 > > > > After installing JunkMail beta 3.0.4 (for IMail) this morning, everything > seemed to be > > working. That is, I could see the THREAD requisite number of d*.smd and > q*.smd file > > pairs being moved to the 'proc\work' folder, whereupon they would get > processed and > > disappear. I visually monitored this for several minutes, then decided to > go about > > business. > > > > When I returned to check, I discovered that the 'decludeproc.exe' service > had > > stopped. When I restarted the service, I could see file pairs being > processed until the > > service again stopped. I repeated this procedure 10-15 times. Determined > to keep the > > service running, I set the service's recovery mode to 'Restart the > service' on all > > failures; this made no difference. > > > > There are no service stop items logged in the Event Viewer for > 'decludeproc.exe', only > > start items. Also, I was running JunkMail in DEBUG mode, but things look > normal (I'm > > not certain what to look for specifically). > > > > Observation: The THREADS value was initially set to 25 and this seemed to > keep the > > service running for about 45 seconds or so. As I incrementally lowered the > THREADS > > value, the 'decludeproc.exe' service would stop sooner, around 5-10 > seconds with a > > THREADS value of 10. > > > > I ended up reverting to 3.0.3 to get things moving again. > > > > Kim > > > > > > -- > > Kim W. Premuda > > FastWave Internet Services > > San Diego, CA > > > > -- > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beta 3.0.4
I am confirming this is occurring in 3.0.4.1 as well. 3.0.4.1 was sent to me to hopefully fix this. In my case, I am getting error lines in the Virus log, left over .vir directories, misplaced log lines, (JM line in the virus log and hijack log) and events in the windows event log. John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Kim Premuda > Sent: Friday, September 16, 2005 4:01 PM > To: Declude JunkMail Forum > Subject: [Declude.JunkMail] Beta 3.0.4 > > IMail 8.05 HF3 > > After installing JunkMail beta 3.0.4 (for IMail) this morning, everything seemed to be > working. That is, I could see the THREAD requisite number of d*.smd and q*.smd file > pairs being moved to the 'proc\work' folder, whereupon they would get processed and > disappear. I visually monitored this for several minutes, then decided to go about > business. > > When I returned to check, I discovered that the 'decludeproc.exe' service had > stopped. When I restarted the service, I could see file pairs being processed until the > service again stopped. I repeated this procedure 10-15 times. Determined to keep the > service running, I set the service's recovery mode to 'Restart the service' on all > failures; this made no difference. > > There are no service stop items logged in the Event Viewer for 'decludeproc.exe', only > start items. Also, I was running JunkMail in DEBUG mode, but things look normal (I'm > not certain what to look for specifically). > > Observation: The THREADS value was initially set to 25 and this seemed to keep the > service running for about 45 seconds or so. As I incrementally lowered the THREADS > value, the 'decludeproc.exe' service would stop sooner, around 5-10 seconds with a > THREADS value of 10. > > I ended up reverting to 3.0.3 to get things moving again. > > Kim > > > -- > Kim W. Premuda > FastWave Internet Services > San Diego, CA > > -- > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Beta 3.0.4
IMail 8.05 HF3 After installing JunkMail beta 3.0.4 (for IMail) this morning, everything seemed to be working. That is, I could see the THREAD requisite number of d*.smd and q*.smd file pairs being moved to the 'proc\work' folder, whereupon they would get processed and disappear. I visually monitored this for several minutes, then decided to go about business. When I returned to check, I discovered that the 'decludeproc.exe' service had stopped. When I restarted the service, I could see file pairs being processed until the service again stopped. I repeated this procedure 10-15 times. Determined to keep the service running, I set the service's recovery mode to 'Restart the service' on all failures; this made no difference. There are no service stop items logged in the Event Viewer for 'decludeproc.exe', only start items. Also, I was running JunkMail in DEBUG mode, but things look normal (I'm not certain what to look for specifically). Observation: The THREADS value was initially set to 25 and this seemed to keep the service running for about 45 seconds or so. As I incrementally lowered the THREADS value, the 'decludeproc.exe' service would stop sooner, around 5-10 seconds with a THREADS value of 10. I ended up reverting to 3.0.3 to get things moving again. Kim -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help in creating a Filter
I don't have the order... But I believe filters are done last after External comments. If David's monitoring the list, I think a list of what order the tests run in would be a great addition to the Junkmail manual. - Original Message - From: "Erik" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 3:44 PM Subject: RE: [Declude.JunkMail] Help in creating a Filter We've been monitoring the MN-COMBO test (multiple tests failed) for the past 2 months. Most are failing INV-URIBL and SNIFFER; but some only failing one of them (either SNIFFER or INV-URIBL) but will fail DSBL/CBL/ROUTING/MXRATE. We've noticed that all the emails that we've monitored with the MN-COMBO that are spam; have multiple country hops. This is what we want to catch. Deleting based just on MN-COMBO will delete some false positives. But detecting our MN-COMBO test and then filtering the country hops will eliminate the false positives as they all originate outside of USA and/or start in USA then bounce to another country, then back to USA. Does anyone know (Darrell); if the %COUNTRYCHAIN% can be passed to an external program? I've thought of developing an EXE that does this final scan after MN-COMBO is tested. TIA, Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, September 16, 2005 2:31 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Help in creating a Filter Just to second this - I have seen a large amount of customers also farm out filtering to companies like big fish which scan the mail in oversea's countries. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Scott Fisher writes: I think this would do it in two filters: filter 1: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO COUNTRIES 100 NOTCONTAINS US filter 2: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO TESTSFAILED END CONTAINS filter1 COUNTRIES END STARTSWITH US COUNTRIES 100 CONTAINS US I'd be careful. Lots of US subsidaries are owned by a foreign company and have their mail server overseas. Also watch out for these special country codes: (which can belong to valid servers): # # Special Codes # *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Erik" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 12:45 PM Subject: [Declude.JunkMail] Help in creating a Filter Could someone help me in creating a filter? I need something to this effect. Can this be done in one filter? If WEIGHT = 100 or Higher then END If TESTFAILED CONTAINS "MN-COMBO" Then If CountryChain NOTCONTAINS "UNITED STATES" Then Then DELETE (triggers the filter - return 100 as weight) End If If CountryChain CONTAINS "UNITED STATES->destination" Then 'Email is probably good (return zero) Else DELETE (triggers the filter - return 100 as weight) End If End If Thanks! Erik --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help in creating a Filter
Does anyone know (Darrell); if the %COUNTRYCHAIN% can be passed to an external program? I've thought of developing an EXE that does this final scan after MN-COMBO is tested. It should be - at this point any variable I have messed with has been passable to an external test. Darrell --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help in creating a Filter
We've been monitoring the MN-COMBO test (multiple tests failed) for the past 2 months. Most are failing INV-URIBL and SNIFFER; but some only failing one of them (either SNIFFER or INV-URIBL) but will fail DSBL/CBL/ROUTING/MXRATE. We've noticed that all the emails that we've monitored with the MN-COMBO that are spam; have multiple country hops. This is what we want to catch. Deleting based just on MN-COMBO will delete some false positives. But detecting our MN-COMBO test and then filtering the country hops will eliminate the false positives as they all originate outside of USA and/or start in USA then bounce to another country, then back to USA. Does anyone know (Darrell); if the %COUNTRYCHAIN% can be passed to an external program? I've thought of developing an EXE that does this final scan after MN-COMBO is tested. TIA, Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, September 16, 2005 2:31 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Help in creating a Filter Just to second this - I have seen a large amount of customers also farm out filtering to companies like big fish which scan the mail in oversea's countries. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Scott Fisher writes: > I think this would do it in two filters: > filter 1: > SKIPIFWEIGHT 100 > TESTSFAILED END NOTCONTAINS MN-COMBO > COUNTRIES 100 NOTCONTAINS US > > filter 2: > SKIPIFWEIGHT 100 > TESTSFAILED END NOTCONTAINS MN-COMBO > TESTSFAILED END CONTAINS filter1 > COUNTRIES END STARTSWITH US > COUNTRIES 100 CONTAINS US > > I'd be careful. Lots of US subsidaries are owned by a foreign company > and > have their mail server overseas. > Also watch out for these special country codes: (which can belong to valid > servers): > # > # Special Codes > # > *1 Multi-Regional > *2 Europe > *3 North America > *4 Central/South America > *5 Pacific Rim > *A ARIN Unlisted (North America/South Africa) > *B Public Data Network > *E RIPE Unlisted (Europe, North Africa, Middle East) > *I Private IP > *L Loopback > *M Multicast > *P APNIC Unlisted (Asia Pacific) > *R IANA Reserved > *U Unknown > > > - Original Message - From: "Erik" <[EMAIL PROTECTED]> > To: > Sent: Friday, September 16, 2005 12:45 PM > Subject: [Declude.JunkMail] Help in creating a Filter > > >> Could someone help me in creating a filter? >> >> I need something to this effect. Can this be done in one filter? >> >> >> >> If WEIGHT = 100 or Higher then END >> >> If TESTFAILED CONTAINS "MN-COMBO" Then >> If CountryChain NOTCONTAINS "UNITED STATES" Then >> Then DELETE (triggers the filter - return 100 as weight) >> End If >> >> If CountryChain CONTAINS "UNITED STATES->destination" Then >> 'Email is probably good (return zero) >> Else >> DELETE (triggers the filter - return 100 as weight) >> End If >> >> End If >> >> Thanks! >> Erik >> >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type >> "unsubscribe Declude.JunkMail". The archives can be found at >> http://www.mail-archive.com. >> >> > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help in creating a Filter
Just to second this - I have seen a large amount of customers also farm out filtering to companies like big fish which scan the mail in oversea's countries. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Scott Fisher writes: I think this would do it in two filters: filter 1: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO COUNTRIES 100 NOTCONTAINS US filter 2: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO TESTSFAILED END CONTAINS filter1 COUNTRIES END STARTSWITH US COUNTRIES 100 CONTAINS US I'd be careful. Lots of US subsidaries are owned by a foreign company and have their mail server overseas. Also watch out for these special country codes: (which can belong to valid servers): # # Special Codes # *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Erik" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 12:45 PM Subject: [Declude.JunkMail] Help in creating a Filter Could someone help me in creating a filter? I need something to this effect. Can this be done in one filter? If WEIGHT = 100 or Higher then END If TESTFAILED CONTAINS "MN-COMBO" Then If CountryChain NOTCONTAINS "UNITED STATES" Then Then DELETE (triggers the filter - return 100 as weight) End If If CountryChain CONTAINS "UNITED STATES->destination" Then 'Email is probably good (return zero) Else DELETE (triggers the filter - return 100 as weight) End If End If Thanks! Erik --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ROUTING and COUNTRIES
Yes COUNTRIES 0 CONTAINS *A is correct. The Asterick is a literal. codes I know of: *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Gary Steiner" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 2:06 PM Subject: re: [Declude.JunkMail] ROUTING and COUNTRIES I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like "Checking countries: *A ." Is it actually looking for an asterisk followed by an A? Here are some "non-countries" and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message From: Nick Hayer <[EMAIL PROTECTED]> Sent: Friday, September 16, 2005 12:36 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ROUTING and COUNTRIES Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES->[IANA Reserved]->UNITED STATES->destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help in creating a Filter
I don't believe so. I think you have COUNTRY and COUNTRIES. COUNTRY is the last counry in the country chain. - Original Message - From: "Erik" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 2:07 PM Subject: RE: [Declude.JunkMail] Help in creating a Filter Can the %COUNTRYCHAIN% variable be used instead of %COUNTRIES%? Right about be careful... But the MN-COMBO is a mix of 3 to 5 TESTSFAILED combos already. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, September 16, 2005 12:57 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Help in creating a Filter I think this would do it in two filters: filter 1: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO COUNTRIES 100 NOTCONTAINS US filter 2: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO TESTSFAILED END CONTAINS filter1 COUNTRIES END STARTSWITH US COUNTRIES 100 CONTAINS US I'd be careful. Lots of US subsidaries are owned by a foreign company and have their mail server overseas. Also watch out for these special country codes: (which can belong to valid servers): # # Special Codes # *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Erik" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 12:45 PM Subject: [Declude.JunkMail] Help in creating a Filter Could someone help me in creating a filter? I need something to this effect. Can this be done in one filter? If WEIGHT = 100 or Higher then END If TESTFAILED CONTAINS "MN-COMBO" Then If CountryChain NOTCONTAINS "UNITED STATES" Then Then DELETE (triggers the filter - return 100 as weight) End If If CountryChain CONTAINS "UNITED STATES->destination" Then 'Email is probably good (return zero) Else DELETE (triggers the filter - return 100 as weight) End If End If Thanks! Erik --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 3.0.4
Ya know, I thought about asking about that, but said nah, no one could do some thing dumb like I did. ;) John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Kim Premuda > Sent: Friday, September 16, 2005 11:36 AM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] 3.0.4 > > Gawck! At first, I thought "No way did I do that!", but I hadn't closed the browser > session to the Declude beta site. Upon checking, I was astounded to find that I did, > indeed, download the SmarterMail version of 'decludeproc.exe' (it was still > highlighted)...3 TIMES OVER THE PAST TWO DAYS and didn't even notice! > > After downloading and installing the IMail version of 'decludeproc.exe' version 3.0.4, > things look to be running normally. > > My apologies to the list (and Declude) for the 'false' reports, and thanks to the Ncl > admin for pointing this out. > > Kim > > > -- Original Message -- > From: Ncl Admin <[EMAIL PROTECTED]> > > >If files are not moving from proc to work make sure you downloaded the > >right version, I grabbed smartermail version this AM and it does exactly > >nada under Imail. Duh. Got the Imail version and of course its running now. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help in creating a Filter
Can the %COUNTRYCHAIN% variable be used instead of %COUNTRIES%? Right about be careful... But the MN-COMBO is a mix of 3 to 5 TESTSFAILED combos already. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, September 16, 2005 12:57 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Help in creating a Filter I think this would do it in two filters: filter 1: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO COUNTRIES 100 NOTCONTAINS US filter 2: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO TESTSFAILED END CONTAINS filter1 COUNTRIES END STARTSWITH US COUNTRIES 100 CONTAINS US I'd be careful. Lots of US subsidaries are owned by a foreign company and have their mail server overseas. Also watch out for these special country codes: (which can belong to valid servers): # # Special Codes # *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Erik" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 12:45 PM Subject: [Declude.JunkMail] Help in creating a Filter > Could someone help me in creating a filter? > > I need something to this effect. Can this be done in one filter? > > > > If WEIGHT = 100 or Higher then END > > If TESTFAILED CONTAINS "MN-COMBO" Then > If CountryChain NOTCONTAINS "UNITED STATES" Then > Then DELETE (triggers the filter - return 100 as weight) > End If > > If CountryChain CONTAINS "UNITED STATES->destination" Then > 'Email is probably good (return zero) > Else > DELETE (triggers the filter - return 100 as weight) > End If > > End If > > Thanks! > Erik > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] ROUTING and COUNTRIES
I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like "Checking countries: *A ." Is it actually looking for an asterisk followed by an A? Here are some "non-countries" and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message > From: Nick Hayer <[EMAIL PROTECTED]> > Sent: Friday, September 16, 2005 12:36 PM > To: Declude.JunkMail@declude.com > Subject: [Declude.JunkMail] ROUTING and COUNTRIES > > Help from the guru's please... > > Wouldn't [shouldn't] this email fail the ROUTING test? > > X-Country-Chain: UNITED STATES->[IANA Reserved]->UNITED STATES->destination > X-Note: SMTP Sender: [EMAIL PROTECTED] > X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: > lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] > X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], > EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA > [5], FILTER.COMBO.DYNHELO.CIP [3] > > Also - is there a way to determine that this email came from/through a > foreign [to the US] source? > This email did not trigger on a foreign filter file that contains: > COUNTRIES0CONTAINSIANA Reserved > > Same file has these than never trigger it seems either > COUNTRIES0CONTAINSARIN Unlisted > COUNTRIES0CONTAINSRIPE Unlisted > > Thanks! > > -Nick > --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 3.0.4
Declude How about adding in a check into decludeproc when it starts to verify that the proper mail server is installed Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Kim Premuda > Sent: Friday, September 16, 2005 11:36 AM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] 3.0.4 > > > Gawck! At first, I thought "No way did I do that!", but I hadn't > closed the browser session to the Declude beta site. Upon > checking, I was astounded to find that I did, indeed, download > the SmarterMail version of 'decludeproc.exe' (it was still > highlighted)...3 TIMES OVER THE PAST TWO DAYS and didn't even notice! > > After downloading and installing the IMail version of > 'decludeproc.exe' version 3.0.4, things look to be running normally. > > My apologies to the list (and Declude) for the 'false' reports, > and thanks to the Ncl admin for pointing this out. > > Kim > > > -- Original Message -- > From: Ncl Admin <[EMAIL PROTECTED]> > > >If files are not moving from proc to work make sure you downloaded the > >right version, I grabbed smartermail version this AM and it does exactly > >nada under Imail. Duh. Got the Imail version and of course its > running now. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help in creating a Filter
I think this would do it in two filters: filter 1: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO COUNTRIES 100 NOTCONTAINS US filter 2: SKIPIFWEIGHT 100 TESTSFAILED END NOTCONTAINS MN-COMBO TESTSFAILED END CONTAINS filter1 COUNTRIES END STARTSWITH US COUNTRIES 100 CONTAINS US I'd be careful. Lots of US subsidaries are owned by a foreign company and have their mail server overseas. Also watch out for these special country codes: (which can belong to valid servers): # # Special Codes # *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: "Erik" <[EMAIL PROTECTED]> To: Sent: Friday, September 16, 2005 12:45 PM Subject: [Declude.JunkMail] Help in creating a Filter Could someone help me in creating a filter? I need something to this effect. Can this be done in one filter? If WEIGHT = 100 or Higher then END If TESTFAILED CONTAINS "MN-COMBO" Then If CountryChain NOTCONTAINS "UNITED STATES" Then Then DELETE (triggers the filter - return 100 as weight) End If If CountryChain CONTAINS "UNITED STATES->destination" Then 'Email is probably good (return zero) Else DELETE (triggers the filter - return 100 as weight) End If End If Thanks! Erik --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 3.0.4
Gawck! At first, I thought "No way did I do that!", but I hadn't closed the browser session to the Declude beta site. Upon checking, I was astounded to find that I did, indeed, download the SmarterMail version of 'decludeproc.exe' (it was still highlighted)...3 TIMES OVER THE PAST TWO DAYS and didn't even notice! After downloading and installing the IMail version of 'decludeproc.exe' version 3.0.4, things look to be running normally. My apologies to the list (and Declude) for the 'false' reports, and thanks to the Ncl admin for pointing this out. Kim -- Original Message -- From: Ncl Admin <[EMAIL PROTECTED]> >If files are not moving from proc to work make sure you downloaded the >right version, I grabbed smartermail version this AM and it does exactly >nada under Imail. Duh. Got the Imail version and of course its running now. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Interesting Header from a bulk mailer
The funniest one I've seen is: X-Mailer: Minister Punisher 4 Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Friday, September 16, 2005 10:38 AMTo: IMail_Forum@list.ipswitch.com; Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Interesting Header from a bulk mailer Saw this header today and thought it was mighty interesting. X-Mailer: Spamsoft Spammer Bulk Mailer That's pretty brazen to advertise that you're a spammer in the headers... Darin.
[Declude.JunkMail] Help in creating a Filter
Could someone help me in creating a filter? I need something to this effect. Can this be done in one filter? If WEIGHT = 100 or Higher then END If TESTFAILED CONTAINS "MN-COMBO" Then If CountryChain NOTCONTAINS "UNITED STATES" Then Then DELETE (triggers the filter - return 100 as weight) End If If CountryChain CONTAINS "UNITED STATES->destination" Then 'Email is probably good (return zero) Else DELETE (triggers the filter - return 100 as weight) End If End If Thanks! Erik --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Interesting Header from a bulk mailer
Saw this header today and thought it was mighty interesting. X-Mailer: Spamsoft Spammer Bulk Mailer That's pretty brazen to advertise that you're a spammer in the headers... Darin.
[Declude.JunkMail] 3.0.4
If files are not moving from proc to work make sure you downloaded the right version, I grabbed smartermail version this AM and it does exactly nada under Imail. Duh. Got the Imail version and of course its running now. [This E-mail scanned for viruses by F-Prot] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc' Folder
John, I performed the suggestions you gave and got the same results. We shall be giving David at Declude access to our mail server, so they can see what's happening first hand. I'll keep the list posted. Kim -- Original Message -- From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]> >Download the DecludeProc.exe again from the site. Maybe something went wrong >there. > >The version of Imail should make no difference in the processing as it is >definitely being handed to declude.exe. > >Do you have a Declude.cfg file in the Imail\Declude folder? Try putting >"WAITFORMAIL 1" >in there. > >Again, try putting the log into DEBUG mode during the test. > >Maybe the server needs a kick? ;) > >John T >eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ROUTING and COUNTRIES
Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES->[IANA Reserved]->UNITED STATES->destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc' Folder
Download the DecludeProc.exe again from the site. Maybe something went wrong there. The version of Imail should make no difference in the processing as it is definitely being handed to declude.exe. Do you have a Declude.cfg file in the Imail\Declude folder? Try putting "WAITFORMAIL1" in there. Again, try putting the log into DEBUG mode during the test. Maybe the server needs a kick? ;) John T eServices For You > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Kim Premuda > Sent: Friday, September 16, 2005 8:30 AM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc' Folder > > Hi, John. > > Yeah...did all that, except running the JunkMail log in 'HIGH' mode. So, I re-ran the > test this morning with the log mode set to 'HIGH'. I ran the test between 7:10A and > 7:20A. > > At the start of the test, both the 'proc' and the 'proc\work' folders were empty. As the > test progressed, the 'proc' folder began to fill with 'd*.smd' and 'q*.smd' files. The > 'proc\work' folder remained empty during the entire 10 minute test. I could also see > the 'decludeproc.exe' service running in Task Manager, but it was running with a > minimum of CPU usage. > > At the end of the test, reverted back to 3.0.3, and all the backlog in the 'proc' folder > was immediately processed. That is, I could see the files in the 'proc' folder being > moved to the 'proc\work' folder, whereupon they would subsequently disappear > (presumably deleted, held, or moved to the 'spool' folder). > > Upon examining the JunkMail log file, note that there is a gap of information during > the test time period: > >09/16/2005 07:07:20.515 qd16d0f3f0048a1ec From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] IP: 72.26.215.59 ID: >09/16/2005 07:07:20.515 qd16d0f3f0048a1ec Action(s) taken for > [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=WHITELISTED] >09/16/2005 07:07:20.515 qd16d0f3f0048a1ec Cumulative action(s) taken on this > email = IGNORE [LAST ACTION=IGNORE] >09/16/2005 07:22:55.015 qd31201ec029c0f5f Tests failed [weight=39]: > NOPOSTMASTER=WARN[1] SNIFFER=WARN[20] CMDSPACE=WARN[8] > IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] ROUTING=WARN[2] > WEIGHT10=HOLD[10] WEIGHT17=DELETE[17] WEIGHT20=DELETE[20] > CATCHALLMAILS=IGNORE[0] TLD-TRUSTED-MAILFROM=WARN[0] DRUGS- > MEDICATIONS=WARN[8] >09/16/2005 07:22:55.500 qd31201ec029c0f5f Action(s) taken for > [EMAIL PROTECTED] = IGNORE WARN HOLD DELETE [LAST ACTION=DELETE] >09/16/2005 07:22:56.078 qd31201ec029c0f5f Cumulative action(s) taken on this > email = IGNORE WARN HOLD DELETE [LAST ACTION=DELETE] >09/16/2005 07:22:53.218 qd2de00f6024c43a2 Tests failed [weight=24]: > SNIFFER=WARN[20] IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] > REVDNS=WARN[4] WEIGHT10=HOLD[10] WEIGHT17=DELETE[17] > WEIGHT20=DELETE[20] CATCHALLMAILS=IGNORE[0] TLD-TRUSTED-HELO=WARN[0] > TLD-TRUSTED-MAILFROM=WARN[0] TLD-TRUSTED-REVDNS=WARN[0] > > Is this another sign that the 'decludeproc.exe' was not doing anything? Also, please > remember, we are using the older IMail 8.05 HF3, and that our results can definitely > be different from yours. > > With regards, > > Kim > > > -- Original Message -- > From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]> > Reply-To: Declude.JunkMail@declude.com > Date: Thu, 15 Sep 2005 23:56:18 -0700 > > >I am sure you did, but let's check. > > > >Did you stop the Imail SMTP service, stop the Imail Queue Manager service, > >wait for both the proc and work folders to be empty, stop the DecludeProc > >service, copy in the new decludeproc.exe file, start the DecludeProc > >service, start the Imail Queue Manager service, start the Imail SMTP server, > >put the Declude JM log into Debug mode for say 15 mintues and then review > >the log to see what happened? > > > >John T > >eServices For You > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc' Folder
Hi, John. Yeah...did all that, except running the JunkMail log in 'HIGH' mode. So, I re-ran the test this morning with the log mode set to 'HIGH'. I ran the test between 7:10A and 7:20A. At the start of the test, both the 'proc' and the 'proc\work' folders were empty. As the test progressed, the 'proc' folder began to fill with 'd*.smd' and 'q*.smd' files. The 'proc\work' folder remained empty during the entire 10 minute test. I could also see the 'decludeproc.exe' service running in Task Manager, but it was running with a minimum of CPU usage. At the end of the test, reverted back to 3.0.3, and all the backlog in the 'proc' folder was immediately processed. That is, I could see the files in the 'proc' folder being moved to the 'proc\work' folder, whereupon they would subsequently disappear (presumably deleted, held, or moved to the 'spool' folder). Upon examining the JunkMail log file, note that there is a gap of information during the test time period: 09/16/2005 07:07:20.515 qd16d0f3f0048a1ec From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 72.26.215.59 ID: 09/16/2005 07:07:20.515 qd16d0f3f0048a1ec Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=WHITELISTED] 09/16/2005 07:07:20.515 qd16d0f3f0048a1ec Cumulative action(s) taken on this email = IGNORE [LAST ACTION=IGNORE] 09/16/2005 07:22:55.015 qd31201ec029c0f5f Tests failed [weight=39]: NOPOSTMASTER=WARN[1] SNIFFER=WARN[20] CMDSPACE=WARN[8] IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] ROUTING=WARN[2] WEIGHT10=HOLD[10] WEIGHT17=DELETE[17] WEIGHT20=DELETE[20] CATCHALLMAILS=IGNORE[0] TLD-TRUSTED-MAILFROM=WARN[0] DRUGS-MEDICATIONS=WARN[8] 09/16/2005 07:22:55.500 qd31201ec029c0f5f Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN HOLD DELETE [LAST ACTION=DELETE] 09/16/2005 07:22:56.078 qd31201ec029c0f5f Cumulative action(s) taken on this email = IGNORE WARN HOLD DELETE [LAST ACTION=DELETE] 09/16/2005 07:22:53.218 qd2de00f6024c43a2 Tests failed [weight=24]: SNIFFER=WARN[20] IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] REVDNS=WARN[4] WEIGHT10=HOLD[10] WEIGHT17=DELETE[17] WEIGHT20=DELETE[20] CATCHALLMAILS=IGNORE[0] TLD-TRUSTED-HELO=WARN[0] TLD-TRUSTED-MAILFROM=WARN[0] TLD-TRUSTED-REVDNS=WARN[0] Is this another sign that the 'decludeproc.exe' was not doing anything? Also, please remember, we are using the older IMail 8.05 HF3, and that our results can definitely be different from yours. With regards, Kim -- Original Message -- From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]> Reply-To: Declude.JunkMail@declude.com Date: Thu, 15 Sep 2005 23:56:18 -0700 >I am sure you did, but let's check. > >Did you stop the Imail SMTP service, stop the Imail Queue Manager service, >wait for both the proc and work folders to be empty, stop the DecludeProc >service, copy in the new decludeproc.exe file, start the DecludeProc >service, start the Imail Queue Manager service, start the Imail SMTP server, >put the Declude JM log into Debug mode for say 15 mintues and then review >the log to see what happened? > >John T >eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc' Folder
And yes, as of midnight my time, I am running 3.0.4 and it is working as
expected so far.
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> Sent: Thursday, September 15, 2005 11:56 PM
> To: Declude.JunkMail@declude.com
> Subject: RE: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc'
Folder
>
> I am sure you did, but let's check.
>
> Did you stop the Imail SMTP service, stop the Imail Queue Manager service,
> wait for both the proc and work folders to be empty, stop the DecludeProc
> service, copy in the new decludeproc.exe file, start the DecludeProc
> service, start the Imail Queue Manager service, start the Imail SMTP
server,
> put the Declude JM log into Debug mode for say 15 mintues and then review
> the log to see what happened?
>
> John T
> eServices For You
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of Kim Premuda
> > Sent: Thursday, September 15, 2005 5:27 PM
> > To: Declude JunkMail Forum
> > Subject: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc'
> Folder
> >
> > IMail 8.05 HF3
> >
> > I installed the JunkMail beta 3.0.4, and had the same results as with
> 3.0.3.8. That is,
> > the 'decludeproc.exe' service was running (as indicated by Task
Manager),
> however,
> > nothing was being processed ('decludeproc.exe' was near the bottom of
the
> Task
> > Manager list when sorted by CPU time, and no external files like Sniffer
> running). Files
> > were being added to the 'proc' directory, but the 'proc\work' directory
> remained
> > empty. Let things run this way for approximately 15 minutes, then
reverted
> back to
> > version 3.0.3. Once 3.0.3 was up and running, the files in the 'proc'
> directory were
> > immediately processed ('decludeproc.exe' at or near the top 5 entries in
> Task
> > Manager, Sniffer executables now showing in Task Manager, backlog of
files
> in 'proc'
> > folder are gone).
> >
> > Kim W. Premuda
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list. To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail". The archives can be found
> > at http://www.mail-archive.com.
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
RE: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc' Folder
I am sure you did, but let's check.
Did you stop the Imail SMTP service, stop the Imail Queue Manager service,
wait for both the proc and work folders to be empty, stop the DecludeProc
service, copy in the new decludeproc.exe file, start the DecludeProc
service, start the Imail Queue Manager service, start the Imail SMTP server,
put the Declude JM log into Debug mode for say 15 mintues and then review
the log to see what happened?
John T
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Kim Premuda
> Sent: Thursday, September 15, 2005 5:27 PM
> To: Declude JunkMail Forum
> Subject: [Declude.JunkMail] Beta 3.0.4 not Processing Files in 'proc'
Folder
>
> IMail 8.05 HF3
>
> I installed the JunkMail beta 3.0.4, and had the same results as with
3.0.3.8. That is,
> the 'decludeproc.exe' service was running (as indicated by Task Manager),
however,
> nothing was being processed ('decludeproc.exe' was near the bottom of the
Task
> Manager list when sorted by CPU time, and no external files like Sniffer
running). Files
> were being added to the 'proc' directory, but the 'proc\work' directory
remained
> empty. Let things run this way for approximately 15 minutes, then reverted
back to
> version 3.0.3. Once 3.0.3 was up and running, the files in the 'proc'
directory were
> immediately processed ('decludeproc.exe' at or near the top 5 entries in
Task
> Manager, Sniffer executables now showing in Task Manager, backlog of files
in 'proc'
> folder are gone).
>
> Kim W. Premuda
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
