RE: [Declude.JunkMail] Latest ALL_LIST.DAT
David thank ou for the link.
Gary,
The all_list.dat file is a database of net-blocks (IP-ranges) that are
assigned to certain countries.
Declude looks at the delivery chain of messages in the mail header and can
construct the country-chain by comparing the IP-Adresses in the mail-header
with the data in the all_list.dat file. It's similar to the geolocation
tecnology used by some websites
(http://en.wikipedia.org/wiki/Geolocation_software)
As ARIN, RIPE Co. continuosly does assign remove and move net-blocks we
have to update the all_list.dat file from time to time.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner
Sent: Tuesday, September 20, 2005 4:08 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Latest ALL_LIST.DAT
So what is the ALL_LIST.DAT? How is it used? I couldn't
find it described in the JunkMail documentation or in the
Knowledge Base. Is this a binary file that we shouldn't be
messing with? How can we correlate it with any country
filter we might be using?
Though while looking through the Knowledge Base, I found this
new entry:
http://support.declude.com/Customer/KBArticle.aspx?articleid=3
5KBSearchID=1023
I found a copy of ALL_LIST.DAT in the Declude directory that
was installed with 2.0.6. It has a date on it of 4/11/2005.
Original Message
From: David Barker [EMAIL PROTECTED]
Sent: Monday, September 19, 2005 5:23 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Latest ALL_LIST.DAT
At this point the latest ALL_LIST.DAT (Monday, April 11, 2005) is
currently located here:
http://www.declude.com/version/release/all_list.dat
There will be a new ALL_LIST.DAT with the release of Declude 3.0
David B
www.declude.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of J Porter
Sent: Monday, September 19, 2005 5:02 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Latest ALL_LIST.DAT
I think the ALL_LIST.DAT file is some sort of compressed
list and not
accessible via an editor... right???
Anyway, I found have a link where I got it some time back.
http://www.declude.com/release/178/all_list.dat
I haven't updated our server with it yet, so I have no idea
how recent
it is. Does anyone know if it's been updated recently?
~Joe
- Original Message -
From: Gary Steiner [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Monday, September 19, 2005 10:58 AM
Subject: Re: [Declude.JunkMail] Latest ALL_LIST.DAT
I guess this would be the best source for current country codes:
http://www.iso.ch/iso/en/prods-services/iso3166ma/02iso-3166-code-list
s/list
-en1.html
ARIN's list lets you break it down by region:
http://www.arin.net/community/countries.html
Original Message
From: Darrell \([EMAIL PROTECTED])
[EMAIL PROTECTED]
Sent: Monday, September 19, 2005 11:50 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Latest ALL_LIST.DAT
Dan,
This would make sense since ARIN just completed another round of
assignment of the BOGON's.
Check out http://www.invariantsystems.com for utilities for
Declude And Imail. IMail/Declude Overflow Queue Monitoring,
SURBL/URI integration, MRTG Integration, and Log Parsers.
Dan Geiser writes:
Hello, All,
I think it's possible that my ALL_LIST.DAT needs to be updated
because I'm starting to receive legit e-mails from
Yahoo IPs that
come up as ARIN Unlisted. My current ALL_LIST.DAT is dated
4/08/2005. Is there a newer copy that we can download
somewhere?
Thanks, Much!
Dan Geiser
[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be
found at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
[Declude.JunkMail] Declude Beta Experience update
After previous failed attempts to install the new beta, we waited awhile this time after the last release of the decludeproc; we tried to re-install this morning and as soon as we did, the decludeproc service jumped to 90%+ consistantly; I tried adjusting the THREADS value in the declude.cfg file, but this did not help Mail processing was very slow; only a few messages went out; most were kept in the proc directory After 15 minutes, we had accumulated over 500 messages so we reverted back to the previous version of declude we were using (2.0.x) and moved all .smd files back to the spool directory and service is back to normal again Sincerely, Support Department Global Web SolutionsR, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net Global Web Solutions is a registered trademark of Global Web Solutions, Inc., Glen Allen, VA --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Beta Experience update
Let me add my specs - sorry, forgot to add on first post Windows 2000, all SP's Dual Xeon processors 2GB ram Imail 8.21 HF2 Declude Virus Std, JM Pro, Hijack Sniffer F-Prot -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of GlobalWeb.net Webmaster Sent: Tuesday, September 20, 2005 10:09 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Declude Beta Experience update After previous failed attempts to install the new beta, we waited awhile this time after the last release of the decludeproc; we tried to re-install this morning and as soon as we did, the decludeproc service jumped to 90%+ consistantly; I tried adjusting the THREADS value in the declude.cfg file, but this did not help Mail processing was very slow; only a few messages went out; most were kept in the proc directory After 15 minutes, we had accumulated over 500 messages so we reverted back to the previous version of declude we were using (2.0.x) and moved all .smd files back to the spool directory and service is back to normal again Sincerely, Support Department Global Web SolutionsR, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net Global Web Solutions is a registered trademark of Global Web Solutions, Inc., Glen Allen, VA --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Beta Experience update
Hate to be the bearer of bad news, but participating in a Beta requires active participation, meaning if you notice a problem, you need to take steps to gather information surrounding that problem. Did you read my posts about the beta, and did you take any steps that I did? The point of a public beta is for wide spread use to find bugs. Well, how can you participate in a beta if you are not going to take steps to gather information and logs about the issue and submit them to Declude so it can help them find the problems, which is exactly what a beta is for. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of GlobalWeb.net Webmaster Sent: Tuesday, September 20, 2005 7:09 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Declude Beta Experience update After previous failed attempts to install the new beta, we waited awhile this time after the last release of the decludeproc; we tried to re-install this morning and as soon as we did, the decludeproc service jumped to 90%+ consistantly; I tried adjusting the THREADS value in the declude.cfg file, but this did not help Mail processing was very slow; only a few messages went out; most were kept in the proc directory After 15 minutes, we had accumulated over 500 messages so we reverted back to the previous version of declude we were using (2.0.x) and moved all .smd files back to the spool directory and service is back to normal again Sincerely, Support Department Global Web SolutionsR, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net Global Web Solutions is a registered trademark of Global Web Solutions, Inc., Glen Allen, VA --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blackholes.us Dead
Blackholes.us no longer resolves and it looks like it is dead. I picked up this msg, among others, from google. http://mail.stalker.com/Lists/CGatePro/Message/79169.html?Language= Okean.com and br.countries.nerd.dk, cn.countries.nerd.dk and kr.countries.nerd.dk have been suggested. Anyone know of any other country BL's? Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blackholes.us Dead
Hi, Our public RBL doesn't provide this, but our MXRate product does allow you to get results based off the IP's country of origin. Check out http://www.mxrate.com for more information. Best Wishes, Chris Kuske Solid Oak Software www.alligate.com www.mxrate.com www.winlocate.com Don Brown wrote: Blackholes.us no longer resolves and it looks like it is dead. I picked up this msg, among others, from google. http://mail.stalker.com/Lists/CGatePro/Message/79169.html?Language= Okean.com and br.countries.nerd.dk, cn.countries.nerd.dk and kr.countries.nerd.dk have been suggested. Anyone know of any other country BL's? Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Beta Experience update
John, 1. I posted to let others know my experience. 2. Declude has been in touch with me regarding this. . Any other questions? Sincerely, Support Department Global Web SolutionsR, Inc. 804-346-5300 x112 877-800-GLOBAL (4562) x112 http://globalweb.net --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blackholes.us Dead
You could accomplish much of the same with Junkmail Pro and COUNTRY or COUNTRIES filter. - Original Message - From: Don Brown [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 20, 2005 11:05 AM Subject: [Declude.JunkMail] Blackholes.us Dead Blackholes.us no longer resolves and it looks like it is dead. I picked up this msg, among others, from google. http://mail.stalker.com/Lists/CGatePro/Message/79169.html?Language= Okean.com and br.countries.nerd.dk, cn.countries.nerd.dk and kr.countries.nerd.dk have been suggested. Anyone know of any other country BL's? Thanks, Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Foreign Language Spam
We have a customer who is getting significant amounts of Spanish spam slipping through, and I was wondering if there was any particular means of filtering this out. -- A. Clausen --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] declude / spamassassin
I can't find documentation with regards to how to use a remove spamassassin server as an external test in declude v 1.81. Any help will be much appreciated. Thanks! Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude / spamassassin
Travis not sure what you are asking with how to use a remove :) 1. To remove the external test just # comment out the test in your global.cfg 2. To use spamassassin I would suggest using this plugin SPAMC32 http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Sullivan Sent: Tuesday, September 20, 2005 1:21 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] declude / spamassassin I can't find documentation with regards to how to use a remove spamassassin server as an external test in declude v 1.81. Any help will be much appreciated. Thanks! Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Sorry, that was a typo, remove = remote :) I am looking into your plugin now, is this plug in the only way? I simply can't just use the IP of my spamassasin server somehow? - Original Message - From: David Barker [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 20, 2005 12:29 PM Subject: RE: [Declude.JunkMail] declude / spamassassin Travis not sure what you are asking with how to use a remove :) 1. To remove the external test just # comment out the test in your global.cfg 2. To use spamassassin I would suggest using this plugin SPAMC32 http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Sullivan Sent: Tuesday, September 20, 2005 1:21 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] declude / spamassassin I can't find documentation with regards to how to use a remove spamassassin server as an external test in declude v 1.81. Any help will be much appreciated. Thanks! Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Hi Travis - Sandy's plugin does the 'somehow' part. Simply have it point to your spamd. Here is the line from my global.cfg that may help - EXTERNAL.SPAMASSASSIN_v3.04externalNONZERO e:\imail\declude\spamd\spamc32.exe -D -d 12.152.254.3 -a 16000 -lt 4 ht 100 -f 60 -Nick Travis Sullivan wrote: Sorry, that was a typo, remove = remote :) I am looking into your plugin now, is this plug in the only way? I simply can't just use the IP of my spamassasin server somehow? - Original Message - From: David Barker [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 20, 2005 12:29 PM Subject: RE: [Declude.JunkMail] declude / spamassassin Travis not sure what you are asking with how to use a remove :) 1. To remove the external test just # comment out the test in your global.cfg 2. To use spamassassin I would suggest using this plugin SPAMC32 http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Sullivan Sent: Tuesday, September 20, 2005 1:21 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] declude / spamassassin I can't find documentation with regards to how to use a remove spamassassin server as an external test in declude v 1.81. Any help will be much appreciated. Thanks! Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
These are the columns in my global.cfg file, can you help me plug this in? SECURITYSAGE rhsbl blackhole.securitysage.com 127.0.0.5 3 0 (minus the word wrap, is this exactly as it needs to be entered?) what are these flags? spamc32.exe -D -d 12.152.254.3 -a 16000 -lt 4 ht 100 -f EXTERNAL.SPAMASSASSIN_v3.04externalNONZERO e:\imail\declude\spamd\spamc32.exe -D -d 12.152.254.3 -a 16000 -lt 4 ht 100 -f 60 - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 20, 2005 12:45 PM Subject: Re: [Declude.JunkMail] declude / spamassassin Hi Travis - Sandy's plugin does the 'somehow' part. Simply have it point to your spamd. Here is the line from my global.cfg that may help - EXTERNAL.SPAMASSASSIN_v3.04externalNONZERO e:\imail\declude\spamd\spamc32.exe -D -d 12.152.254.3 -a 16000 -lt 4 ht 100 -f 60 -Nick Travis Sullivan wrote: Sorry, that was a typo, remove = remote :) I am looking into your plugin now, is this plug in the only way? I simply can't just use the IP of my spamassasin server somehow? - Original Message - From: David Barker [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 20, 2005 12:29 PM Subject: RE: [Declude.JunkMail] declude / spamassassin Travis not sure what you are asking with how to use a remove :) 1. To remove the external test just # comment out the test in your global.cfg 2. To use spamassassin I would suggest using this plugin SPAMC32 http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Sullivan Sent: Tuesday, September 20, 2005 1:21 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] declude / spamassassin I can't find documentation with regards to how to use a remove spamassassin server as an external test in declude v 1.81. Any help will be much appreciated. Thanks! Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
I have spamassasin running on my unix servers. I want to use this as an external test for my imail/declude system as an external test. A Declude external test uses filtering logic outside Declude: it sends raw envelope and/or header data to a separate filtering system from Declude and returns the results to Declude so that they may be aggregated with the results of Declude's internal tests and other externals to create an overall weight. SPAMC32 is a Declude external test: it talks to a remote SpamAssassin SPAMD server and returns the results to Declude, with a sizable set of command-line options to reduce resource utilization. The overall bandwidth used by SPAMC32 + SPAMD in combination is essentially half that of a dedicated SpamAssassin server, since the message body need only be vectored in one direction from SPAMC32 to SPAMD and the numeric results returned -- as opposed to being transmitted completely to the SpamAssassin server, tagged, and then transmitted completely to Declude. A Declude _filter_ can scan the header of an incoming messages to check for inserted x- headers from earlier hops in your mail server farm. This is not an external test, but it can check for headers added by SpamAssassin or from any other preprocessor. As developer of SPAMC32, of course I endorse it! However, I understand that people have other reasons that make a non-integrated SpamAssassin equally viable (such as multiple *nix-based stages in their mailflow). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Hi Travis - [I just saw Bill Landry's post - my suggestions here relate to calling spamd with an external test. If you have spamassassin in front of imail and its tagging email forget my suggestions.. - no need to do it twice!] Travis Sullivan wrote: EXTERNAL.SPAMASSASSIN_v3.04externalNONZERO e:\imail\declude\spamd\spamc32.exe -D -d 12.152.254.3 -a 16000 -lt 4 ht 100 -f 60 (minus the word wrap, is this exactly as it needs to be entered?) Yes it should work fine. Note the the ip address is the ip address of your spamd server. So that you will have to change. what are these flags? spamc32.exe -D -d 12.152.254.3 -a 16000 -lt 4 ht 100 -f If you download Sandy's spamc32.exe it includes docs and samples. He can explain it better than I. [I forgot.. sorry!. ] -Nick - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 20, 2005 12:45 PM Subject: Re: [Declude.JunkMail] declude / spamassassin Hi Travis - Sandy's plugin does the 'somehow' part. Simply have it point to your spamd. Here is the line from my global.cfg that may help - EXTERNAL.SPAMASSASSIN_v3.04externalNONZERO e:\imail\declude\spamd\spamc32.exe -D -d 12.152.254.3 -a 16000 -lt 4 ht 100 -f 60 -Nick Travis Sullivan wrote: Sorry, that was a typo, remove = remote :) I am looking into your plugin now, is this plug in the only way? I simply can't just use the IP of my spamassasin server somehow? - Original Message - From: David Barker [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 20, 2005 12:29 PM Subject: RE: [Declude.JunkMail] declude / spamassassin Travis not sure what you are asking with how to use a remove :) 1. To remove the external test just # comment out the test in your global.cfg 2. To use spamassassin I would suggest using this plugin SPAMC32 http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Sullivan Sent: Tuesday, September 20, 2005 1:21 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] declude / spamassassin I can't find documentation with regards to how to use a remove spamassassin server as an external test in declude v 1.81. Any help will be much appreciated. Thanks! Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
SPAMASSASSINexternalnonzero c:\imail\declude\spamc32.exe -cw %WEIGHT% -sw 10 -f choose a weight 0 -f is supposed to be the filename... but the example doesn't give one. So, how does spamc send a file name to spamd? Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Travis Sullivan wrote: SPAMASSASSINexternalnonzero c:\imail\declude\spamc32.exe -cw %WEIGHT% -sw 10 -f choose a weight 0 -f is supposed to be the filename... but the example doesn't give one. So, how does spamc send a file name to spamd? Declude hands it off to it. Actually I believe the entire email is given to spamc32.[ It works and works well.] -Nick Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Thanks guys, I have it working now! BTW... any way to retrieve any info from SA with regards to test failed or weight? This is what I have in my logs: Msg failed SPAMASSASSIN (Message failed SPAMASSASSIN: 1.). Action=WARN All I have is a 1, that is the score I have set as the test weight, for now until I figure it all out, with your help of course :) Thanks Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Foreign Language Spam
With Declude Pro you could create a custom filter that looked for common Spanish words and triggered a failure after hitting say 5 of these words. Be careful to include spaces after each word when doing this so that they don't hit on base64 encoded content. # SPAMISH MINWEIGHTTOFAIL 5 BODY 1 CONTAINS some-word BODY 1 CONTAINS another-word BODY 1 CONTAINS yetanother-word BODY 1 CONTAINS andsoon-word BODY 1 CONTAINS some-word BODY 1 CONTAINS some-word BODY 1 CONTAINS some-word BODY 1 CONTAINS some-word BODY 1 CONTAINS some-word A. Clausen wrote: We have a customer who is getting significant amounts of Spanish spam slipping through, and I was wondering if there was any particular means of filtering this out. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
Thanks guys, I have it working now! BTW... any way to retrieve any info from SA with regards to test failed or weight? This info is not currently used by Declude, though it is accessible when you run SPAMC32 against a message from the command line. Declude Junkmail doesn't support the use of report files as in Declude Virus -- secondary files left behind by external tests whose results can then be parsed by the Declude for insertion in headers or weighting. If it did, it'd be straightforward to drop a report file for each message and have these integrated into the Declude log. Anyway, the next version of SPAMC32 is coming out very soon with the ability to consult a local SPAMC32 log file (rather than the main SPAMD log file) to check which individual SA rules failed for each message; this is a definite need. As for SPAMC32 inserting headers directly, this is technically simple, but I have purposely avoided implementing this functionality because it will add significant extra disk I/O to reread and alter the original message, rather than letting Declude add all of its headers at once when done processing. Plus, adding the names of 10, 20, or more SA rules to the message headers can be pretty sloppy. So, in sum, header insertion will likely be added as an optional command-line switch, but it's not as much of a priority as the local logging function. I will keep the list posted, as always. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] declude / spamassassin
Anyway, the next version of SPAMC32 is coming out very soon with the ability to consult a local SPAMC32 log file (rather than the main SPAMD log file) to check which individual SA rules failed for each message; this is a definite need. Thanks Sandy, I just wanted to make sure I wasn't missing anything. So, the only thing I will see in the headers is the total score SA results: X-RBL-Warning: SPAMASSASSIN: Message failed SPAMASSASSIN: 3. And declude scores only for the test group, like other tests in the global.cfg file? Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Sandy, The latest Declude's support bitmasked result codes. You might consider creating a user maintained map from tests failed in SA to bitmapped result codes returned to Declude. I'm not sure what the limit might be in Declude for the number of unique tests, but I have managed to use 16 so far without issue. It probably is limited to either 16 or 32 if it is limited. It might very well not be. Matt Sanford Whiteman wrote: Thanks guys, I have it working now! BTW... any way to retrieve any info from SA with regards to test failed or weight? This info is not currently used by Declude, though it is accessible when you run SPAMC32 against a message from the command line. Declude Junkmail doesn't support the use of "report" files as in Declude Virus -- secondary files left behind by external tests whose results can then be parsed by the Declude for insertion in headers or weighting. If it did, it'd be straightforward to drop a report file for each message and have these integrated into the Declude log. Anyway, the next version of SPAMC32 is coming out very soon with the ability to consult a local SPAMC32 log file (rather than the main SPAMD log file) to check which individual SA rules failed for each message; this is a definite need. As for SPAMC32 inserting headers directly, this is technically simple, but I have purposely avoided implementing this functionality because it will add significant extra disk I/O to reread and alter the original message, rather than letting Declude add all of its headers at once when done processing. Plus, adding the names of 10, 20, or more SA rules to the message headers can be pretty sloppy. So, in sum, header insertion will likely be added as an optional command-line switch, but it's not as much of a priority as the local logging function. I will keep the list posted, as always. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Travis Sullivan wrote: So, the only thing I will see in the headers is the total score SA results: X-RBL-Warning: SPAMASSASSIN: Message failed SPAMASSASSIN: 3. And declude scores only for the test group, like other tests in the global.cfg file? Correct. Very slick huh? And good job getting it to go! -Nick Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude / spamassassin
Nick, If you don't mind, is SA heavy on the CPU? What kinda load are you running with SA? We are wanting to pursue it, however, Sanford had mentioned awhile back it would be heavy on the CPU. Thanks again, Keith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Tuesday, September 20, 2005 5:44 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] declude / spamassassin Travis Sullivan wrote: So, the only thing I will see in the headers is the total score SA results: X-RBL-Warning: SPAMASSASSIN: Message failed SPAMASSASSIN: 3. And declude scores only for the test group, like other tests in the global.cfg file? Correct. Very slick huh? And good job getting it to go! -Nick Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin - topic change
Anyway, the next version of SPAMC32 is coming out very soon with the ability to consult a local SPAMC32 log file (rather than the main SPAMD log file) to check which individual SA rules failed for each message; this is a definite need. Hi Sandy, Well since you are working on the code - something that for me would be nice is a modification to your -e switch. What I would like to have happen is return the SA weight only after a threshold is met. For example with a setting of 5 an email of 4.99 would not be considered spam but anything above would and the total score would be passed. Hopefully I'm clear on this - I'm trying! Thanks for the consideration. -Nick As for SPAMC32 inserting headers directly, this is technically simple, but I have purposely avoided implementing this functionality because it will add significant extra disk I/O to reread and alter the original message, rather than letting Declude add all of its headers at once when done processing. Plus, adding the names of 10, 20, or more SA rules to the message headers can be pretty sloppy. So, in sum, header insertion will likely be added as an optional command-line switch, but it's not as much of a priority as the local logging function. I will keep the list posted, as always. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Nick, If you don't mind, is SA heavy on the CPU? What kinda load are you running with SA? I have 3k plus users getting 300k emails per day... my SA is running on a linux server, P4 2ghz... no increase in load when I started using SA with declude today. The best config I have set is: SPAMASSASSIN externalnonzero e:\imail\declude\spamd\spamc32.exe -d 209.215.97.193 -r -lt 4 -et 6 -f 3 0 I 'think' so far that spamassassin only reports if SA's score is 4 or more, if so, I score it a 3 on the email test. I am still playing with the values to tune the system. thanks for everyone's help today. I hope to have MRTG running reports on declude soon to show some statistics. Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Hi Keith, Keith Johnson wrote: Nick, If you don't mind, is SA heavy on the CPU? What kinda load are you running with SA? First I am no authority here but am willing to share my experience. Sandy's spamd32 seems to be no issue as near as I can tell. The cpu issue is with spamd. .I have spamd running under cygwin on an older dual PIII 1.13 processor machine. Its raid 5 with a gig of ram. At least on my system spamd will spawn 6 perl processes each w/about 75k of ram. A couple of weeks ago we had some spam leakage to the Imail box with the result of like 2 mill or more emails in the spool/overflow dir. The main server was fine but the spamd box was running at 90-100% full cpu.to clear up that mess. If I guessed I would say the max the spamd box could do was 3 email a second.So bottom line is how many email would you max process in a second. would dictate if a separate spamd box would be necessary. Overall now I am doing ~ 15,000 email a day and the spamd box is running easy under 10%load. I personally really like spamassassin under Declude. With the weighting system of Declude it makes another excellent test. -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] Foreign Language Spam
I've seen very little specific to blocking Spanish spam. There is a blacklist at http://www.emailbasura.org/ but its effectiveness is somewhat limited. Original Message From: A. Clausen [EMAIL PROTECTED] Sent: Tuesday, September 20, 2005 12:48 PM To: Declude JunkMail Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Foreign Language Spam We have a customer who is getting significant amounts of Spanish spam slipping through, and I was wondering if there was any particular means of filtering this out. -- A. Clausen --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] critique my global.cfg file with regards to blacklist use
DSBL ip4r list.dsbl.org * 3 0 ORDB ip4r relays.ordb.org * 3 0 SPAMCOP ip4r bl.spamcop.net 127.0.0.2 3 0 SERVICESNET ip4r korea.services.net* 3 0 ORID ip4r dnsbl.antispam.or.id127.0.0.2 3 0 FABELSOURCES ip4r spamsources.fabel.dk127.0.0.2 3 0 AHBL ip4r dnsbl.ahbl.org * 3 0 BLITZEDALL ip4r opm.blitzed.org * 3 0 CBL ip4r cbl.abuseat.org 127.0.0.2 3 0 SBL ip4r sbl-xbl.spamhaus.org* 3 0 NJABL ip4r dnsbl.njabl.org 127.0.0.2 3 0 NJABLDUL ip4r combined.njabl.org127.0.0.3 3 0 NJABLFORMS ip4r dnsbl.njabl.org 127.0.0.8 2 0 NJABLPROXYS ip4r dnsbl.njabl.org 127.0.0.9 2 0 NJABLSOURCES ip4r dnsbl.njabl.org 127.0.0.4 2 0 SORBS-HTTP ip4r dnsbl.sorbs.net 127.0.0.2 2 0 SORBS-SOCKS ip4r dnsbl.sorbs.net 127.0.0.3 2 0 SORBS-MISC ip4r dnsbl.sorbs.net 127.0.0.4 2 0 SORBS-SMTP ip4r dnsbl.sorbs.net 127.0.0.5 2 0 SORBS-SPAM ip4r dnsbl.sorbs.net 127.0.0.6 2 0 SORBS-WEB ip4r dnsbl.sorbs.net 127.0.0.7 2 0 SORBS-BLOCK ip4r dnsbl.sorbs.net 127.0.0.8 2 0 SORBS-ZOMBIE ip4r dnsbl.sorbs.net 127.0.0.9 2 0 SORBS-DUHL ip4r dnsbl.sorbs.net 127.0.0.10 2 0 FIVETENDUL ip4r blackholes.five-ten-sg.com 127.0.0.3 2 0 FIVETENFREE ip4r blackholes.five-ten-sg.com 127.0.0.12 2 0 FIVETENIGNORE ip4r blackholes.five-ten-sg.com 127.0.0.7 2 0 FIVETENKLEZ ip4r blackholes.five-ten-sg.com 127.0.0.10 2 0 FIVETENMULTI ip4r blackholes.five-ten-sg.com 127.0.0.5 2 0 FIVETENOPTIN ip4r blackholes.five-ten-sg.com 127.0.0.4 2 0 FIVETENOTHER ip4r blackholes.five-ten-sg.com 127.0.0.9 2 0 FIVETENSINGLE ip4r blackholes.five-ten-sg.com 127.0.0.6 2 0 FIVETENSRC ip4r blackholes.five-ten-sg.com 127.0.0.2 2 0 FIVETENTCPA ip4r blackholes.five-ten-sg.com 127.0.0.11 2 0 FIVETENWEBFORM ip4r blackholes.five-ten-sg.com 127.0.0.8 2 0 CSMA-SBL ip4r sbl.csma.biz 127.0.0.2 2 0 JAMMDNSBL ip4r dnsbl.jammconsulting.com127.0.0.2 2 0 INTERSIL ip4r blackholes.intersil.net 127.0.0.2 2 0 MXRATE-BLOCK ip4r pub.mxrate.net 127.0.0.2 3 0 MXRATE-SUSPICIOUS ip4r pub.mxrate.net 127.0.0.4 3 0 SPAMBAG ip4r blacklist.spambag.org 127.0.0.2 2 0 DSN rhsbl dsn.rfc-ignorant.org127.0.0.2 3 0 NOABUSE rhsbl abuse.rfc-ignorant.org127.0.0.4 1 0 NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 1 0 BOGUSMX rhsbl bogusmx.rfc-ignorant.org 127.0.0.8 3 0 DNSILLEGAL rhsbl in.dnsbl.org 127.0.0.5 3 0 DNSFRAUD rhsbl in.dnsbl.org 127.0.0.3 3 0 DNSMAILLIST rhsbl in.dnsbl.org 127.0.0.6 3 0 DNSPROMO rhsbl in.dnsbl.org 127.0.0.4 3 0 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin - topic change
Well since you are working on the code - something that for me would be nice is a modification to your -e switch. What I would like to have happen is return the SA weight only after a threshold is met. For example with a setting of 5 an email of 4.99 would not be considered spam but anything above would and the total score would be passed. Hopefully I'm clear on this - I'm trying! Thanks for the consideration. I think I see your point. If you have the -lt option set, that'll be the low end of what's considered spam, and it's designed to accept a couple of decimal places, so you could pass '-lt 4.99'. The -e switch seems like it could be used concurrently to pass back the SPAMD weight, but by design -e will pass the SPAM weight no matter what else SPAMD or SPAMC32 thinks about the message (-e is designed to allow SPAMC32 to function as a 'weight' type test). So what you're asking for is a switch like -e, but which is more conditional, allowing the possible result codes: - 0, if -lt not met - SPAMD weight, if -lt met and SPAMD weight = -et value - -et value, if SPAMD weight -et value Sounds like a good option, and I can't think of a way of kludging that in one external test instance with the current switches (you could actually do it with multiple SPAMC32 runs -- don't!). I'll add it in. Thanks, Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude / spamassassin
Travis, In your setup, your Declude is running on a Windows 2k/2003 box calling your SA server on a Linux box on the same local network? I guess the speeds are much the same as quering a local DNS server for lookups. Sounds great, I will have look into this, my loads are around the same for our three servers. Thanks again, Keith From: [EMAIL PROTECTED] on behalf of Travis Sullivan Sent: Tue 9/20/2005 6:31 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] declude / spamassassin Nick, If you don't mind, is SA heavy on the CPU? What kinda load are you running with SA? I have 3k plus users getting 300k emails per day... my SA is running on a linux server, P4 2ghz... no increase in load when I started using SA with declude today. The best config I have set is: SPAMASSASSIN externalnonzero e:\imail\declude\spamd\spamc32.exe -d 209.215.97.193 -r -lt 4 -et 6 -f 3 0 I 'think' so far that spamassassin only reports if SA's score is 4 or more, if so, I score it a 3 on the email test. I am still playing with the values to tune the system. thanks for everyone's help today. I hope to have MRTG running reports on declude soon to show some statistics. Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
Re[2]: [Declude.JunkMail] declude / spamassassin
The latest Declude's support bitmasked result codes. You might consider creating a user maintained map from tests failed in SA to bitmapped result codes returned to Declude. I'm not sure what the limit might be in Declude for the number of unique tests, but I have managed to use 16 so far without issue. It probably is limited to either 16 or 32 if it is limited. It might very well not be. Interesting possibility, and I can see the usefulness. . . would be a certain bandwidth saver vs. having different SPAMD instances (and different SPAMC32 runs) for different rulesets, but what you save in bandwidth might be offset be a nearly ridiculous amount of complexity on the client side. One SPAMD might have tens of rulesets and thousands of rules, so trying to bitmask to identify the rules would be pretty crazy. Bitmasking at the ruleset level would be doable, but you wouldn't get the actual offending RegEx line from that, just the file that contained it. Rather than trying to match result codes up to a matrix of all possible results, I think such a full-featured external test as SpamAssassin is really a better push for a dumb report.txt kind of feature, which could simply gulp up a TESTSFAILED-style string returned from SPAMC32 and either put it in the logs without inspection, put it into a Declude variable for further use, or whatever. In the meantime, SPAMC32's upcoming local logging by queuefile name should help immensely with tracking results by rule. Remember that SA has its own weighting features, so tweaking rule-level weights and inter-rule/inter-ruleset dependencies lets you do weight management like Declude's before returning an aggregate SPAMC32 weight. . . albeit at a management cost vs. doing as much as possible within Declude. I'd see bitmasking in the far future, though I can't see putting aside time for it right now. Thanks, Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
I guess the speeds are much the same as quering a local DNS server for lookups. SA advocate though I am, I can't say that's the case. The speed of a UDP DNS lookup is far faster than a SPAMC32/SPAMD TCP connection for even a tiny message, due both to UDP vs. TCP differences and the amount of data sent for SMTP/MIME mail (i.e. the entire message, if it's = SPAMC32's max message size). The _response_ stage from DNS and SPAMD servers might be somewhat comparable in size and speed, but certainly not the request or processing stages. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude / spamassassin
Sandy, The utility in this is that the tests failed would be centralized in one application, Delude, and available for combo tests and easier diagnosis within that framework. Of course SpamAssassin has a multitude of different tests and scores within those tests, and it isn't practical to do everything in bitmask fashion, but I could see some utility in separating out a bayesian test as BAYESIAN-LOW, BAYESIAN-MED and BAYESIAN-HIGH for instance, or lumping together multiple Nigerian/Advance Fee Fraud filters into one separate test trackable by Declude. I understand that this probably isn't within the scope of your current plans, but it does offer some interesting potential for the future. I personally find the combo filtering technique within Declude to be very, very valuable. For instance finding out that a message hit both a DUL list and SPAMCOP is enough to delete a message, but these tests are not reliable enough to even hold on individually (IMO of course). Matt Sanford Whiteman wrote: The latest Declude's support bitmasked result codes. You might consider creating a user maintained map from tests failed in SA to bitmapped result codes returned to Declude. I'm not sure what the limit might be in Declude for the number of unique tests, but I have managed to use 16 so far without issue. It probably is limited to either 16 or 32 if it is limited. It might very well not be. Interesting possibility, and I can see the usefulness. . . would be a certain bandwidth saver vs. having different SPAMD instances (and different SPAMC32 runs) for different rulesets, but what you save in bandwidth might be offset be a nearly ridiculous amount of complexity on the client side. One SPAMD might have tens of rulesets and thousands of rules, so trying to bitmask to identify the rules would be pretty crazy. Bitmasking at the ruleset level would be doable, but you wouldn't get the actual offending RegEx line from that, just the file that contained it. Rather than trying to match result codes up to a matrix of all possible results, I think such a full-featured external test as SpamAssassin is really a better push for a "dumb" report.txt kind of feature, which could simply gulp up a TESTSFAILED-style string returned from SPAMC32 and either put it in the logs without inspection, put it into a Declude variable for further use, or whatever. In the meantime, SPAMC32's upcoming local logging by queuefile name should help immensely with tracking results by rule. Remember that SA has its own weighting features, so tweaking rule-level weights and inter-rule/inter-ruleset dependencies lets you do weight management like Declude's before returning an aggregate SPAMC32 weight. . . albeit at a management cost vs. doing as much as possible within Declude. I'd see bitmasking in the far future, though I can't see putting aside time for it right now. Thanks, Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] declude / spamassassin
The best config I have set is: SPAMASSASSIN externalnonzero e:\imail\declude\spamd\spamc32.exe -d 209.215.97.193 -r -lt 4 -et 6 -f 3 0 I 'think' so far that spamassassin only reports if SA's score is 4 or more, if so, I score it a 3 on the email test. I am still playing with the values to tune the system. I think your external test's behavior won't be what you expect. The -et switch won't be used without the -e switch, the -lt switch won't be used without the -ht switch, and the -r switch report isn't parsed by Declude, so what you're saying is the same as if you had no special switches at all: Just gimme a 0 if SPAMD says it's ham, and a 1 if SPAMD says it's spam. What did you want it to do? --Sandy A few more tests later, I have found the SA results of 1 to be spam, and my global.cfg line scores a hit at 3, this 3 gets added to the result of SA's 1 and therefore I get 4 points. Hummm... I was hoping to get the real score of SA, max of 10, and score that value against the email message for the weighting system. So, for now, it's ham or spam :) Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] declude / spamassassin
Of course SpamAssassin has a multitude of different tests and scores within those tests, and it isn't practical to do everything in bitmask fashion, but I could see some utility in separating out a bayesian test as BAYESIAN-LOW, BAYESIAN-MED and BAYESIAN-HIGH for instance, or lumping together multiple Nigerian/Advance Fee Fraud filters into one separate test trackable by Declude. I agree. It will be built, but not in the near term unless I have a (not atypical) fit and put it all in place in one long night this month. . . . --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] declude / spamassassin
A few more tests later, I have found the SA results of 1 to be spam,
and my global.cfg line scores a hit at 3, this 3 gets added to the
result of SA's 1 and therefore I get 4 points.
There should be no _addition_ of Declude-defined weights to external
test result codes! I don't even know how your test definition could be
doing that. Certainly, that's not the intended use of SPAMC32.
What's confusing you seems to be the way of pairing Declude's external
test types ('external nonzero' or 'external weight') with the related
SPAMC32 options (default or '-e').
A Declude 'external nonzero' test is designed for tests whose return
codes you want Declude to convert to binary pass/fail-- it's either
'pass' (return code 0) or 'fail' (return code 1+). [A test that only
returns a 0 or 1 (never 1+) can alternately be defined as an 'external
1' test, but I think most people just use the catchall 'nonzero'
type.] After you define a a test as nonzero, from the manual:
You can add weights, by adding two numbers at the end of the line:
the first one is the standard weight (the weight if the test fails),
the second is the negative weight (the weight if the test does not
fail, usually 0)
On the other hand, a Declude 'external weight' test is designed for
tests whose return code you want to reuse _as_ the Declude weight for
the test. This is designed for tests that return a range of values
that represent increasing spamminess, such as SPAMC32 with the -e (and
optionally the -et) option. In these cases, you're passing the SPAMD
weight, up to the -et threshold, directly back to Declude, which is
what you seem to want to do.
Hummm... I was hoping to get the real score of SA, max of 10, and
score that value against the email message for the weighting system.
So, for now, it's ham or spam :)
Only because you haven't defined the test correctly in Declude. :)
The -et switch on its own is useless, because that just sets an upper
threshold if -e is in use; -et requires -e, but -e does not require
-et (I'm not going to change the behavior at this point, but I
understand why you thought that -et implied -e.) You need both.
And if you want to get the SPAMD score in raw form, don't think about
-lt or -ht. These switches set client-side thresholds that allow you
to override the server-wide spam/ham threshold set on a central SPAMD
server. But you're already overriding SPAMD's spam/ham decision by
passing the raw SPAMD result without any simplification. The -lt and
-ht are useful if multiple SPAMC32s are running against the same SPAMD
rulesets and need different sensitivities (for example, if you're
running SPAMC32 from different client scanning boxes at a hosting
provider). You don't need them.
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/
Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/
http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
Re: Re[4]: [Declude.JunkMail] declude / spamassassin
Sandy;
There should be no _addition_ of Declude-defined weights to external
test result codes! I don't even know how your test definition could be
doing that. Certainly, that's not the intended use of SPAMC32.
Yes, another mistake on my part. Sorry :(
What's confusing you seems to be the way of pairing Declude's external
test types ('external nonzero' or 'external weight') with the related
SPAMC32 options (default or '-e').
A Declude 'external nonzero' test is designed for tests whose return
codes you want Declude to convert to binary pass/fail-- it's either
'pass' (return code 0) or 'fail' (return code 1+). [A test that only
returns a 0 or 1 (never 1+) can alternately be defined as an 'external
1' test, but I think most people just use the catchall 'nonzero'
type.] After you define a a test as nonzero, from the manual:
Can you point me to the manual please? :)
I would like to see what else can be done besides the nonzero (ham or spam).
I would like to rate how smelly the spam is :)
On the other hand, a Declude 'external weight' test is designed for
tests whose return code you want to reuse _as_ the Declude weight for
the test. This is designed for tests that return a range of values
that represent increasing spamminess, such as SPAMC32 with the -e (and
optionally the -et) option. In these cases, you're passing the SPAMD
weight, up to the -et threshold, directly back to Declude, which is
what you seem to want to do.
Hummm... I was hoping to get the real score of SA, max of 10, and
score that value against the email message for the weighting system.
So, for now, it's ham or spam :)
Only because you haven't defined the test correctly in Declude. :)
Yes, exactly, this is what I want to do :)
Travis
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
Re[6]: [Declude.JunkMail] declude / spamassassin
Can you point me to the manual please? :) I would like to see what else can be done besides the nonzero (ham or spam). I would like to rate how smelly the spam is :) Take a look: http://www.declude.com/Version/Manuals/2.0.6.asp --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[6]: [Declude.JunkMail] declude / spamassassin
Take a look: http://www.declude.com/Version/Manuals/2.0.6.asp Ah! I was thinking of your manual. Well, anyhow, I couldn't get the 'returnvalue' to work. only nonzero seams to work. any ideas? I used the following without success: SPAMASSASSIN externalreturnvalue e:\imail\declude\spamd\spamc32.exe -d 209.215.97.193 -e -et 6 -f 4 0 ideas? Travis --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
