[Declude.JunkMail] FP reporting for ZEROHOUR
Hi -Does anyone know of the procedure for reporting FP results that are failing the ZEROHOUR test ?jeff ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] FP reporting for ZEROHOUR
I was about to ask that myself. Also, the procedure for reporting spam that is not caught... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff PereiraSent: Wednesday, November 01, 2006 8:25 AMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] FP reporting for ZEROHOUR Hi -Does anyone know of the procedure for reporting FP results that are failing the ZEROHOUR test ?jeff---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Upgrading - which version?
When upgrading from Declude 2.x or prior you need to run the New install rather than the upgrade. 2.x and prior is the single application version whereas the new version is the decludeproc service. David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AlamoHost Admin Sent: Tuesday, October 31, 2006 5:19 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Upgrading - which version? Thanks, David. I get an error when running the legacy upgrade that says Error moving decludeproc.exe Err: 2. Any ideas? Bill - Original Message - From: David Barker [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Tuesday, October 31, 2006 4:05 PM Subject: RE: [Declude.JunkMail] Upgrading - which version? Bill, I would suggest 4.x the 3.x is for individual products whereas 4.x is all 3 products PRO version. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AlamoHost Admin Sent: Tuesday, October 31, 2006 4:59 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Upgrading - which version? I'm currently on 2.0.6.16 with Imail 8.22. My SA gives me the choice to upgrade to 3.13 or 4.3.14. I'm not really clear on why there are now two versions. Which one should I be considering? Any open problems big enough to suggest holding off? Thanks, Bill --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How long is each test taking?
Thanks for the feedback! I will definatly make some updates to our config and also run on debug level. I probably should update to the new Sniffer and run both declude and message sniffer in persistent mode. -Chris --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How long is each test taking?
Hi Chris, You might also check your Declude logs to make sure no DNS-based tests are timing out. That extra wait can be a killer for message processing time. Darin. - Original Message - From: Chris Anton [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 9:16 AM Subject: Re: [Declude.JunkMail] How long is each test taking? Thanks for the feedback! I will definatly make some updates to our config and also run on debug level. I probably should update to the new Sniffer and run both declude and message sniffer in persistent mode. -Chris --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blackholes test
I have declude setup to block by country using the blackholes dnsbl. It appears that blackholes is having intermittent problems staying up thus allowing spam to get through. Does anyone have a work around to block by IP address by country? Seems like I read somewhere about setting up a private dns server to do the same but not sure how to do it. Thanks, Kevin --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude not modifying subject line
Herb, I need to clarify something here. This source of this problem is that these messages do not conform to the RFC's and are extremely broken and should not be accepted by the mail server in the first place. That is the source of the problem, Declude is showing the symptom. Have you approached SmarterMail/Imail and asked them to fix this issue, either not accept the message or apply message standardization ? What was their response ? With that said, we are working on correcting this problem because clearly the Mail server is not doing it. Secondly, there are alternatives to marking the Subject line and having the mail server take action based on the headers. You could use actions like. # MAILBOX will move the E-mail to a user's folder (no, not a Windows directory) # ROUTETO will re-route the E-mail to an alternate address # HOLD will hold the message in the spool\spam directory. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herb Guenther Sent: Tuesday, October 31, 2006 5:59 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] declude not modifying subject line Hi All; Another week has went by and I have not heard any time schedule for fixing the issue with not modifying the message header correctly. This continues to allow hundreds of spam messages to land in our customers mailboxes every day. Again, what is required to get this fixed? We are happy to send samples, message source examples, or whatever is required. Otherwise we are going to move to a gateway filter model and just abandon declude. How did declude get in a situation where phone calls, emails, and service tickets can just be ignored because no one wants to take the bull by the horn? I know that our business does not operate that way. I assume that my disappointment is showing thru, frankly at a loss. Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude not modifying subject line
Hi David: Pardon me - but lets not forget that we choose to pay Declude license and maintenance fees, precisely because of its claim of being superior in detecting viruses, vulnerabilities and RFC violations that other components are known to letting through. When your business model is based on the premise that you will be closing the holes that other components leave, then Declude cannot retreat behind an argument that you are only as defect as the other guys. Clearly, if Imail/Smartermail did act appropriately and offered all the features it should, then you wouldn't have a customer base in the first place. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, November 01, 2006 10:02 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] declude not modifying subject line Herb, I need to clarify something here. This source of this problem is that these messages do not conform to the RFC's and are extremely broken and should not be accepted by the mail server in the first place. That is the source of the problem, Declude is showing the symptom. Have you approached SmarterMail/Imail and asked them to fix this issue, either not accept the message or apply message standardization ? What was their response ? With that said, we are working on correcting this problem because clearly the Mail server is not doing it. Secondly, there are alternatives to marking the Subject line and having the mail server take action based on the headers. You could use actions like. # MAILBOX will move the E-mail to a user's folder (no, not a Windows directory) # ROUTETO will re-route the E-mail to an alternate address # HOLD will hold the message in the spool\spam directory. David B --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] declude not modifying subject line
Agreed Andy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, November 01, 2006 10:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] declude not modifying subject line Hi David: Pardon me - but lets not forget that we choose to pay Declude license and maintenance fees, precisely because of its claim of being superior in detecting viruses, vulnerabilities and RFC violations that other components are known to letting through. When your business model is based on the premise that you will be closing the holes that other components leave, then Declude cannot retreat behind an argument that you are only as defect as the other guys. Clearly, if Imail/Smartermail did act appropriately and offered all the features it should, then you wouldn't have a customer base in the first place. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, November 01, 2006 10:02 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] declude not modifying subject line Herb, I need to clarify something here. This source of this problem is that these messages do not conform to the RFC's and are extremely broken and should not be accepted by the mail server in the first place. That is the source of the problem, Declude is showing the symptom. Have you approached SmarterMail/Imail and asked them to fix this issue, either not accept the message or apply message standardization ? What was their response ? With that said, we are working on correcting this problem because clearly the Mail server is not doing it. Secondly, there are alternatives to marking the Subject line and having the mail server take action based on the headers. You could use actions like. # MAILBOX will move the E-mail to a user's folder (no, not a Windows directory) # ROUTETO will re-route the E-mail to an alternate address # HOLD will hold the message in the spool\spam directory. David B --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude not modifying subject line
Hi David; First, I'd like to thank you for your response, it is the first that I have had and I really appreciate it. I realize that the issue is the either accidentally or purposely malformed messages. I would assume that there is a whole spectrum of message rfc compliance out there, and everyone has to draw the line somewhere. In an ideal world we could apply some very exact rules and just say too bad, so sad and reject the messages. However customers would view this as I did not get my email and in effect a false positive. So, outright rejection would not be the solution I think. However, to answer your question, we have not approached smartermail on the issue as that is not our spam tool vendor. I think that any message that an email client can display should be viewed as compliant enough from a real world perspective, even tho I agree that philosophically that is not the way it should be. Do you have an idea as to what the time frame for an update to this will be? Take care, Herb David Barker wrote: Herb, I need to clarify something here. This source of this problem is that these messages do not conform to the RFC's and are extremely broken and should not be accepted by the mail server in the first place. That is the source of the problem, Declude is showing the symptom. Have you approached SmarterMail/Imail and asked them to fix this issue, either not accept the message or apply message standardization ? What was their response ? With that said, we are working on correcting this problem because clearly the Mail server is not doing it. Secondly, there are alternatives to marking the Subject line and having the mail server take action based on the headers. You could use actions like. # MAILBOX will move the E-mail to a user's folder (no, not a Windows directory) # ROUTETO will re-route the E-mail to an alternate address # HOLD will hold the message in the spool\spam directory. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herb Guenther Sent: Tuesday, October 31, 2006 5:59 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] declude not modifying subject line Hi All; Another week has went by and I have not heard any time schedule for fixing the issue with not modifying the message header correctly. This continues to allow hundreds of spam messages to land in our customers mailboxes every day. Again, what is required to get this fixed? We are happy to send samples, message source examples, or whatever is required. Otherwise we are going to move to a gateway filter model and just abandon declude. How did declude get in a situation where phone calls, emails, and service tickets can just be ignored because no one wants to take the bull by the horn? I know that our business does not operate that way. I assume that my disappointment is showing thru, frankly at a loss. Herb -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)780-0424 Direct This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude not modifying subject line
I agree. That and the fact that RFCs are non-enforceable standards. There are many cases of RFCs not being followed. We can't just decide which non-RFC situations to handle and which not. We also cannot force all non-standard mailers to adapt to our requirements. We must accept mail and process it appropriately, since we cannot control the sending parameters. This is especially true when all it entails on our part is handling an additional case while parsing the message. Darin. - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 10:30 AM Subject: RE: [Declude.JunkMail] declude not modifying subject line Hi David: Pardon me - but lets not forget that we choose to pay Declude license and maintenance fees, precisely because of its claim of being superior in detecting viruses, vulnerabilities and RFC violations that other components are known to letting through. When your business model is based on the premise that you will be closing the holes that other components leave, then Declude cannot retreat behind an argument that you are only as defect as the other guys. Clearly, if Imail/Smartermail did act appropriately and offered all the features it should, then you wouldn't have a customer base in the first place. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, November 01, 2006 10:02 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] declude not modifying subject line Herb, I need to clarify something here. This source of this problem is that these messages do not conform to the RFC's and are extremely broken and should not be accepted by the mail server in the first place. That is the source of the problem, Declude is showing the symptom. Have you approached SmarterMail/Imail and asked them to fix this issue, either not accept the message or apply message standardization ? What was their response ? With that said, we are working on correcting this problem because clearly the Mail server is not doing it. Secondly, there are alternatives to marking the Subject line and having the mail server take action based on the headers. You could use actions like. # MAILBOX will move the E-mail to a user's folder (no, not a Windows directory) # ROUTETO will re-route the E-mail to an alternate address # HOLD will hold the message in the spool\spam directory. David B --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] FP reporting for ZEROHOUR
Thanks Kevin... Next question -- How can I have Declude add the X-Declude-RefID: to the header ?? - Original Message - From: Kevin Bilbee To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 12:16 PM Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Here is the document Declude sent to me for reporting false positives and false negatives. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken WeiseSent: Wednesday, November 01, 2006 5:46 AMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR I was about to ask that myself. Also, the procedure for reporting spam that is not caught... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff PereiraSent: Wednesday, November 01, 2006 8:25 AMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] FP reporting for ZEROHOUR Hi -Does anyone know of the procedure for reporting FP results that are failing the ZEROHOUR test ?jeff---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] FP reporting for ZEROHOUR
Ensure you running the latest version of Declude 4.x and that you have ZEROHOUR 14 in the global.cfg David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of JeffSent: Wednesday, November 01, 2006 12:47 PMTo: declude.junkmail@declude.comSubject: Re: [Declude.JunkMail] FP reporting for ZEROHOUR Thanks Kevin... Next question -- How can I have Declude add the X-Declude-RefID: to the header ?? - Original Message - From: Kevin Bilbee To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 12:16 PM Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Here is the document Declude sent to me for reporting false positives and false negatives. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken WeiseSent: Wednesday, November 01, 2006 5:46 AMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR I was about to ask that myself. Also, the procedure for reporting spam that is not caught... From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff PereiraSent: Wednesday, November 01, 2006 8:25 AMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] FP reporting for ZEROHOUR Hi -Does anyone know of the procedure for reporting FP results that are failing the ZEROHOUR test ?jeff---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] FP reporting for ZEROHOUR
So you are implying that those of us who are not running Commtouch, if we remove the ZEROHOUR statement from the global.cfg the X-Declude-RefID line in the headers will go away? (How to get rid of that line is a question that has been asked here before.) Original Message From: David Barker [EMAIL PROTECTED] Sent: Wednesday, November 01, 2006 1:52 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Ensure you running the latest version of Declude 4.x and that you have ZEROHOUR 14 in the global.cfg David B _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Sent: Wednesday, November 01, 2006 12:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] FP reporting for ZEROHOUR Thanks Kevin... Next question -- How can I have Declude add the X-Declude-RefID: to the header ?? - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 12:16 PM Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Here is the document Declude sent to me for reporting false positives and false negatives. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Weise Sent: Wednesday, November 01, 2006 5:46 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR I was about to ask that myself. Also, the procedure for reporting spam that is not caught... _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira Sent: Wednesday, November 01, 2006 8:25 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] FP reporting for ZEROHOUR Hi - Does anyone know of the procedure for reporting FP results that are failing the ZEROHOUR test ? jeff --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FP reporting for ZEROHOUR
For now you cannot get rid of the X-Declude-RefID line David B www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, November 01, 2006 2:54 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR So you are implying that those of us who are not running Commtouch, if we remove the ZEROHOUR statement from the global.cfg the X-Declude-RefID line in the headers will go away? (How to get rid of that line is a question that has been asked here before.) Original Message From: David Barker [EMAIL PROTECTED] Sent: Wednesday, November 01, 2006 1:52 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Ensure you running the latest version of Declude 4.x and that you have ZEROHOUR 14 in the global.cfg David B _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Sent: Wednesday, November 01, 2006 12:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] FP reporting for ZEROHOUR Thanks Kevin... Next question -- How can I have Declude add the X-Declude-RefID: to the header ?? - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 12:16 PM Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Here is the document Declude sent to me for reporting false positives and false negatives. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Weise Sent: Wednesday, November 01, 2006 5:46 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR I was about to ask that myself. Also, the procedure for reporting spam that is not caught... _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira Sent: Wednesday, November 01, 2006 8:25 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] FP reporting for ZEROHOUR Hi - Does anyone know of the procedure for reporting FP results that are failing the ZEROHOUR test ? jeff --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FP reporting for ZEROHOUR
Declude has indicated to me that the line will be removable for users not running ZEROHOUR in a future version of Declude. It is currently hard coded to be displayed in all email headers Declude processes SAME for ZEROHOUR[0] in tests failed. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, November 01, 2006 11:54 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR So you are implying that those of us who are not running Commtouch, if we remove the ZEROHOUR statement from the global.cfg the X-Declude- RefID line in the headers will go away? (How to get rid of that line is a question that has been asked here before.) Original Message From: David Barker [EMAIL PROTECTED] Sent: Wednesday, November 01, 2006 1:52 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Ensure you running the latest version of Declude 4.x and that you have ZEROHOUR 14 in the global.cfg David B _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Sent: Wednesday, November 01, 2006 12:47 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] FP reporting for ZEROHOUR Thanks Kevin... Next question -- How can I have Declude add the X-Declude-RefID: to the header ?? - Original Message - From: Kevin Bilbee mailto:[EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 12:16 PM Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR Here is the document Declude sent to me for reporting false positives and false negatives. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Weise Sent: Wednesday, November 01, 2006 5:46 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] FP reporting for ZEROHOUR I was about to ask that myself. Also, the procedure for reporting spam that is not caught... _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Pereira Sent: Wednesday, November 01, 2006 8:25 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] FP reporting for ZEROHOUR Hi - Does anyone know of the procedure for reporting FP results that are failing the ZEROHOUR test ? jeff --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Upgrading Declude Configs - Which Tests are valid?
I spent this afternoon cleaning up my global.cfg file and I still have some tests listed that no longer show up in the latest config file from Declude. I was wondering which of the following, if any are still active tests? DSBL , SENDERDB-BLACK, SENDERDB-SUSPICIOUS, MAILPOLICE-BULK, MAILPOLICE-PORN, FIVETEN-SPAM, FIVETEN-BULK, FIVETEN-MULTISTAGE, FIVETEN-SPAMSUPPORT, FIVETEN-MISC, FIVETEN-SINGLESTAGE, FIVETEN-FREE, AHBL-RELAYS, AHBL-PROXIES, AHBL-SOURCES, AHBL-PROVISIONAL, AHBL-FORMMAIL, AHBL-DUL, NJABL-DYNABLOCK, NJABL-RELAYS, NJABL-DUL, NJABL-SOURCES, NJABL-MULTI, NJABL-FORMMAIL, and NJABL-PROXIES Are any of these tests duplicates, as in basically using the same data or basically the same test? Thanks for the help, Brian T. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
re: [Declude.JunkMail] Upgrading Declude Configs - Which Tests are valid?
I'm using most of the ones you mention, and the ones I'm using all work. He's what I have in my global.config that matches your list: AHBLip4rdnsbl.ahbl.org * 7 0 DSBLip4rlist.dsbl.org * 8 0 MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 7 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 7 0 FIVETEN-SPAMip4rblackholes.five-ten-sg.com 127.0.0.2 5 0 FIVETEN-BULKip4rblackholes.five-ten-sg.com 127.0.0.4 5 0 FIVETEN-MULTISTAGE ip4rblackholes.five-ten-sg.com 127.0.0.5 5 0 FIVETEN-SINGLESTAGE ip4rblackholes.five-ten-sg.com 127.0.0.6 5 0 FIVETEN-SPAM-SUPPORTip4rblackholes.five-ten-sg.com 127.0.0.7 5 0 FIVETEN-WEBFORM ip4rblackholes.five-ten-sg.com 127.0.0.8 5 0 FIVETEN-MISCip4rblackholes.five-ten-sg.com 127.0.0.9 5 0 FIVETEN-CR ip4rblackholes.five-ten-sg.com 127.0.0.13 5 0 NJABL-OPENRELAY ip4rdnsbl.njabl.org 127.0.0.2 3 0 NJABL-DUL ip4rdnsbl.njabl.org 127.0.0.3 3 0 NJABL-SPAMSRC ip4rdnsbl.njabl.org 127.0.0.4 3 0 NJABL-MULTI ip4rdnsbl.njabl.org 127.0.0.5 3 0 NJABL-BADHOST ip4rdnsbl.njabl.org 127.0.0.6 3 0 NJABL-CGI ip4rdnsbl.njabl.org 127.0.0.8 3 0 NJABL-PROXY ip4rdnsbl.njabl.org 127.0.0.9 3 0 NJABL-DYNA ip4rdynablock.njabl.org 127.0.0.3 5 0 If you really want a breakdown on what each one does, you will have to go to their individual web sites. For example, I'm just using the one AHBL test which includes all of that blacklist rolled into one. You can break AHBL into several tests based on what they have on their web site. http://www.ahbl.org/docs/dnsbl.php The same can be said for the others: http://dsbl.org/usage http://rhs.mailpolice.com/usage.php http://www.five-ten-sg.com/blackhole.php http://dnsbl.njabl.org/use.html Using DLanalyzer, here is a breakdown of what percentage of spam on my server was hit by the tests mentioned for the past week: AHBL3.64% DSBL9.83% MAILPOLICE-BULK 0.18% MAILPOLICE-PORN 0.29% FIVETEN-SPAM46.89% FIVETEN-BULK0.30% FIVETEN-MULTISTAGE 0.00% FIVETEN-SINGLESTAGE 0.00% FIVETEN-SPAM-SUPPORT0.11% FIVETEN-WEBFORM 0.00% FIVETEN-MISC0.16% FIVETEN-CR 0.00% NJABL-OPENRELAY 0.06% NJABL-DUL 1.41% NJABL-SPAMSRC 0.09% NJABL-MULTI 0.00% NJABL-BADHOST 0.00% NJABL-CGI 0.00% NJABL-PROXY 3.69% NJABL-DYNA 31.30% You may get different results. Just because a test gets a low percentage of hits doesn't necessarily mean it is a bad test. I suggest you download a copy of the free lite version of DLanalyzer and run it on your logs. This will give you an idea as to which tests are getting hits on your setup and which are not. http://www.invariantsystems.com/dlanalyzer/ Good luck, Gary Original Message From: Brian T. [EMAIL PROTECTED] Sent: Wednesday, November 01, 2006 7:21 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Upgrading Declude Configs - Which Tests are valid? I spent this afternoon cleaning up my global.cfg file and I still have some tests listed that no longer show up in the latest config file from Declude. I was wondering which of the following, if any are still active tests? DSBL , SENDERDB-BLACK, SENDERDB-SUSPICIOUS, MAILPOLICE-BULK, MAILPOLICE-PORN, FIVETEN-SPAM, FIVETEN-BULK, FIVETEN-MULTISTAGE, FIVETEN-SPAMSUPPORT, FIVETEN-MISC, FIVETEN-SINGLESTAGE, FIVETEN-FREE, AHBL-RELAYS, AHBL-PROXIES, AHBL-SOURCES, AHBL-PROVISIONAL, AHBL-FORMMAIL, AHBL-DUL, NJABL-DYNABLOCK, NJABL-RELAYS, NJABL-DUL, NJABL-SOURCES, NJABL-MULTI, NJABL-FORMMAIL, and NJABL-PROXIES Are any of these tests duplicates, as in basically using the same data or basically the same test? Thanks for the help, Brian T. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Upgrading Declude Configs - Which Tests are valid?
I know the SENDERDB ones changed to MXRATE and you have to register (free) to use the new lists. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Brian T. [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 01, 2006 6:54 PM Subject: [Declude.JunkMail] Upgrading Declude Configs - Which Tests are valid? I spent this afternoon cleaning up my global.cfg file and I still have some tests listed that no longer show up in the latest config file from Declude. I was wondering which of the following, if any are still active tests? DSBL , SENDERDB-BLACK, SENDERDB-SUSPICIOUS, MAILPOLICE-BULK, MAILPOLICE-PORN, FIVETEN-SPAM, FIVETEN-BULK, FIVETEN-MULTISTAGE, FIVETEN-SPAMSUPPORT, FIVETEN-MISC, FIVETEN-SINGLESTAGE, FIVETEN-FREE, AHBL-RELAYS, AHBL-PROXIES, AHBL-SOURCES, AHBL-PROVISIONAL, AHBL-FORMMAIL, AHBL-DUL, NJABL-DYNABLOCK, NJABL-RELAYS, NJABL-DUL, NJABL-SOURCES, NJABL-MULTI, NJABL-FORMMAIL, and NJABL-PROXIES Are any of these tests duplicates, as in basically using the same data or basically the same test? Thanks for the help, Brian T. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.