[Declude.JunkMail] outgoing mail

[Goebbels, Bernd (LDS)]

hello,

i've got a question: i want to scan outgoing mail with declude. actually we're 
only scanning incoming mail. we're planning to use the existing tests on 
incoming mail and new tests on outgoing mail.

we're using declude 3.1.0 with imail 7

can anybody help?




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

AW: [Declude.JunkMail] AFTERJM

[Goebbels, Bernd (LDS)]

hi,
 
we handle it for years like bonno described. it works fine. but we modified the 
system a little bit. we gather all held mail in a directory where we use the 
%DATE% - funtionality - so all held mails of one day are caught in a separated 
directory. each night (when there is little work for our server) we let our 
anti-virus(run by a task) check the parent directory and in the morning when we 
start working we got a virus-free directory, we can move somewhere else. i.e. 
you can start a zipping programm on all directories in the parent directory so 
you only have one file to move.
 
mfg
 
b.goebbels
LDSNRW
düsseldorf
germany




Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bonno 
Bloksma
Gesendet: Mittwoch, 6. Februar 2008 15:28
An: Declude.JunkMail@declude.com
Betreff: [Declude.JunkMail] AFTERJM


Hi,
 
For years we have had AFTERJM as a way to first delete al spam mail and 
then scan the remainder for virusses.
Lots of us have not used it because a mail that was held or something 
like it would not be scanned. If after that it was put back in the queue it 
would never have been scanned.
 
A few years ago that wasn't a problem, today it is when 90+% of the 
mail is spam and less then 1% is virus. Virusscanning uses the most cpu as far 
as I can see.
With the way Declude works now with a Decludeproc service keeping track 
of everything can we not simply have Declude scan all mail for virusses etc 
unless it is deleted first by junkmail?
 
So whatever action junkmail takes, excluding deleting, the mail will be 
scanned for virusses. That way we don't have to worry anymore when resubmitting 
FP spam to the queue.
Together with the new Sniffer engine I'd love to use AFTERJM.
 
Reason for this mail I just had my mailserver brought to it's knees 
scanning a spamburst for nonexisting virusses. I know there are lots of other 
ways to catch spam before it hits the IMail server but that's not needed (yet) 
if I can user AFTERJM.


Met vriendelijke groet,
Bonno Bloksma
hoofd systeembeheer


tio hogeschool hospitality en toerisme 
begijnenhof 8-12 / 5611 el eindhoven
t 040 296 28 28 / f 040 237 35 20
[EMAIL PROTECTED]    / www.tio.nl 
  

---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] decludeproc stopped working

[Goebbels, Bernd \(LDS\)]

Hi,
 
a few days ago, the decludeproc-service just stopped working without any reason
i could tell.
 
attached are 3 files, one part of our log and the two files declude created.
 
has anybody encountered something similar or just an idea what happened?
 
 
bernd goebbels
LDSNRW
Düsseldorf
Germany


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


image001.gif
Description: image001.gif
02/21/2007 13:24:52.843 q38b7012e03f64a61.smd  Tests failed [weight=310]: 
DIREKTANUNS=WARN[0] VORAB=WARN[300] CBL=WARN[10] HELOBOGUS=WARN[0] 
IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] HOUR2=WARN[0] 
WEIGHTTOT1504999nutzer=HOLD[150] 
02/21/2007 13:24:52.843 q38b7012e03f64a61.smd  Action(s) taken for [EMAIL 
PROTECTED] = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 13:24:52.843 q38b7012e03f64a61.smd  Cumulative action(s) taken on 
this email = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 13:24:53.609 q38ba012f03f65454.smd  Tests failed [weight=583]: 
DIREKTANUNS=WARN[0] GIFFER1=WARN[541] CBL=WARN[10] SORBS-WEB=WARN[7] 
SPAMCOP=WARN[25] MSGSIZE3KB=IGNORE[0] MSGSIZE5KB=IGNORE[0] 
MSGSIZE10KB=IGNORE[0] HELOBOGUS=WARN[0] IPNOTINMX=IGNORE[0] 
NOLEGITCONTENT=IGNORE[0] REVDNS=WARN[0] HOUR2=WARN[0] 
WEIGHTTOT1504999nutzer=HOLD[150] 
02/21/2007 13:24:53.625 q38ba012f03f65454.smd  Action(s) taken for [EMAIL 
PROTECTED] = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 13:24:53.625 q38ba012f03f65454.smd  Cumulative action(s) taken on 
this email = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 13:24:53.781 q38bc00d703805c82.smd  Tests failed [weight=-2000]: 
ZIPANHANG=WARN[-2000] MSGSIZE3KB=IGNORE[0] MSGSIZE5KB=IGNORE[0] 
MSGSIZE10KB=IGNORE[0] MSGSIZE15KB=IGNORE[0] MSGSIZE20KB=IGNORE[0] 
MSGSIZE25KB=IGNORE[0] MSGSIZE30KB=IGNORE[0] MSGSIZE40KB=IGNORE[0] 
MSGSIZE50KB=IGNORE[0] MSGSIZE60KB=IGNORE[0] MSGSIZE70KB=IGNORE[0] 
MSGSIZE80KB=IGNORE[0] MSGSIZE90KB=IGNORE[0] MSGSIZE100KB=IGNORE[0] 
MSGSIZE200KB=IGNORE[0] MSGSIZE300KB=IGNORE[0] MSGSIZE400KB=IGNORE[0] 
MSGSIZE500KB=IGNORE[0] MSGSIZE1000KB=IGNORE[0] MSGSIZE5000KB=IGNORE[0] 
FROMNOMATCH=WARN[0] IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] HOUR2=WARN[0] 
02/21/2007 13:24:53.781 q38bc00d703805c82.smd  L1 Message OK
02/21/2007 13:24:53.781 q38bc00d703805c82.smd  Action(s) taken for [EMAIL 
PROTECTED] = IGNORE WARN  [LAST ACTION=WARN]
02/21/2007 13:24:53.781 q38bc00d703805c82.smd  Cumulative action(s) taken on 
this email = IGNORE WARN  [LAST ACTION=WARN]
02/21/2007 13:24:56.515 q38bc00d703805c82.smd  (Error 5 at 77e27eac v3.1.0)
02/21/2007 13:24:56.531 q38bc00d703805c82.smd  (log part 2 saved as 
C:\declude.gp2)
02/21/2007 13:24:56.531 q38bc00d703805c82.smd  (log part 1 saved as 
C:\declude.gp1)
02/21/2007 13:24:55.078 q38bf019003d068a7.smd  Tests failed [weight=61]: 
XHOEHE=WARN[0] KEINSPAMHART=WARN[-20] FROMNOMATCH=WARN[0] IPNOTINMX=IGNORE[0] 
BOUNCEDVIRUS=WARN[71] LAENDERPRUEFUNG=WARN[5] HOUR2=WARN[0] 
KEINEWEITERLEITUNGSFALLE=WARN[-30] WEITERLEITUNGSFALLE=WARN[30] 
OHNEABSENDER=WARN[10] HERSTELLERTESTS=WARN[-5] WEIGHT35149nutzer=HOLD[35] 
02/21/2007 13:24:55.078 q38bf019003d068a7.smd  Action(s) taken for [EMAIL 
PROTECTED] = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 13:24:55.078 q38bf019003d068a7.smd  Cumulative action(s) taken on 
this email = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 13:24:55.593 q38c2019103d07549.smd  Tests failed [weight=626]: 
ZZ_TOP_EINHUNDERT=WARN[300] VORAB=WARN[300] SCHULHELO=HOLD[0] SPAMCOP=WARN[25] 
NOPOSTMASTER=WARN[1] BADHEADERS=WARN[0] IPNOTINMX=IGNORE[0] 
NOLEGITCONTENT=IGNORE[0] REVDNS=WARN[0] SPAMDOMAINS=WARN[0] HOUR2=WARN[0] 
WEIGHTTOT1504999nutzer=HOLD[150] 
02/21/2007 13:24:55.593 q38c2019103d07549.smd  Action(s) taken for [EMAIL 
PROTECTED] = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 13:24:55.593 q38c2019103d07549.smd  Cumulative action(s) taken on 
this email = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 16:14:21.234 q38ce00da0380a216.smd  Tests failed [weight=576]: 
GIFFER2=WARN[541] CBL=WARN[10] SPAMCOP=WARN[25] MSGSIZE3KB=IGNORE[0] 
MSGSIZE5KB=IGNORE[0] MSGSIZE10KB=IGNORE[0] MSGSIZE15KB=IGNORE[0] 
MSGSIZE20KB=IGNORE[0] MSGSIZE25KB=IGNORE[0] IPNOTINMX=IGNORE[0] 
NOLEGITCONTENT=IGNORE[0] HOUR2=WARN[0] WEIGHTTOT1504999nutzer=HOLD[150] 
02/21/2007 16:14:21.250 q38ce00da0380a216.smd  Action(s) taken for [EMAIL 
PROTECTED] = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 16:14:21.250 q38ce00da0380a216.smd  Cumulative action(s) taken on 
this email = IGNORE WARN HOLD  [LAST ACTION=HOLD]
02/21/2007 16:14:21.250 q38ce0171037ca2f1.smd  Tests failed [weight=541]: 
GIFFER4=WARN[541] MSGSIZE3KB=IGNORE[0] MSGSIZE5KB=IGNORE[0] 
MSGSIZE10KB=IGNORE[0] MSGSIZE15KB=IGNORE[0] MSGSIZE20KB=IGNORE[0] 
MSGSIZE25KB=IGNORE[0] IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] 
HOUR2=WARN[0] WEIGHTTOT1504999nutzer=HOLD[150] 
02/21/2007 16:14:21.250 q38ce0171037ca2f1.smd  Act

AW: [Declude.JunkMail] Country Code

[Goebbels, Bernd \(LDS\)]

oh, just found the file it on my personal account page of declude. see
"download"




Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von
scott_powner
Gesendet: Dienstag, 5. Dezember 2006 16:54
An: declude.junkmail@declude.com
Betreff: [Declude.JunkMail] Country Code



Ok - an oldie but a goodie:  

 

I was trying to display the actual country code in the header.  I have
the %countrychain% displaying but I seem to be missing a few country codes in my
filter so I was trying to find out what codes the filter uses.  Any ideas on how
to display them?

 

Thank you,

Scott T Powner

Scott T. Powner

Director of Information Technology

Midwestern Intermediate Unit IV

453 Maple St.

Grove City, Pa. 16127

724.458.6700 ex 273

 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

AW: [Declude.JunkMail] Country Code

[Goebbels, Bernd \(LDS\)]

hi scott,
 
i think what you need is an update of the "all_list.dat"-file located in the
declude-directory, it should contain all region-codes. if yours is old, a few
changes because of new countrys etc. are not in the list and you're missing the
steps in the country chain.
 
my problem is that i got no idea where to get this new file, if somebody does,
i'm interested to.
 
bernd
LDS NRW
Duesseldorf
Germany




Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von
scott_powner
Gesendet: Dienstag, 5. Dezember 2006 16:54
An: declude.junkmail@declude.com
Betreff: [Declude.JunkMail] Country Code



Ok - an oldie but a goodie:  

 

I was trying to display the actual country code in the header.  I have
the %countrychain% displaying but I seem to be missing a few country codes in my
filter so I was trying to find out what codes the filter uses.  Any ideas on how
to display them?

 

Thank you,

Scott T Powner

Scott T. Powner

Director of Information Technology

Midwestern Intermediate Unit IV

453 Maple St.

Grove City, Pa. 16127

724.458.6700 ex 273

 

 


---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com. 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

AW: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released

[Goebbels, Bernd \(LDS\)]

hi, we're using imail 7.15, does anybody know if this is effected too?

bernd goebbels
LDSNRW
duesseldorf
germany 

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Darrell
([EMAIL PROTECTED])
Gesendet: Mittwoch, 7. Dezember 2005 17:15
An: Declude.JunkMail@declude.com
Betreff: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released

Bill, 

I am actually looking for any information pertaining to 8.1x specifically is
8.15 vulnerable. 

Darrell 

Bill Landry writes: 

> Yes, 8.2 needs to be patched, as well.  See: 
> 
> http://www.ipswitch.com/support/imail/releases/imail_professional/im82
> 2.as
> p
> 
> Bill
> - Original Message - From: "Darrell 
> ([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
> To: 
> Sent: Wednesday, December 07, 2005 5:54 AM
> Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 
> released
> 
> 
>> Anyone hear anything about if 8.1x is affected?  It talks only about 8.2.
>> Darrell
>> Hirthe, Alexander writes:
>>> Hello, there are two bugs in Imail, one for authenticated users in 
>>> Imap, one for all in SMTP. Please upgrade your systems!
>>> http://www.ipswitch.com/support/ics/updates/ics202.asp
>>> 
>>> http://www.ipswitch.com/support/imail/releases/imail_professional/im822. 
>>> asp
>>> >> m822
>>> .asp
 
>>> 
>>> Advisories:
>>> -
>>> http://www.idefense.com/application/poi/display?id=347&type=vulnerab
>>> ilit
>>> ies
>>> >> bili
>>> ties
 
>>> -
>>> http://www.idefense.com/application/poi/display?id=346&type=vulnerab
>>> ilit
>>> ies
>>> >> bili
>>> ties
 
>>> 
>>> Alex
>>> ---
>>> [This E-mail was scanned for viruses by Declude EVA www.declude.com] 
>>> --- This E-mail came from the Declude.JunkMail mailing list.  To 
>>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
>>> "unsubscribe Declude.JunkMail".  The archives can be found at 
>>> http://www.mail-archive.com.
>>  
>> 
>> 
>> -
>> --- Check out http://www.invariantsystems.com for utilities for 
>> Declude And Imail.  IMail/Declude Overflow Queue Monitoring, 
>> SURBL/URI integration, MRTG Integration, and Log Parsers.
>> 
>> ---
>> [This E-mail was scanned for viruses by Declude EVA www.declude.com]
>> 
>> ---
>> This E-mail came from the Declude.JunkMail mailing list.  To 
>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
>> "unsubscribe Declude.JunkMail".  The archives can be found at 
>> http://www.mail-archive.com.
>> 
> 
> ---
> [This E-mail was scanned for viruses by Declude EVA www.declude.com]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To 
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
> "unsubscribe Declude.JunkMail".  The archives can be found at 
> http://www.mail-archive.com.
 


 
Check out http://www.invariantsystems.com for utilities for Declude And Imail.
IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers. 


---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".
The archives can be found at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

AW: [Declude.JunkMail] spool not delivered

[Goebbels, Bernd \(LDS\)]

darrell ,

thanks for your response, but that wasn't the problem. we're on 3.0.5.18 and
we're talking about common .smd .lst and .fwd - files.

bernd

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Darrell
([EMAIL PROTECTED])
Gesendet: Dienstag, 8. November 2005 15:07
An: Declude.JunkMail@declude.com
Betreff: Re: [Declude.JunkMail] spool not delivered

Bernd, 

Several folks reported issues like this with 3.0.5.14.  A few said upgrading to
the latest version.  I beleive some mentioned issues with messages that had
winmail.dat extensions. 

Darrell 

 
DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus.  Try it
today http://www.invariantsystems.com 

Goebbels, Bernd (LDS) writes: 

> we're monitoring something strange: 
> 
> there are a lot (11.000) d- and q- files in our spool-directory that 
> are not delivered to their recipients.
> 
> as far as we understand 3.0.5.14, all of the mails coming in should be 
> moved to the proc-directory, then processed by declude in the 
> work-directory and afterwards put to the spool-directory to be delivered.
> 
> it seems that some of the mails put there are not delivered at all, 
> for example mails we want to deliver "by hand", so we take d- and 
> q-file and move them to spool.
> 
> anybody seeing this too? 
> 
> bernd goebbels
> LDSNRW
> düsseldorf
> germany
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To 
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
> "unsubscribe Declude.JunkMail".  The archives can be found at 
> http://www.mail-archive.com.
 

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".
The archives can be found at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] spool not delivered

[Goebbels, Bernd \(LDS\)]

we're monitoring something strange:

there are a lot (11.000) d- and q- files in our spool-directory that are not
delivered to their recipients. 

as far as we understand 3.0.5.14, all of the mails coming in should be moved to
the proc-directory, then processed by declude in the work-directory and
afterwards put to the spool-directory to be delivered.

it seems that some of the mails put there are not delivered at all, for example
mails we want to deliver "by hand", so we take d- and q-file and move them to
spool.

anybody seeing this too?

bernd goebbels
LDSNRW
düsseldorf
germany
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

AW: [Declude.JunkMail] SPFFAIL? Under 3.0

[Goebbels, Bernd \(LDS\)]

yes, i've seen some hits, but for the wrong mails. i think, as i posted before,
that declude 3.0.5.12 really messes up with the failed tests.

bernd 

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Darrell
([EMAIL PROTECTED])
Gesendet: Donnerstag, 3. November 2005 15:37
An: Declude.JunkMail@declude.com
Betreff: [Declude.JunkMail] SPFFAIL? Under 3.0

Has anyone seen any hits on "SPFFAIL" under any of the 3.x versions? 

Darrell 

 
Check out http://www.invariantsystems.com for utilities for Declude And Imail.
IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers. 


---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".
The archives can be found at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] problem with declude 3.0.5.12

[Goebbels, Bernd \(LDS\)]

just detected a new bug (or ist it a feature?):

i 've got mails moved to a special directory even if they don't trigger the
specified test.

i.e.

content of $default$.junkmail:

GESPERRTEANHAENGE   HOLD g:\imail\gesperrteanhaenge\%DATE%

there is NO way that this mail could trigger the GESPERRTEANHAENGE test. this
test is only triggered when there is a *.pif, *.scr, etc. -file attached.

the other way works too: a lot of mails pass this test that shouldn't pass it.
this test is a way for us to pre-filter virusses. we are using avafterjm so the
virusses that pass this test get tested by all of our declude-tests and
afterward by our anti-virus software, so they don't get delivered but increase
our porcessor-load immense.

is it possible that the same problem discussed under declude virus ("Virus name
reported as different than what scanner detected") is causing this too? 

i quote markus gufler:

"Hmm, looks like there is one single variable containing the last 
detected virus name and several threads writing to and reading from 
this variable..."

if this is true, we are a little bit pissed, because we are using a lot of
combo-testing to move not delivered mails to certain directories (depends on the
reason, why they are not delivered) and i will have to check each one of these
directories file by file and decide what to do. even worse: in my opinoion a lot
of spam gets delivered to our customers and i don't think they will be happy
about it.

the complete mail:

Received: from 192.184.162.44 for DK.67.clbtrplkqomlzxho.fundatingisfun.com;
Wed, 02 Nov 2005 00:59:06 -0700
Message-ID: <[EMAIL PROTECTED]>
From: "commodious Smart" <[EMAIL PROTECTED]>
Reply-To: "commodious Smart" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: I'm cute and bored lets meet
Date: Wed, 02 Nov 2005 11:00:06 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--8385_cpvcpixtwoinnecwteyean_0127"
X-Webmail-Time: Wed, 02 Nov 2005 02:02:06 -0600 
X-RBL-Warning: CBL: "Blocked - see
http://cbl.abuseat.org/lookup.cgi?ip=81.10.172.131";
X-RBL-Warning: SPAMCOP: "Blocked - see
http://www.spamcop.net/bl.shtml?81.10.172.131";
X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with
spam [210f].
X-RBL-Warning: DIREKTANUNS: Message failed DIREKTANUNS test (line 16, weight 0)
X-RBL-Warning: LAENDERPRUEFUNG: Message failed LAENDERPRUEFUNG test (line 316,
weight 5)
X-RBL-Warning: HOUR2: Hour was between 6:00 and 19:59.
X-RBL-Warning: MITLNKEXTERNWEICH: Message failed MITLNKEXTERNWEICH test (line
16, weight 30)
X-RBL-Warning: PORNO: Message failed PORNO test (line 472, weight 40)
X-Declude-Sender: [EMAIL PROTECTED] [81.10.172.131]
X-Declude-Spoolname: D71b8180c0136c6f4.smd
X-Note: This incoming E-mail was scanned on Schulmail NRW by Declude 3.0.5.12
(www.declude.com) for spam and virus.
X-Spam-Tests-Failed: CBL, SPAMCOP, ROUTING, DIREKTANUNS, LAENDERPRUEFUNG, HOUR2,
MITLNKEXTERNWEICH, PORNO, WEIGHT4099nutzer [95]
X-Country-Chain: [Multi-Regional]->AUSTRIA->destination
X-Note: This E-mail was sent from cm172-131.liwest.at ([81.10.172.131]).

8385_cpvcpixtwoinnecwteyean_0127
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit

Hey 105442, Bob here,
I had to tell you about this great hook up site.
I joined it 4 days ago and I got laid twice over the weekend
(by 2 different girls)
How cool is that? Its so easy and these babes want to hook up right away
with any guys they meet.
I'm tellin you, you will get some action. Check it out and see what you think.
I am sure you will be thrilled with results.
Oh I forgot to mention, 
it doesnt cost anything to join in the fun.


http://fundatingisfun.com/aac/aprof.html

Its so easy to get laid tonight



no more ofthis
http://fundatingisfun.com/r.html






They said balletomane uppercut incompetent solicitor.
Its all about him deadhead gedanken neuron anthropogenic The 
They said indeterminable dulcet [EMAIL PROTECTED] decision giveaway.
They is him ada curricula gunmen mccrackendavy She is prima bacon bake.
she is lydia deplore boss aspirepave. 

 


8385_cpvcpixtwoinnecwteyean_0127--
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] problem with declude 3.0.5.12

[Goebbels, Bernd \(LDS\)]

 hi @ all,

we updated from 2.0 to 3.0.5.12 on monday. since then, we're looking into some
strange effects:

some of our tests doesn't seen to be started for every mail, for some mail they
start, for others, they don't. since we are using a lot of combo-tests, this is
causing us a lot of trouble. anybody out there having the same problem?

b.goebbels

LDSNRW
Duesseldorf
Germany
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

AW: [Declude.JunkMail] 100% CPU usage with declude

[Goebbels, Bernd \(LDS\)]

sorry, misunderstanding, next time i will try the declude.cfg. wasn't it said
that it had to be put in global.cfg? oops.

the cpu was used by declude processes, i had up to 30 at a time but only 4-5
took 100% with an average of 20-25% each. the only thing runnig at the same time
(besides windows-stuff) was my task-manager. there were no breakdowns.

1.81 prosesses take only 15-18% maximum.


-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag von Darrell
([EMAIL PROTECTED])
Gesendet: Mittwoch, 29. Juni 2005 14:54
An: Declude.JunkMail@declude.com
Betreff: Re: [Declude.JunkMail] 100% CPU usage with declude


> 1) how can i limit the declude-processes under 2.0.6.14? (PROCESSES in
> global.cfg doesn't work!)

PROCESSES goes in your declude.cfg file not your global.cfg.  Also, what was 
using all of the cpu when you were at 100%?  You did not seem to mention any 
specific processes or breakdowns. 

Darrell
 
DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus.  Try it 
today - http://www.invariantsystems.com 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] 100% CPU usage with declude

[Goebbels, Bernd \(LDS\)]

@all:

im using a 4 processor 2,7Ghz pentium iv machine with win2003 server updated
with sp1 and imail.

yesterday, i "updated" from declude 2.0.6.14 to 1.81 because my cpu-usage stayed
continuosly on 100%. with the numbers of mail coming in, i would expect it to be
at an average from 50-70%. i saw about 30 to 40 declude processes, even though i
limited the processes in imal and global.cfg to a maximum of 10. declude doesn't
seem to care about these limits. the danger of running permanently on 100% is
that some mails get delivered with out testing.

the 1.81 version at least gives me the possibility to limit the number of
processes. but the CPU-problem is still there. i even tried the DNSOVERRIDE in
the declude.cfg, though i don't see that it takes to long to deliver the mail
and i din't see any "using" lines after typing "declude -diag".

we're getting an amount of up to 10 (yes, 5 zeroes!) viruses a day, so we
decided to run junkmail before antivirus and sort everything out that contains
i.e. an .pif or .scr -file. so it can't be the antivirus-program that's taking
the ressources.

my questions:

1) how can i limit the declude-processes under 2.0.6.14? (PROCESSES in
global.cfg doesn't work!)
2) any guesses why my CPU keeps burning with 100% even when i only allow 8
parallel declude processes?
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] bug in jm 2.0.6

[Goebbels, Bernd \(LDS\)]

hi, this morning, we updated from 2.0.5 to 2.0.6. the hold action doesn't work
properly. in $default.$junkmail, we selected a special directory for those mails
who failed a certain test, this worked great with 2.0.5. 2.0.6 moves these mails
to the hold directory under spool.

the manual says:

"The HOLD action will move the E-mail into the \{MAILSERVER}\spool\spam
directory. This way, you can check messages to make sure they are spam before
deleting them manually (or, you can move the files (Q*.SMD and D*.SMD for Imail
or *.EML and *.HDR for SmarterMail) back to the spool directory to have them
delivered on the next queue run (about 20-30 minutes)).

Specify the directory to hold spam in:
HOLD [Path]"

we just discover this bug and immediately changed back to 2.0.5.


bernd goebbels
LDSNRW
Germany
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] viruses getting thru

[Goebbels, Bernd \(LDS\)]

Title: Possible official host name change



hi,
 
we use declude junkmail with imail 
and f-prot anti-virus on a win2003-server 
machine.
 
there has been a short period of 10-15 
minutes, where our machine was so busy that it let "some" viruses through (855 
!!!). is there anybody out there, who can tell me how to get rid of these 
viruses, that are now included with other mails in the main.mbx-files of 
our users.
 
f-prot and mcaffe are not able to just 
clean out the virus-part of these 
files.
 
it would take me about 1-2 days to do this 
by hand!
 
bernd 
goebbels
ldsnrw
 
germany

[Declude.JunkMail] hold and alert combined

[Goebbels, Bernd \(LDS\)]

is there a 
possibility to hold a mail and alert the recipient?
 
our problem is that 
german law may force us to do this.
 
bernd 
goebbels
 
ldsnrw

AW: [Declude.JunkMail] new decoding-problem

[Goebbels, Bernd \(LDS\)]

so you think something like

filename="=?

shouldn't appear in a legal mail?

that would give us the opportunity to filter for camouflaged attachmentnames.


-Ursprungliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Auftrag von R. Scott Perry
Gesendet: Montag, 31. Januar 2005 19:58
An: Declude.JunkMail@declude.com
Betreff: Re: [Declude.JunkMail] new decoding-problem



>we received a new mail, wich contains an attachment. the filename is coded 
>as follows:
>
>Content-Type: application/octet-stream;
>  name="=?koi8-r?B?NC5wZGYuZXhl?="
>
>we are running a filter that searches for combinations like this, but with 
>the used encoding, declude seems to be unable to track this attachmentname.

If I recall correctly, this isn't technically legal.  However, we are 
looking at the possibility of decoding filenames for banning file 
extensions (virus scanning will still work properly with these encoded 
filenames).

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] new decoding-problem

[Goebbels, Bernd \(LDS\)]

hi 
scott,
 
we received a new 
mail, wich contains an attachment. the filename is coded as 
follows:
 
--=_NextPart_000_0052_01C4BA43.77601E5CContent-Type: 
application/octet-stream; name="=?koi8-r?B?NC5wZGYuZXhl?="Content-Transfer-Encoding: 
base64Content-Disposition: 
attachment; filename="=?koi8-r?B?NC5wZGYuZXhl?="
the real filename 
ist something followed by .pdf.exe.
 
we are running a 
filter that searches for combinations like this, but with the used encoding, 
declude seems to be unable to track this attachmentname.
 
any idea how 
to solve this problem?
 
bernd 
goebbels
LDSNRW

[Declude.JunkMail] maybe problem within combination declude junkmail/declude virus

[Goebbels, Bernd \(LDS\)]

hi scott,

maybe we have detected a problem within the combination of junkmail and declude
virus. we think we found a spammer bypassing junkmail by a simple trick. we are
afraid to describe the problem here on list because other spammers may be on the
list too and if they see how it works, all of them would suddenly start to copy
this trick. please contact us off list, so we could send you a d.smd file and a
description of the problem.

mfg

bernd goebbels [mailto: [EMAIL PROTECTED]
ldsnrw
germany
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] problem with spaces

[Goebbels, Bernd (LDS)]

hi 
scott,
 
i know it's been 
discussed before, but isn't there a possibility to add something to declude, 
that deals with preceeding spaces in filters?
 
for 
example:
 
ANYWHERE 20 CONTAINS 
badword
 
catches:
-  badword
-anotherwordbadword
etc.
 
but it's not 
possible to catch only the "   
badword"
 
my solution looks 
like:
 
ANYWHERE 20 CONTAINS 
# 
badword
 
#(or any other sign) marks the beginning of the keyword. there 
is no need for a marker at the end of the keyword, cause you don't have one 
right now.
 
if i want to search for "#   
badword", i would have to do it this way:
 

ANYWHERE 20 CONTAINS 
## 
badword
 
second 
question:
 
the COPYFILE 
from the v1.79beta is it a copy or a move? 
 
if it is a 
copy, this won't work for us (ever thought of MOVEFILE?)
 
all the best 
from good old germany...
 
 
Bernd Goebbels
LDS NRW
email: [EMAIL PROTECTED]
 

AW: [Declude.JunkMail] SpamAssassin SPAMC/SPAMD and Declude working for me...I think!

[Goebbels, Bernd (LDS)]

Hi, I'm very interested, please send more informations.

thanx,

Bernd


Bernd Goebbels
LDS NRW

-Ursprungliche Nachricht-
Von: Sanford Whiteman [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 18. November 2003 09:26
An: [EMAIL PROTECTED]
Betreff: [Declude.JunkMail] SpamAssassin SPAMC/SPAMD and Declude working
for me...I think!


All,

I believe I've gotten one of our sites up and running with SPAMD under
Cygwin (server implementation of SpamAssassin that's much, much faster
than  native Win32/ActivePerl SA, even running under Cygwin shell) and
a customized SPAMC (SPAMD client) for Win32 plugged in to Declude.

Since  I'm  far  from a Cygwin expert, I leave setting that part up to
you,  but if anyone's interested in the Declude-compatible client EXE,
post back and let me know.

-Sandy



Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

AW: [Declude.JunkMail] OT: unixtools help

[Goebbels, Bernd (LDS)]

Hi,

just try the good old awk!

excample:

$ awk 'BEGIN {sum=0} \
>{sum += $14+$15} \
>  END   {print "\nSUM: " sum}' logfile.txt


line BEGIN : initialzes the variable (sum)
next line  : adds to variable the colums 14 and 15 (colums separated by one ore
more blanks)
line END   : prints sum (of course you might want to see the result of adding);
logfile.txt is the input file.

please tell me if it worked.

greetings from good old germany

bernd

-Ursprungliche Nachricht-
Von: Markus Gufler [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 14. November 2003 11:27
An: [EMAIL PROTECTED]
Betreff: [Declude.JunkMail] OT: unixtools help


Hi

Is there someone who can help me how to do this with unix tools:
I want to sum up the two colums sc-bytes and cs-bytes from a logfile (see
attachment).

The output should be something like

sc-bytes cs-bytes
2346465 8334526

Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.