RE: [Declude.JunkMail] Blocking a virus with Declude
Title: RE: [Declude.JunkMail] Blocking a virus with Declude Add this Rule to your domains INBOUND, RULES.IMA [EMAIL PROTECTED](name=message.zip):NUL -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 05, 2003 1:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blocking a virus with Declude It seems the latest virus is not being blocked by F-PROT The file message.zip is getting through with the [EMAIL PROTECTED] Any suggestions non how to block it? The best option is to download the latest interim release, 1.75i2, from http://www.declude.com/release/175i/Declude.exe and replace your existing \IMail\Declude.exe file. Then, add a line BANNAME message.zip to your \IMail\Declude\virus.cfg file. That will block all E-mails with attachments named message.zip. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude stats
Title: Declude stats I have seen a post about having declude listing percentages about what it has done and blocked. What were the command line options to have this done? Thanks
[Declude.JunkMail] Upgrade Options
Title: Upgrade Options Scott, Since declude runs off the same exe and will purchased a license for the lite version how do we go about upgrading to the other versions? Pay the difference and get a new key? Thanks
[Declude.JunkMail] FILTERS
Title: FILTERS If an email that fails a rule and or filters set for whatever weight if the junkmail file is set to ignore will the message weight increase upon each failure?
[Declude.JunkMail] OT: SP4 and MS03-026
Title: Message Does anyone know if I install the ms03-026 then sp4 do I have to resintall the security patch thanks.
RE: [Declude.JunkMail] Declude using 50% cpu
Title: RE: [Declude.JunkMail] Declude using 50% cpu On a good day we rev 19000 local deliveries + send 8000 per day. It hits the machine hard average cpu time before was around 44% then when declude was installed it jumped to over 90% average. The version is 1.75 -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 24, 2003 3:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude using 50% cpu We are evaluating declude and have noticed a considerable increase in the cpu cycles associated with mail delivery. Is there anyway have it run in an isolated cpu instance? since there are multiple instances of declude.exe running, I would guess it would be hard to lock it down. How many E-mails do you send/receive per day? What version of Declude are you running (you can find out by typing \IMail\Declude -diag from a command prompt)? Are you sure that it is Declude using the extra CPU cycles (by sorting the processes in the Task Manager by the CPU column)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude using 50% cpu
Title: Message Thanks for that info Andrew, however I am looking at the task manager for my box and even 1 declude process was taking 50% then it popped up another process with 45% granted these go away when the messages are finished, however this server passes a LOT of traffic, so the number of processes for imail is default (30), I hope it wouldnt use that many for it would kill the box. I let declude run for 2 hours and my monitors reported 95-100% cpu usage consistantly. -Original Message-From: Colbeck, Andrew [mailto:[EMAIL PROTECTED]Sent: Thursday, July 24, 2003 3:56 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Declude using 50% cpu Mark, it may be interesting for you to note that we don't set the number of instances of Decludedirectly. Instead, the "max processes" limit in your IMail SMTP advanced settings is what governs the total number ofIMail and declude.exe instances. Also, an important infrastructure detail is that IMailcalls one declude.exe for each message (not recipient), and declude.exe quits after it is done. Watch Task Manager for a while, sort alphabetically, and watch the number of declude.exe instances come and note that their PIDs are always changing. When I first evaluated Declude JunkMail Pro, I had assumed it ran as a service and IMail passed it data as necessary. This was entirely wrong, so the previous two paragraphs would have been helpful to me. I hope they help you. Andrew 8) -Original Message-From: Mark Gordon [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 12:15 PMTo: '[EMAIL PROTECTED]'Subject: [Declude.JunkMail] Declude using 50% cpu We are evaluating declude and have noticed a considerable increase in the cpu cycles associated with mail delivery. Is there anyway have it run in an isolated cpu instance? since there are multiple instances of declude.exe running, I would guess it would be hard to lock it down.
RE: [Declude.JunkMail] Declude using 50% cpu
Title: RE: [Declude.JunkMail] Declude using 50% cpu Scott, is there any threshold for the number of custom filters vs the amount of time/cpu power required to parse such filters? I think that I may be passing it through to many filters before sending it out. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 24, 2003 3:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude using 50% cpu We are evaluating declude and have noticed a considerable increase in the cpu cycles associated with mail delivery. Is there anyway have it run in an isolated cpu instance? since there are multiple instances of declude.exe running, I would guess it would be hard to lock it down. How many E-mails do you send/receive per day? What version of Declude are you running (you can find out by typing \IMail\Declude -diag from a command prompt)? Are you sure that it is Declude using the extra CPU cycles (by sorting the processes in the Task Manager by the CPU column)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude using 50% cpu
Title: RE: [Declude.JunkMail] Declude using 50% cpu win2k sp3 dual 933 512K ram, but memory was never a problem, its a dedicated mail server nothing else -Original Message-From: Jason Newland [mailto:[EMAIL PROTECTED]Sent: Thursday, July 24, 2003 4:22 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Declude using 50% cpu Also, can we ask what hardware / OS this is running on? Jason - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 3:03 PM Subject: RE: [Declude.JunkMail] Declude using 50% cpu Where is your DNS server you are using in Imail? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark GordonSent: Thursday, July 24, 2003 12:51 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Declude using 50% cpu On a good day we rev 19000 local deliveries + send 8000 per day. It hits the machine hard average cpu time before was around 44% then when declude was installed it jumped to over 90% average. The version is 1.75 -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 24, 2003 3:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude using 50% cpu We are evaluating declude and have noticed a considerable increase in the cpu cycles associated with mail delivery. Is there anyway have it run in an isolated cpu instance? since there are multiple instances of declude.exe running, I would guess it would be hard to lock it down. How many E-mails do you send/receive per day? What version of Declude are you running (you can find out by typing "\IMail\Declude -diag" from a command prompt)? Are you sure that it is Declude using the extra CPU cycles (by sorting the processes in the Task Manager by the "CPU" column)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude using 50% cpu
Title: RE: [Declude.JunkMail] Declude using 50% cpu This server is slammed during buisness hours but it was making due with dual 933, declude just kills it. What portion of custom filters vs rdns checks should I look at to reduce this processing strain? -Original Message-From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]Sent: Thursday, July 24, 2003 4:05 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Declude using 50% cpu BTW, with an average CPU usage of 44% before Declude, you may be reaching the saturation point of the server. Not critical, but from my understanding if average CPU usage is at 50%, you need to start looking at things. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark GordonSent: Thursday, July 24, 2003 12:51 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Declude using 50% cpu On a good day we rev 19000 local deliveries + send 8000 per day. It hits the machine hard average cpu time before was around 44% then when declude was installed it jumped to over 90% average. The version is 1.75 -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 24, 2003 3:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude using 50% cpu We are evaluating declude and have noticed a considerable increase in the cpu cycles associated with mail delivery. Is there anyway have it run in an isolated cpu instance? since there are multiple instances of declude.exe running, I would guess it would be hard to lock it down. How many E-mails do you send/receive per day? What version of Declude are you running (you can find out by typing "\IMail\Declude -diag" from a command prompt)? Are you sure that it is Declude using the extra CPU cycles (by sorting the processes in the Task Manager by the "CPU" column)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] A good SD.TXT File?
Title: RE: [Declude.JunkMail] A good SD.TXT File? amazon.com aol.com netscape.net att.net attbi.com bellatlantic.net verizon.net bellsouth.net bellsouth.com charter.net china.com comcast.net compuserve.com aol.com cs.com aol.com concentric. .cnchost.com cox.net earthlink. email.it webmessenger.it excite.com excitenetwork.com @gmx. .gmx. gte.net verizon.net hotmail.com msn.com juno.com untd.com lycos.com lycos.at spray.net mac.com apple.com mailcity.com lycos.com mindspring. earthlink. msn.com hotmail.com netscape.net aol.com netzero.com untd.com prodigy.net qwest.net .rr.com sympatico.ca bellnexxia.net usa.net mx.net @yahoo. .yahoo. zzn.com mailcentro.com t-online.de t-online.com wanadoo.fr @cs.com .aol.com -Original Message- From: Jeff Maze - Hostmaster [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 22, 2003 3:29 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] A good SD.TXT File? Anyone have one handy that might assist me? Hahaha Thanks.. Jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelists
Title: RE: [Declude.JunkMail] Whitelists Can you list an entire subnet in the ip whitelist? Messages generated by our servers are being marked as spam as well as postmaster messages saying that a mail could not be delivered. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 16, 2003 3:45 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Whitelists nope sorry 1.65 any other way to do whitelists? Most whitelists work fine in v1.65 -- it's just that whitelisting based on the reverse DNS entry, HELO/EHLO, and the subject weren't added until after 1.65. So you can use WHITELIST FROM, WHITELIST IP, WHITELIST TO, WHITELIST TODOMAIN, and WHITELIST ANYWHERE with 1.65. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelists
Title: Whitelists How do I add whitelists to my deculde config. I was trying to use this config: # Trusted Companies WHITELIST REVDNS .amazon.com WHITELIST REVDNS .army.mil WHITELIST REVDNS .channing-bete.com the log file says invalid whitelist. Any suggestions?
RE: [Declude.JunkMail] Whitelists
Title: RE: [Declude.JunkMail] Whitelists I'm using version 1.66 -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 16, 2003 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Whitelists How do I add whitelists to my deculde config. I was trying to use this config: # Trusted Companies WHITELIST REVDNS .amazon.com WHITELIST REVDNS .army.mil WHITELIST REVDNS .channing-bete.com the log file says invalid whitelist. Any suggestions? The WHITELIST REVDNS option requires Declude v1.66 or higher. Previous versions will report the invalid whitelist warning in the log file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelists
Title: RE: [Declude.JunkMail] Whitelists nope sorry 1.65 any other way to do whitelists? -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 16, 2003 3:32 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Whitelists How do I add whitelists to my deculde config. I was trying to use this config: # Trusted Companies WHITELIST REVDNS .amazon.com WHITELIST REVDNS .army.mil WHITELIST REVDNS .channing-bete.com the log file says invalid whitelist. Any suggestions? The WHITELIST REVDNS option requires Declude v1.66 or higher. Previous versions will report the invalid whitelist warning in the log file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] weights
Title: weights I'm having trouble understanding the weights in favor of the other tests. If you have an email that say spamcop is blocking and have that set to warn in the junkmail file, also it is listed in relays.osirusoft.com which is listed as warn, and the total weight of an the email is 33 and everything is left to defaults which is warn, would the end user still get the mail with the header listed as spam? Once the weights have been established and it is a high number such as 66 or above, how would this be routed to NULL instead of being delivered?
[Declude.JunkMail] Declude
Title: Declude Where can I find declude configuration files with good filtering rules?
