Re: [Declude.JunkMail] 4.1 GUI
Serge, There is not currently a manual or installation procedure for the GUI. You'll have to copy/move the files to a new IIS virtual directory and set permissions appropriately. While it is very nice, you'll also need to re-enter your current setttings if you don't want to accept the default settings. There is no auto import from your existing text configuration files. - Original Message - anyway, all seem working now, except for the GUI can someone (including declude) tell me where to find it (and how to use it) ? is the a user manual for installin/using the new GUI ? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Web GUI - Any comments?
Anyone use the new Web GUI http://news.corporate.findlaw.com/prnewswire/20060330/30mar20060807.html I like the web GUI. Is there any way to automatically import your existing settings into the database from the .CFG text files? Has anyone written such an importer? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude Web GUI - Any comments?
Anyone use the new Web GUI to configure Declude yet? Or did I jump the gun in downloading it? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Max number of files in directory?
I don't know what the limit is, but there is definitely degradation in performance after a few thousand files. On NTFS systems, this is most likely app-related such as Explorerer where they have to deal with slogging through all the extra files, as noted by another poster. An App opening a specific file will see almost no degradation because the NTFS uses a tree structure to maintain fast access to a file by name. There is a separate issue where NTFS doesn't recover unused directory space after deleting many files. This only becomes an issue with files numbering in the millions --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ARIN Unlisted
It means that it wasn't in Declude's local country list database on your server. The IP in question was registered on 30-Jan-2006 so you'll need to contact Declude for an update. - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, April 04, 2006 10:14 PM Subject: [Declude.JunkMail] ARIN Unlisted I received a spam from 209.200.224.192 which Declude reported as X-Country-Chain: [ARIN Unlisted]-destination I went to www.arin.net and did a whois, and 209.200.224.192 came up as a typical US company. What is ARIN unlisted? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] V3 updated filter files
I'll second the request to minimize service restarts ... My favorite solution for this type of problem is to scan the file dates and reread them only on a date change (older or newer). A directory query takes a fraction of the time to read and parse a file. - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] V3 updated filter files Your intention to streamline the product is welcome to me. Maybe you can simplify for us admins things me anabling some or different methods to start a re-read of the config and filter files. For example: 1.) Watch for a certain email processed by declude 2.) watch for one specific single file if it's placed by another application in the config-directory declude will reload once all config files 3.) write a little appliaction that can run as sceduled task and watch regulary all configuration files. If some file is updated a relaod to the running process is initiated. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Decludeproc getting caught in Data Execution Prevention
I'd second this one - if there were ever an application that should have DEP enabled, this is it. AlthoughDeclude code hasbeen given a very thorough analysis, thereare an infinite number of invalid E-mail message formatsas inputs. A single tiny overlooked detail leaves servers vulnerable. - Original Message - This should be avoidable if the memory allocation code is changed: http://msdn.microsoft.com/library/default.asp?url="">Note that I only pretend to know something about programming, but I have seen other applications that had issues fix them without needing to tweak DEP.
Re: [Declude.JunkMail] Insufficient system resources error
This is very interesting - Can you verify in the task manager that when it hangs that the memory in use by SMTPd is 'normal'? (7 to 20 Megabytes) I wouldn't be surprised by some type of logging problem. I occasionally see truncated/incomplete log lines in the file. This would certainly seem to be some sort of bug related to logging. - Original Message - From: Rick Davidson [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, June 08, 2005 1:36 PM Subject: Re: [Declude.JunkMail] Insufficient system resources error I have been watching this thread and have been the victim of the SMTP service failures (hangs really) but I do not get a Insufficient system resources error. I believe I have the problem traced to the SMTP logging, if I turn the SMTP logging off (yea I know... :) I no longer have SMTP failures. I installed Kiwi syslogger and still had the same SMTP service failures until I disabled the SMTP logging so it seems to be the SMTPD itself and not the built in logging services. would be interested to see if others could verify this, in the mean time I am opening a ticket with Ipswitch this definately is not a declude issue Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Chris Patterson [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, June 03, 2005 3:13 PM Subject: RE: [Declude.JunkMail] Insufficient system resources error I had the same problem with SMTP not being able to restart due to virtual memory according to the event log. I had to reboot to gain SMTP services. I have had another instance since applying HF2, but the SMTP portion of the issue was not the same. The event log did not indicate SMTP failures. I opened a ticket with Ipswitch but they blamed it on Declude, as usual. Thanks, Chris Patterson, CCNA Network Engineer/Support Manager -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, June 03, 2005 2:13 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Insufficient system resources error Update: Since installing Imail 8.20 HF2 last Saturday, the problem so far has not reoccurred. Any one else still having this problem? John T eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Insufficient system resources error
While either of these problems may be completely different from what we're seeing, monitor the usage of your SMTPd service. This has been the culprit on our system for intermittent memory ballooning. Mike - Original Message - From: Hirthe, Alexander [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, May 23, 2005 5:06 AM Subject: RE: [Declude.JunkMail] Insufficient system resources error Hello John, I had a Problem on Thursday/Friday/Saturday, the Server finally locked up with not enough memory. -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Monday, May 23, 2005 9:42 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Insufficient system resources error Major problem on my server on 05/22/05 starting at 06:30 AM. I do not think this is caused by Imail or Declude as nothing has changed in the 3 weeks. It appears at 6:30 AM I started getting the 2020 event error on the server and repeating every couple of minutes. Imail services kept working but Declude was not always working. 1 out of 10 messages would be scanned with no error by Declude Virus but the Junkmail log stopped at that time. However, both the Sniffer and SpamCheck logs show that they were scanning messages as called by Declude. Searching eventid.net finds a bunch of stuff. It appears to be leaning towards adding a registry setting to decrease the default amount of paged kernel memory in use, but that is not a real solution. I was able to log onto the console, but not able to open anything so not sure what was going on at the time. Any one have any ideas? -- -- - 05/22/2005 06:30:07 Q895E0253D72E Error 1450 creating temp directory F:\SPOOL\D895E0253D72E.vir\. [Insufficient system resources exist to complete the requested service.] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interesting tactic..
One troublesome technique finding favor with spammers involves sending mass mailings in the middle of the night from a domain that has not yet been registered. After the mailings go out, the spammer registers the domain early the next morning. H Want to tick off some spammers? Register some of those domains out from under their noses!! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interesting tactic..
The spammer sends out realistic messages that contain a URL flogging the P I L L S site of the day. Upon delivery, SpamAssassin etc. check the URL in the message. Not finding the URL in and RHSBL, and not able to get any DNS info (such as DNS hosted by China), SpamAssassin has no information that would flag the URL as bad.SpamTraps and manual spam reports are the only thing that can flag this type of URL as spam, but since it is hard to automatically tag as a spam URL it will likely escape. This spam technique makes the assumption that most people get up / into work the next day and check their messages first thing. At 6:00 AM the spammer registers the domains and voila! A valid web site in China to click on. While I wouldn't necessarily want to associate myself with the spam a spammer sends out, I can use the same sleazy techniques, minus the stolen credit card: register with a registrar known to be soft on spam, provide false contact information, and host it in China. Put up a web page saying do not buy from E-mail ads, etc. When the spammer goes to register it the next morning, he will be unable to activate the domain and out of customers for that spam run. Long term the spammer still can win that battle, but this is a great way to irritate someone on the other end for once. - Original Message - From: Dan Geiser [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, January 11, 2005 3:59 PM Subject: Re: [Declude.JunkMail] Interesting tactic.. I don't get this article at all. How is this any different then sending e-mails with using domains that you have no intention of ever using? Why would you want to register the domain name and then associated yourself with a domain used in a spam mailing? And from a technical standpoint why would a distributed DNS system be overloaded by trying to lookup bogus domain names? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interesting tactic..
One area I have seen this used are the 'spamvertized domains' in the body of the message which would require a SURBL style test on the URL in the message body. Message headers, delivery, and MAILFROM are otherwise as valid as any other spam; sometimes quite authentic. - Original Message - The problem, though, is that any anti-spam program that does RHSBL tests probably does MAILFROM tests as well. So while the domain won't be listed in any RHSBLs yet, it will fail the MAILFROM test, which is likely to be weighted higher. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spammers using virus infected computers
Spam is most likely to be spread by a dormant virus rather than one that is actively in the 'infect everyone else' mode. In other words, spammers probably contact their backdoor spamware while it is idle so they won't have to compete with the virus spreader for bandwidth. The question is, what are the stats on the dormant period before spam starts?. For dialup users, this period is random and can be several weeks - after which they won't be on the same IP. This may be a good test for DSL senders however. - Original Message - Wasn't some one just last week trying to claim that a test based on virus infected machines was worthless in JunkMail, as what does that have to do with spam? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spammer on board
I have an issue I have been dealing with and was wondering how others would approach it. I have a spammer on my system and am 99% sure who it is. Check their profile; if they have been a paying customer for several months it is almost 100% sure that it's just a regular joe who was vicitimized by a trojan the spammers are using to send on their behalf. Spammers never pay for something they can steal. Even if they are a new customer, they may have switched because of the trojan slowing down their internet connection and they switched to you to see if you were better. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new dow and hour tests
How would you add weight to these testes. Sounds like a variation on Add weight to your member spams!! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Troubleshooting DNSBL?
I'm trying to track down what I suspect is one or more slow DNS-Based spam database. The effect is that mail delivery is slow. I can get temporary relief by pointing to a different DNS server. Short of packet sniffing a session, is the DNS response time recorded in the logfile for any log level? What is the log entry if a DNS doesn't respond at all for a query? I can't see any obvious DNS failures recorded. Thanks, --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS Test?
Being able to block on DNS servers today would at least be a temporary leg up for the white hats. In the end, DNS servers can be as easily registered as goofy domain names. They could set up an automated process to register a new batch of DNS servers daily. They could conceivably run the DNS servers as trojans as they do today for click-o-porn servers. http://forums.zdnet.com/group/zd.Security.Virus.Alerts/cnet/cnetnt.tpt/@[EMAIL PROTECTED]@[EMAIL PROTECTED]@D-,[EMAIL PROTECTED]/@[EMAIL PROTECTED]@44558?ROS=1OC=75 - Original Message - DNS is just one thought - perhaps even being able to whitelist a DNS server could be a great add-on for reducing false positives. While not everyone is doing the correct REVDNS everyone has to have a DNS server. eMails can be faked, helo can be faked. I don't know but I am sure Scott and others would know- Can DNS be faked? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Any ideas about Dartmail.net?
Ironically, HELO dell.com is a 100% reliable indicator of spam. Do you think Dell has outgoing mail servers that run SMTP instead of ESMTP? A real server would say EHLO dell.com. Be careful of this one before you apply it willy nilly. Yahoo uses the older SMTP for some of its outoing E-mail so REVDNS helps out there. - Original Message - One word of caution.. We found real fast when a number of spam got through that HELO is not reliable at all. Spammers were faking helo for Dell, IBM, and Microsoft. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] new message header
... Let's keep the spammers guessing for a while.That'll improve its effectiveness! - Original Message - So when might you be willing to share this new spam test with us...? :-))) I see new X-Spam-Prob: headers being added after upgrading to Declude --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Dealing with Nasty Spams
Also, for anyone getting one of these - please also report to [EMAIL PROTECTED] (Their credit card processor). That'll get 'em where it hurts. Large penls breaking tight cuunts apart http://boulealeanu.hardgiants.info/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] relays.osiriusoft.com
One exception is the initial query - DNS implementations assume queries from a random population, and don't search the active request list to see if a request can be piggybacked on an outstanding request. So each IP4R test from a new IP generates a separate request directly to the RBL. Also, relays.osirusoft.com sets a negative cache time of only 10 minutes - E-mail from good IPs repeats the above procedure every 10 minutes. The good thing is that the next version of Junk mail will combine requests to a single RBL! - Original Message - Declude does NOT cache any results from these lookups, but the DNS server that Declude references DOES cache these lookups - just like any other DNS lookup - up to it's TTL. Most DNS servers will cache both positive (I found an answer) and negative (no answer was found at the DNS server) results. If your DNS server is local - and your declude is busy - your local DNS server will have a rich cache of recent lookups it's already done. relays.osirusoft.com's default TTL is 2 DAYS. That means unless you set a lower TTL in your resolver, if you recieve 1000 emails from a certain spammer IP within that two day period, your server will answer 999 of the queries from it's local cache. Declude does not cache, but if a good percentage of Decludes lookups only involve your 100/1000 LAN (and not external lookups over the Internet) - performance will greatly improve. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AOL fwding
FYI - I am investigating a problem in which messages to a local account, forwarded to AOL are not received - the thinking is that they are blocked as spam since they have a FROM [EMAIL PROTECTED] , but come from a non-hotmail server. Everything else straight to AOL seems to be working. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] relays.osiriusoft.com
FYI - Sprint has blocked our DNS server; we were using their server in a forwarder configuration ; reason too many lookups to relays.osirusoft.com . Has anyone set this up with Bind's IXFR as a secondary for the entire zone? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering E-Greetings
How can we catch symbol 62 differently? V2 is configured as 'nonzero', meaning that all return codes other than zero are logged and treated alike by Declude. - Original Message - From: Madscientist [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Filtering E-Greetings Sniffer version 2 is out now. Scumware rules have a special symbol 62. You could look for that specific result code and treat it specially. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail Web Based Interface
You may find this message of interest - http://www.mail-archive.com/declude.junkmail@declude.com/msg03771.html I haven't implemented it yet, but am planning to in .ASP for Declude setting integration. - Original Message - From: Cxan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 4:38 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Kill list criteria- Image`fx
This is a cute one: HELO aol.com (I thought AOL long ago upgraded to ESMTP!). Ditto with hotmail.com, yahoo.com, excite.com, msn.com, localhost.* and netscape.com. This represents 5% of our blocked spam (it used to be 10%, but I guess spammers that use that blaster aren't getting much response to spam anymore). - Original Message - We are getting a lot of SPAM recently that have AOL addresses. I checked one of them with SPAMCOP and I was surprised that it immediately indicated the IP is not an AOL IP, therefore it is forged. Is there any tests we can do to detect the same thing? Could this actually be a good test to have for the big ISP's? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Oh gosh!
MessageI've noticed that MONKEYPROXIES has become more effective recently, and I've upped it's point rating! - Original Message - ° True anonymity (using proxy routing - the new wave in bulk email stealth technology). --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
KITHRUP:Re: [Declude.JunkMail] Spam from 'myself'
I don't know if SMTP Auth leaves a signature in the header that can be whitelisted, otherwise this test will throw out SMTP Auth - sent messages. - Original Message - WHITELIST @acsworld.net 12.4.184.3 (whitelist @acsworld.net messages from that IP address only). saying why did you spam me! and it would also help so the technical support staff wouldn't have to explain what's happening to everyone complaining about so and so sending them spam. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Thoughts for future features
We have had some customers ask for the capability to accept only from the people in their address book (They use only Webmail). Alternatively, I have been toying with the idea of implementing the Tagged Message Delivery Agent http://software.libertine.org/tmda/ We probably couldn't charge for it but the spammers continue getting more and more obnoxious and this would cut 99% of spam out for some people. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] ORBZ - More info
Here's some more information behind the big mystery. http://www.wired.com/news/business/0,1367,51218,00.html The small city of Battle Creek, Michigan, wants to lock up an anti-spam activist who it believes crashed its mail server. Never mind that the town government was using a buggy version of the Lotus Domino e-mail server, and that newer releases have fixed the problem. And never mind that anti-spammers may have been conducting a routine scan for possible sources of bulk e-mail. I suspect they will regret this actionTee hee!! http://216.117.150.42/battlecreekmichcom/cgi-bin/battlecreek/guestbook.cgi#s ign --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] DSN:Good junkmail cfg file
I have weighted SPAMROUTING high relative to those below. - Original Message - From: Chad Killion [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, March 21, 2002 4:14 PM Subject: [Declude.JunkMail] DSN:Good junkmail cfg file Hello, I need to implement JunkMail on my server of 9000 ISP customers. Currently I am running only BADHEADERS, SPAMHEADERS, and MAILFROM tests on a bounce command. Can anyone recommend a better cfg file to use that will catch more spam and not catch any legitimate messages (hotmail, aol, etc) Thanks. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Whitelist
Recently, 2 messages from a WHITELIST FROM address were held. Do an tests override a WHITELIST FROM setting? Is the WHITELIST FROM case sensitive? Thanks, Mike --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Comparing Weight Configurations
I haven't given much thought to the rest of the config. I basically got a fresh copy of the example global and default files and fiddled with the point system. Other than that it was just choosing WARN and HOLD, with WEIGHT being the only HOLD. My WHITELIST is out of date and could probably be cut down quite a bit now that I have tuned the other weights. - Original Message - Would it be possible for you to send me your global and your default files so I can compare them to mine. I do like that setup that you have and want to check on more. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Spam Review program - Perl fragment
Attached is a perl program I use to categorize spam subjects for review. It
is a portion of an analysis batch file that addresses several other problems
such as moving the spam from the \IMAIL\SPOOL\SPAM holding area before
analysis so that the spam that pours in during analysis won't be deleted
without review.
The subject sort order might be integrated into the other full featured
VB spam review program.
Sort order:
1.) Alphabetical
2.) Spam subjects beginning with , xxx xxx xxx...
3.) Spam subjects containing multiple spaces. I don't even need to look
at these since I've never seen a legitimate message containing spaces and
tagged as possible spam. I wonder if any message containing multiple spaces
in the subject has ever been non spam.
# Summarize held spam by subject lines
my @fileList=glob(d*.smd);
my $spamCount=@fileList;
print Found $spamCount files\n;
my %subjects;
foreach $spamFile(@fileList) {
getSubject($spamFile);
}
print \n\nresult\n\n;
foreach $spamSubj(sort(keys(%subjects))) {
print $spamSubj: ($subjects{$spamSubj})\n;
}
exit(0);
sub getSubject {
my ($spamFilename) = $_[0];
#print $spamFilename...;
$subject=;
open(SPAMFILE, + $spamFilename) || die Can't open file $spamFilename\n;
my($keepReading)=1;
while ($keepReading) {
$line = SPAMFILE;
if ((!$line) || ($line eq )) {
# Blank line or EOF, terminate
$keepReading=0;
} else {
$lcLine= lc $line;
if ($lcLine =~ m/^subject:/) {
$subject = substr($line, 8);
for ($subject) {
# Trim leading and trailing spaces
s/^\s+//;
s/\s+$//;
# Change cr into space
s/\r/ /g;
}
# If typical spam subject (Multiple spaces), sort to bottom by prepending
FF character
if ($subject =~ m/ /) {
$subject=\xff . $subject;
}
# If typical spam subject (begins with xxx, BUY THIS SPAM), sort near
bottom by prepending FE character
if ($subject =~ m/^(\w*),/) {
$subject=\xfe . $subject;
}
$keepReading=0;
if (! defined($subjects{$subject})) {
$subjects{$subject} = 1;
} else {
$subjects{$subject} ++;
}
}
}
}
close SPAMFILE;
# print Subject: $subject\n;
}
