RE: [Declude.JunkMail] Declude 4.3
*** Question to thoes that are saying that spam/virus protestion is a lost leader/not a revenue builder. If it does not generate revenue then why don't you stop offering spam/virus protection? *** Is this a serious question? If you don't offer spam and virus filtering, you won't have any customers. In most markets the local competition offers it for free. The national competition certainly does (yahoo, google, earthlink etc). Many of us are fighting against low-priced inferior competition. The problem is that the average customer doesn't know that they are inferior. They *do* know how much they charge, and if they offer spam/virus protection and you don't it doesn't matter how poor the other guy's service is. They will leave. Sure, they will find out later how much the other guys suck, but how much time/effort/money will it cost to get them back? Chances are they'll try the next cut rate place instead of coming back to us anyway. Paul Navarre --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklisted by Comcast
For whatever reason, one of my mail servers has been blacklisted by Comcast.snip Anybody have any deas how to resolve this one? This just happened to me too. The answer is in your log files. Comcast inserts a message in the data conversation that says to send a message to [EMAIL PROTECTED] requesting removal from their blacklist along with your server's IP address. I was off in their list in about 5 hours. I wish I could find out *why* I was on their list, but I'll take what I can get. Paul Navarre --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam Domains File Format
Title: Message What is the file format for the spamdomains.txt file? I'm looking at the file but can't figure it out and can't find a description of the format anywhere. Paul Fuhrmeister
RE: [Declude.JunkMail] casino spam
Ive actually noticed an increase specifically in gambling site spam myself. Paul Navarre Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
RE: [Declude.JunkMail] SMTP Server question
I apologize for posting this to the wrong group. I need to do this because we still have Exchange 5.5 in our environment. If anyone does know if SmarterMail or another SMTP server could do this I would be very appreciative. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, January 20, 2005 8:23 AM To: Lucido, Paul Subject: Re: [Declude.JunkMail] SMTP Server question It is possible on IIS SMTP using article ID 262168, but I would prefer not to use IIS SMTP. Because. . . ? Can SmarterMail do this? Wouldn't this be a question for them, primarily? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel ease/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow nload/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa d/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] SMTP Server question
That is a valid question. It is free, fast and scalable. I'm looking for increased functionality, reporting, administration and monitoring. I would also like to apply some basic policies, such as stripping of attachments. But the latter is not a requirement. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Thursday, January 20, 2005 8:36 AM To: Lucido, Paul Subject: Re[2]: [Declude.JunkMail] SMTP Server question I apologize for posting this to the wrong group. I need to do this because we still have Exchange 5.5 in our environment. My question again: why _not_ MS SMTP? It's an extremely solid MTA -- and free. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/rel ease/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/dow nload/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/downloa d/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SMTP Server question
I'm looking for an SMTP server that has the ability to turn off advertising of 8 bit MIME without turning off EHLO. It is possible on IIS SMTP using article ID 262168, but I would prefer not to use IIS SMTP. I need it because we still have Exchange 5.5 in our environment. Can SmarterMail do this? Thanks, Paul --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Paypal and spam domain
A quick look at the messages I have received from paypal recently all show (something).paypal.com. I havent seen any exceptions. Paul Navarre From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 31, 2004 1:42 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Paypal and spam domain What servers do legitimate @paypal.com e-mail come from to include in the spamdomans file? John Tolmachoff Engineer/Consultant/Owner eServices For You image001.gif
[Declude.JunkMail] if there's a ? in the X-Declude-Sender
Here's the X-Declude-Sender in a spam message. It includes my domain name and a ?: X-Declude-Sender: [EMAIL PROTECTED] [65.249.245.10] How would one add weight if there's a ? in the X-Declude-Sender? I assume this is a valid test to add weight. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT - Copying 200,000 plus files
I don't know the answer you are specifically looking for, but you might take the drive out of the USB case and mount it directly into the PC as a slave drive. Copying (regardless of method) should go much more quickly then. Paul Navarre -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Pereira Sent: Wednesday, October 20, 2004 12:00 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT - Copying 200,000 plus files Hi - Sorry for the OT post, but I am in need of assistance. I have 200,000 + TIFF (70 GB Worth)images on an external USB 2.0 hard drive that I need to copy to my local hard drive. It is taking forever. Does anyone know what the fastest way to do this is ? Drag and Drop ?? Cut and Paste ?? Drop to a command prompt ?? Xcopy ?? Please help. TIA jeff --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter File - Maximum Size?
We wrote an external program that 1. Works with Declude as an external filter, 2. reads the email and picks out the subject line, 3. reads a very short list of words from a text file, 4. looks for the words in the subject line, then 5. strips all of the non-alpha characters out of the subject line (including numbers and spaces), 6. looks for the words in the subject line AGAIN, 7. returns a DOS error number ONLY if a banned word appears AFTER stripping out the non-alpha characters, and 8. keeps a log file identifying each message that failed and why. It only leaves about 5 ways to spell viagra. The after but not before test avoids false positives. We weight it 20 on our 20 point scale, but we're not aggressive with our word list. You have to be careful with your word list because we strip the spaces, some words are contained in other words, etc. I guess you could change it up and check the first 250 characters of the message body or something, but it doesn't deal with html. I can post the source code if anyone's interested (it' Visual Basic complied to an exe). Paul Fuhrmeister [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Moreau-Cook Sent: Tuesday, October 05, 2004 6:51 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Filter File - Maximum Size? Thanks for the response. We are already using Sniffer; if a message triggers Sniffer we give the e-mail 60% of our delete weight. This works great, trust me... but I'm sick and tired of seeing w^^o_r-d#s l-!+k^e this in my hold queue. The problem is, how many ways can you spell a word? How many ^,*,$,#, and other characters can you put into a word to slip by Sniffer? Apparently there are 360,000 to spell Viagra by inserting these characters (and others) and changing certain letters to numbers. I'm frustrated by spammers, I know we all are so I'm just trying to find out if this is *even* a viable way to help declude stop spam. Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter File - Maximum Size?
Yes, it does get caught. Our filtered word list includes vagra If the program does not see vagra before stripping non-alpha characters, but does after stripping, the subject line fails. We have only 38 words in our list, here's the last of it: valium valum Vcodin vagra viagr viagra Vicdin VICODIN xanax xanex xanx xnx PF -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, October 07, 2004 2:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Filter File - Maximum Size? One of the most common misspellings I see is v1agra. According to your logic, this wouldn't get caught, would it? Perhaps amend the test to do some standard replacements of numbers with letters? For example, 0 - o 1 - i 3 - e 5 - s 8 - a Darin. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF Records and Off-Network Customers
I believe that SPF is almost all hype and hardly any value to speak of. I think this is a bit harsh. While SPF is certainly not the answer to all of my prayers, it has some value. It was originally intended to authenticate hosts, but spammers quickly caught on and started giving themselves SPF This is a good development from my perspective. I give a single point to SPF pass, and I may reduce it to 0. In other words, pass won't help a whole lot in identifying legit email. However, when a spammer is using SPF, this also means that they are using their own mailserver. This makes it easy to block. I wish all spammers used SPF. some administrators will claim a modicum of usefulness to having the Unknown records, although I don't see it For me unknown is simply move along, nothing to see here. Not a big help, but no harm either. What you didn't mention is the fail result. I score this fairly highly. I mean if a postmaster tells me there is a problem with a message from their domain, it lets me off the hook if I block it. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] WhiteList FILES Question
Using JunkMail Pro, I am not clear on the WhiteListFiles option. My $default$.junkmail file currently looks like this: AHBLWARN DSBLMulti WARN CBL WARN DSBLWARN ORDBWARN ... Etc ... Using the WhitelistFiles option, my would look like this? WHITELISTFILE D:\IMail\Declude\mywhitelist.txt AHBLWARN DSBLMulti WARN CBL WARN DSBLWARN ORDBWARN ... Etc ... [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WhiteList FILES Question
1. We have multiple domains, and want each to be able to create their own white list 2. We have a program that copies the $default$.junkmail files out to the per domain directories so making changes is easy. To make this easy on us, If we use: WHITELISTFILE mywhitelist.txt instead of: WHITELISTFILE D:\IMail\Declude\mywhitelist.txt Will Declude search in the same (per domain) directory as the $default$.junkmail file, or do we have to manually edit the 25 different $default$.junkmail files? [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, July 21, 2004 9:41 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] WhiteList FILES Question I am not clear on the WhiteListFiles option. ... Using the WhitelistFiles option, my would look like this? WHITELISTFILE D:\IMail\Declude\mywhitelist.txt AHBLWARN DSBLMulti WARN CBL WARN DSBLWARN ORDBWARN ... Etc ... Correct. Declude JunkMail will then look at the D:\IMail\Declude\mywhitelist.txt file and whitelist any E-mail coming from an address/domain listed in there. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Reconfiguring sorbs.net tests
I currently have 9 sorbs.net lookups: SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 4 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 4 0 It seems I can replace these 9 lookups with 1: rhsbl.sorbs.net - Aggregate zone (contains all RHS zones) Would the new config file line would look like this? (replacing the ip numbers with a *)? SORBS-DUHL ip4rdnsbl.sorbs.net * 4 0 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Njabl test?
I notice the njabl test is not a standard test in the sample Declude JunkMail config file: # The following tests are commented out by default because they are not commonly used # NJABL ip4r dnsbl.njabl.org 127.0.0.2 5 0 Is this test worth the machine time doing the lookup? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] accept email ONLY from white listed senders
Cross post from Imail list: We set up a domain (IMGate / Declude / Imail 8.11) at an IP Number. We want it to accept email ONLY from white listed senders using Imail's anti-spam feature so the customer can maintain the white list. Has anyone done this? Does anyone have any ideas how to do it? Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] accept email ONLY from white listed senders
Cross post from Imail list: We set up a domain (IMGate / Declude / Imail 8.11) at an IP Number. We want it to accept email ONLY from white listed senders using Imail's anti-spam feature so the customer can maintain the white list. Has anyone done this? Does anyone have any ideas how to do it? Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: disabling NDR's/badmail dir with Microsoft SMTP
Just write a bat file to rotate and delete the files, then schedule it. ren Badmail_07 Badmail_08 ren Badmail_06 Badmail_07 ren Badmail_05 Badmail_06 ren Badmail_04 Badmail_05 ren Badmail_03 Badmail_04 ren Badmail_02 Badmail_03 ren Badmail_01 Badmail_02 ren BadmailBadmail_01 md Badmail del /q Badmail_08 rd Badmail_08 Paul Fuhrmeister [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of decjunkmail Sent: Saturday, May 08, 2004 12:36 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: disabling NDR's/badmail dir with Microsoft SMTP Hi, I'm setting up Microsoft SMTP mail server as an outbound gateway/offload and I've noticed that failed NDR's ultimately pile up in a badmail directory. Is there a regkey setting to configure MS SMTP to simply bit-bucket those instead of creating a growing folder that must be cleaned out periodically? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blocking Sender
I want to block anything sent from onlinelifetime.com. I could use BLACKLIST fromfile C:\iMail\Declude\blacklist.txt x 50 0 Or BLOCKSENDER filter C:\IMail\Declude\BlockSender.txt x 0 0 ( BlockSender.txt: HEADERS 50 CONTAINS @onlinelifetime.com HEADERS 50 CONTAINS .onlinelifetime.com ) It seems to me the second way would work better, catching anything the first filter would catch, and anything sent through onlinelifetime servers, even if they change the reply-to address. Why would one use a blacklist fromfile instead of a headers filter file? Is there a performance or CPU difference? Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log analysis and test check scripts
Thank you Bill and Roger for sharing your excellent work. [EMAIL PROTECTED] The scripts run under both Windows NT 4 and Windows 2000. They are pure Windows command scripts and therefore not as fast as some of the other log analysis tools. The analyses below took about one minute each in all mode. Took a bit longer on my system but there were 230,000 messages. In comparing the results with my program (WAMLOG) they were within 0.2%! Your program: WEIGHT10 218863 WEIGHTdel 207491 My Program: WEIGHT10 218866 WEIGHTDEL 207493 I didn't know command script was so powerful. Only about 100 lines of code! I wrote my program in C++ and it took about 300 lines of code :) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Processing load on machine
Since my weights are all so close I could make them the same. Is there a way to combined these 8 tests into 1 to determine if it failed any if the tests? That is, IF NOT 127.0.0.0, or what ever their OK response is? Does it really matter? Paul Fuhrmeister [EMAIL PROTECTED] If the following is in the Global.cfg file, is it true that dnsbl.sorbs.net will be queried once and the result will be evaluated 8 times? SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 7 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 6 0 That is correct. With old versions of Declude JunkMail -- back when multiple tests on the same zone first came out -- would make 8 DNS queries. But recent versions of Declude JunkMail will send just 1 DNS query, and evaluate the results 8 times. -Scott --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Comcast.net Spam
An email is from [EMAIL PROTECTED] [24.5.121.88] AND was received from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88] Is there a way to add weight when - received from client.comcast.net BUT sender is not @comcast.net Here are example headers: Received: from cib.co.za (c-24-5-121-88.client.comcast.net [24.5.121.88]) by mail17.**.com (Postfix) with SMTP id 858D630F4B; Wed, 21 Apr 2004 21:25:31 -0500 (CDT) (envelope-from [EMAIL PROTECTED]) Message-ID: [EMAIL PROTECTED] From: Tim Salazar [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Pain Pills V.icodin Hy.drocodone Lortab Lorcet Norco Date: Thu, 22 Apr 2004 01:00:15 + MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=24.5.121.88; X-RBL-Warning: BLOCKTEXT: Message failed BLOCKTEXT test (line 394, weight 7) X-Declude-Sender: [EMAIL PROTECTED] [24.5.121.88] X-Declude-Spoolname: D2d2c2f4000be40bf.SMD X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 1049636097 Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Comcast.net Spam
OK, I understand. SPAMDOMAINS would fail if they said they were [EMAIL PROTECTED] and sent through a tvp.ndo.co.uk mail server, But does not fail if they say they are [EMAIL PROTECTED] and send through a comcast.net server. So, I need to looks at Matt's filter. I am using 1.78+ Pro, but do not understand the filter Matt referenced earlier ( MAILFROM END ENDSWITH @comcast.net REVDNS 5 ENDSWITH client.comcast.net ) Where is that filtering documented? Archives? Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Processing Order
I am looking at the Processing Order from the JunkMail manual 1. IMail's Control Access file (to block IPs) 2. IMail's Kill List (to block return addresses) 3. IMail v8 anti-spam (most tests) 4. Declude Virus 5. Declude Hijack 6. Declude JunkMail 7. IMail's filters and extra IMail v8 anti-spam tests If I use IMail Antispam to add an X-Header for statistical filtering and HTML features detection, would Declude JunkMail see it? Or are those IMail tests after JunkMail? Paul Fuhrmeister [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Processing load on machine
If the following is in the Global.cfg file, is it true that dnsbl.sorbs.net will be queried once and the result will be evaluated 8 times? SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 5 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 5 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 5 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 7 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 5 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 5 0 SORBS-DUHL ip4rdnsbl.sorbs.net 127.0.0.10 6 0 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Store and Forward - Outgoing Actions
Wesetup Store and Forward (Imail 8.05, Declude JunkMail Pro) and everything seems to work correctly. But, The manual and archives talk about Outgoing Actions. We have a declude/domainname.com directory with a $default$.junkmail file. Do those tests get performed on the outbound email or is there something special to make them outgoing tests? Is Declude JunkMail testing ALL of my outgoing email? I don't think I want it to, just store and forward email. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Store and Forward - Outgoing Actions
Thanks Scott. I think I understand. I guess I'll wait and see what happens. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, March 29, 2004 4:33 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Store and Forward - Outgoing Actions When an E-mail arrives, Declude JunkMail will use the configuration file(s) for the recipients, not the senders. For E-mail where a recipient is not local, Declude JunkMail will use the outgoing actions, which are the ones in the \IMail\Declude\global.cfg file. The \IMail\Declude\example.com\$default$.JunkMail file will be used for E-mail *to* an @example.com user, but not for an E-mail *from* an @example.com user. The outgoing E-mail settings are global, and cannot be changed per domain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] black list based on the domain registrants email address?
I'll explain the issue and then ask the question. We are having trouble with a spammer who registers new domain names every day and spams our customers from a DSL line with a dynamic ip. They changes the text a bit each time, leaving us nothing to filter on except this, from (unix) whois lookups: Domain Name: POPSERVERDATA.COM Administrative Contact: Blanch Willson- [EMAIL PROTECTED] Domain Name: TAPESERVPRO.COM Administrative Contact: Blanch Willson: [EMAIL PROTECTED] Domain Name: WORKDATASERVERPRO.COM Administrative Contact: Blanch Willson [EMAIL PROTECTED] We'd like to dynamically build a black list based on the domain registrants email address. Does anyone have this programmed already? Any ideas? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] test if recipient's domain name in the sender address
Let me re-state the point: If the recipient's domain name is in the left hand side of the sender's address (to the left of the @) then it's probably from a list server. You could also look for the word bounce in the sender address. I don't see how sending through an ISP SMTP server is relevant. If it's from a mailing list AND from a DUL or listed in SpamCop or MailPolice, then it's probably junk. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald V. Livingston II Sent: Thursday, February 26, 2004 11:00 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] test if recipient's domain name in the sender address Not a good test. With port 25 blocking becoming more common to force ISP subscribers to route all email out through the ISP SMTP server the sender address is likely to show the ISP email address while the From: line will show whatever email address they normally use depending on the SMTP Auth setup. G --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] test if recipient's domain name in the sender address
Is there a test that tells me if the recipient's domain name is in the sender address? It seems this would be a good tip-off that it's bulk mail, AND IF from a DUL OR listed in SpamCop, MailPolice, etc. it's THEN it's probably spam. X-RBL-Warning: AHBL: 1067376393 bruns - Spam Source - acumenmedia.com X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from bounces.asm61.com, a potential spam source listed in MAILPOLICE-BULK. X-Declude-Sender: [EMAIL PROTECTED] [64.253.207.123] [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Bonded senders
Looking on the bondedsender.com web site, I see no where to report things like this: Received: from adsl-68-78-114-74.dsl.emhril.ameritech.net (adsl-68-78-114-74.dsl.emhril.ameritech.net [68.78.114.74]) Received: from ebay.com (data.ebay.com [66.135.195.180]) From: eBay Service [EMAIL PROTECTED] Subject: Ebay Account Update X-RAV-AntiVirus: This message has been scanned for viruses on adsl-68-78-114-74.dsl.emhril.ameritech.net X-RBL-Warning: DSBL: http://dsbl.org/listing?ip=68.78.114.74 X-RBL-Warning: SORBS-DUHL: Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=68.78.114.74 X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?68.78.114.74 X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BONDEDSENDER: IronPort Bonded Sender - http://www.bondedsender.com X-RBL-Warning: SPAM-DOMAINS: Spamdomain '@ebay.com' found: Address of [EMAIL PROTECTED] sent from invalid adsl-68-78-114-74.dsl.emhril.ameritech.net. X-Declude-Sender: [EMAIL PROTECTED] [68.78.114.74] [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] something I can add weight on?
I see this in the headers of spam: Received: from uk2.net (unknown [61.155.209.7]) Is this something I can add weight on? I assume it's a clue. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New CMD space test info
What version / release do we need to be running to use this test? CMDSPACEcmdspacex x 8 0 [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ATTACH ROUTETO action?
I put this in the $default$.junkmail and it doesn't work. Things get routed but not attached. WEIGHT20ATTACH WEIGHT20ROUTETO [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 9:23 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] ATTACH ROUTETO action? According to the manual, it seems that only one action can be applied to a message. Is this correct? Any way we could get an ATTACH ROUTETO action? I believe both the ATTACH and ROUTETO actions can be combined, per the Multiple actions per test section of the manual. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ATTACH ROUTETO action?
Scott, We use the ROUTETO action on suspected spam to take it out of the user's mail stream. When users forward false positives to me from the abuse box I don't get the headers. Without the headers I have to do a good deal of work to determine why the message failed. The users (customers), for the most part, are not sophisticated enough to get the headers and include them in the email. (The ones who are sophisticated enough are busy and figure I should do it since I'm the one who generated the false positive). It would (1) increase our spam filtering effectiveness, (2) save us a great amount of time and (3) increase our level of custom service (and satisfaction) if we could use the ATTACH action AND THEN the ROUTETO action. So, when a customer forwards a false positive we would get the whole message with the headers and even a description of why it failed. Most of our work would be done for us. According to the manual, it seems that only one action can be applied to a message. Is this correct? Any way we could get an ATTACH ROUTETO action? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL on SPAMCOP
SpamCop blocked the ActiveServerPages list at 15seconds.com (which is not a source of spam): List-Unsubscribe: mailto:[EMAIL PROTECTED] X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml? The problem with SpamCop is, it's only as reliable as it's users. It would appear that some of it's users are not very reliable. We could all report spam cop to spam cop and they'd probably block themselves ;) But we do use them in moderation. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] restricted mailing?
Title: Message Hey guys, I asked this on Imail's list as well, but thought I'd see what Declude users do/think: What I'd like to be able to do, is block all mail to a certain account, except from those addresses specified via AUTOWHITELIST. Kind of a 'parental control'. Let's say I give my daughter an email address, I only want to allow mail from family + friends, but those I specify in her contacts list within the webmail, so using Declude's AUTOWHITELIST ON, I can weight all mail coming in to her mailbox, say, 100 or so, waaay above delete range, but because of the address, it would be delivered. Does that make sense? Is anyone else doing this? Paul
Re: [Declude.JunkMail] restricted mailing?
This isn't something that I would generally try to promote because of the complexity of maintaining it in most cases, but for one's own daughter, it might make perfect sense. Something of course though would need to happen that caused her to get spam though, so it might not be necessary at all. True, at first, it wouldn't be much of an issue. You would need the Pro version to do this of course, and instead of weighting things to her address, what you would do is set up a weightrange test covering almost everything and then use actions (HOLD, ROUTETO or DELETE) in a per-user JunkMail file according to the Manual. Whitelisting will prevent an all inclusive weightrange test from taking action on an E-mail.Ok, I hadn't thought of the per-user configs, we are running pro here, so that's not an issue. I'm just wondering the pros to that as apposed to what I had mentioned before. Wouldn't having a list of recipients those that were under parental control be easier to manipulate? Sure, I have access to all Declude to make adjustments, but to make it as user-hands-off as possible, you wouldn't want to do it that way.. I guess what I'm asking is: Does Declude have a TO: key? like: mailfrom 15 is [EMAIL PROTECTED] is there a mailto 0 is [EMAIL PROTECTED]? I don't see this on the manual site. So a filter file would be defined as: parentalcontrols tofile d:\mail\imail\declude\parentlist.txt x 100 0 So message comes in, it's addressed to someone in the file, given a 100 weight, and deleted. UNLESS the address is on the users webmail contact list. I'm not trying to repeat the same thing over and over, but I'm not sure I'm describing this the way I'm trying to make it sound Did that make sense? LOL! Basically, does Declude allow you to scan for matches on the TO field? Thanks Matt! I'll look into the per user configurations as well. Paul
[Declude.JunkMail] Address for DNSStuff.com / DNSReport.com
What is the address we can use for DNSStuff.com and DNSReport.com? I know this has been on the list a few time, but I didn't save those emails and can't find it in the archives. These two domain names are not working for me. server ns1.easydns.com Default Server: ns1.easydns.com Address: 216.220.40.243 ls dnsstuff.com ls: connect: No error *** Can't list domain dnsstuff.com: Unspecified error ls dnsreport.com ls: connect: No error *** Can't list domain dnsreport.com: Unspecified error [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Combo Test . . .
Scott, If I could assign a weight to a combination of tests . . . Specifically, if a message fails both SpamCop and NOLEGITCONTENT (meaning it has no legitimate content) it is almost certainly junk. SpamCop ID's more spam than anything else, but the flip side of that is false positives. I guess I could add weight for NOLEGITCONTENT, but if we could COMBO tests . . . [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] man, what the heck?
Geez, am I the only one who's gotten a bunch of spam about a certain 'video'? Sheesh. What are you guys doing to block these? They're all Base64 coded, so regular body tests don't apply. I normally get 1 or 2 spams to my inbox, but over the weekend I got almost 20 of these, all different IPs, mostly cable, and different addresses. I added a couple of header tests for certain phrases, but that's about all I can think of. What is everyone else doing? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Host Alias Question
I can not find this in the archive . . . I have a mail domain with three different domain names: Official Host Name: TripleBDomain.com Host Aliases: 3BDomain.com, 3BD.com Do I need to set up Decule Virus and Junk Mail for each domain name? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Host Alias Question
I'm confused. I have : Official Host Name: TripleBDomain.com Host Aliases: 3BDomain.com, 3BD.com Some users use the TripleBDomain.com domain name for their email ([EMAIL PROTECTED] and [EMAIL PROTECTED]) Other users use the 3BD.com domain name: ([EMAIL PROTECTED]) Yet another uses [EMAIL PROTECTED] All on the same virtual server using Host Aliases. Do I need to set up Decule for each domain name or does setting Declude up on the Official Host Name cover them all? [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 19, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Host Alias Question I have a mail domain with three different domain names: Official Host Name: TripleBDomain.com Host Aliases: 3BDomain.com, 3BD.com Do I need to set up Decule Virus and Junk Mail for each domain name? That depends on what you are doing. For a default installation, you don't need to do anything -- all mail to/from those domains will be scanned. However, if you are setting up per-user or per-domain settings in Declude JunkMail, you should use the official name (unless the address is a user alias, in which case the domain used in the user alias will be used, but that *should* be the same as the official name). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Host Alias Question
Yes, I have per-domain settings. I do not scan their mail for spam unless they pay for it. So, I turn the domains on individually. I assume I need to set up each individual domain in Declude. [EMAIL PROTECTED] You will only need to do something special if you set up per-user or per-domain settings. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Getting exec time on less than DEBUG mode?
I think this is a feature request: Is there some way to get the ms exec time on Declude without going to debug log mode? I just revamped my tests (adding a bunch of filters) and it sure would be nice to be able to compare before/after execution times without getting bombed by debug mode. My logs are godzilla-sized as it is. If others think this may be useful, it could get changed. That would be useful Scott, however, maybe make it a logging ON/OFF switch? So if you need that to be logged, just have exectime ON or something in Global.cfg. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Interim Releases - A Suggestion
Just a suggestion, and it wouldn't be too much work, why not just distribute the special interim release in a password protected zip file when someone needs a quick fix? We may well need to do that. Or perhaps just a random URL that isn't easily guessable. Well, I've seen from posts here that the interims have helped find/solve problems quickly, so they ARE helpful. However, they're not for everyone. I don't run them here, just the latest betas. Maybe Scott, you only offer the interims to those that request it, sort of a Declude-interim list, that way, we on the list here don't need to know that i10 has just fixed a problem in i9, etc, making us think we need to run it, unless it directly effects the previous Betas functionality. We recommend you run i10 to fix a problem in 1.76 beta, you may get it here. Which would probably just be a new beta anyway... I think I'm rambling, so I'll stop now. =) Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelisting
I have a customer whose is subscribed to some ezine cooking recipes. She is supposed to receive and email each day with a new recipe, however, I believe that the Imail statistical filter is catching the emails. Below is what the company sent here showing that our mail server was receiving the emails. My question is, should I whitelist [EMAIL PROTECTED] as the email address or [EMAIL PROTECTED], which is in the from box of the emails? Also, how do I go about whitelisting them in Declude? If you can get around whitelisting them, the better. For instances like this, I use our negweight file, in it I'd add MAILFROM -30 IS [EMAIL PROTECTED] - This is the address Declude is using I believe, if that's the X-DECLUDE SENDER line. the negative weight should be at least the weight you block on, if not higher. The IS makes sure it's just that address. Cases where this wouldn't work would be if the address changes each day. like [EMAIL PROTECTED], which you can change the IS to ENDSWITH fijo.mail-list.com. This way, it's given leeway, and if a spammer tries to use the address, it'll probably fail enough that the neg weight won't matter much. But each setup is different. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus BANNAME option with v1.76
The problem has been identified; there was a problem with v1.76 (beta) and subsequent interim releases and the BANNAME option. This issue is fixed in a new interim release v1.76i30 at http://www.declude.com/release/176i/declude.exe . Alternatively, you can comment out the BANNAME options by adding a # to the beginning of the lines that they are in. Hmmm, is it after the # of BANNAMEs reaches a certain point? I've had 2 instances of backlogs of mail in the spool in the past 3 months since going to Imail 8, but stopping/restarting SMTP + Queue Manager got mail moving again. We have 7.16 here for Declude, with 1 BANNAME listed - photos.zip. Didn't even realize I was missing the others mentioned.. but I'm not adding them yet. LOL! Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] EASYNET tests going away December 1
Andy, You have all of these tests running? What's the impact on the server for all of these? What's your mail load? I just love having to replace all these tests every month or so, don't we all? LOL! But I want to lessen the impact on our server as much as possible. What of these tests do you recommend the most? Paul Hi, Yesterday's results of my EasyNet replacement candidates: TEST # FAILED Percentage AHBLDOMAINS710.95% AHBLPROXIES...7359.82% AHBLSOURCES...3514.69% (reliable, so far) NJABLDUL..2743.66% (many duplicates with SORBS-DUL) NJABLPROXIES1,085...14.49% NJABLRELAYS...1181.58% NJABLSOURCES..2653.54% (reliable, so far) SORBS-DUL...2,664...35.58% SORBS-HTTP7379.84% (proxies) SORBS-MISC.801.07% (proxies) SORBS-SOCKS...873...11.66% (proxies) SORBS-SMTP..50.07% SORBS-ZOMBIE...300.40% A) Do NOT use SORBS-SPAM. As they point out on their web site, it has been infested with the mail servers of most major providers by the simple fact that virus-infected customer systems have been sending arbitrary emails, implicating the mail sever of the provider. I tested it for two days and kept lowering the weight until I realized that it was not at all helpful in trying to distinguish spam from legitimate mail. B) I have been holding and/or deleting ANYTHING proxy for many weeks now and so far never had any customer complaints about lost emails. Best Regards Andy Schmidt --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How do I block these?
Is there anyway to block on these extensions (de,ch)? I don't see any valid email coming from domains with these extensions. Just so you know, this is Germany and Switzerland. Obviously you know your users better than I do, but if I blocked all mail from Germany and Switzerland my phone would ring before I could log off the server! Paul --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Re[2]: [Declude.JunkMail] Opinions on web interface
HA! Preach on my brother!lol.. I am also an admin for an ISP, and i too am extremely suck of hearing people complain about spam! like they could do a better job. :-P Well, similar spot here, BUT I'm VERY leary of giving them any means to mess up their mail. I'd probably spend more time troubleshooting their mistakes than in what I do now. I don't need that added pain. You KNOW it would happen. I didn't know adding that to my filters would kill all my mail, can you go in and fix it? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] log analyzer
I was just wondering if anyone here has ever thought of, or worked on, a Declude log analyzer that can, similar to Scott's AWESOME bouncefinder, list the deleted mail? Maybe list it as email address + weight? This way, if someone calls about missing mail, if you run daily log analyzing, you can search for that address, find it faster, and make the adjustments you need. Does this seem feasable? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ATTACH Still not working. Bah.
Matt, I don't know the answer, but here's another question. on these lines in your JM log: 11/04/2003 13:54:02 Q1fc2024f002acd29 Msg failed WEIGHT1319 (Total weight between 13 and 19.). Action=ATTACH. 11/04/2003 13:54:02 Q1fc2024f002acd29 L1 Message OK How can it be OK and failing at the same time?? Am I misreading something here? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] REVDNS vs BODY
Is it accurate to say that a filter in DECLUDE Pro using REVDNS is more efficient and runs faster than a filter using BODY? My standard procedure was to add a BODY filter that contains the domain of a link found in the spam messages that make it through other tests. This makes sure that they will be caught next time. I've noticed though that a surprising number of these domains that are found in the body of the spam are also the reverse DNS of the message sender. Am I better off filtering the REVDNS instead of the BODY? Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT Outlook Express problem
Another thing to try, is delete the e-mail account on the client completely. Restart the computer. Recreate the e-mail account. Thanks John, I'll give that one a shot as well. I tried adding a return address, but that didn't seem to work... Thanks to all who have offered suggestions! Out of all our users, just 4 or 5 are having this problem very odd indeed. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filter multiple CCs?
There is a bcc test that you could use. If you add a line: BCC bcc 5 x 2 0 to your \IMail\Declude\global.cfg file, it will add 2 points to the weight of the E-mail if it has 5 or more Bcc:'s (recipients that do not appear in the headers of the E-mail). Wow, when was that test added? I must've missed that. nice test to add I think. On that note, what do people consider 'too many' in BCC? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Weight maybe not working right??
Hello,
I just recived several spams to my box all with weights greater then
I allow (weight of 49). Does anyone see anything wrong here?
GLOBAL.CFG
WEIGHT1 weightrange x x 5 11
WEIGHT2 weightrange x x 12 17
WEIGHT3 weightrange x x 18 36
WEIGHT4 weightrange x x 37 0
$default$.junkmail
WEIGHT1 WARN
WEIGHT2 SUBJECT
WEIGHT3 HOLD
WEIGHT4 DELETE
--
Best regards,
~Paul~ mailto:[EMAIL PROTECTED]
---
{This E-mail scanned for viruses by Declude Virus/McAfee}
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
RE: [Declude.JunkMail] Backup MX / Spam
You could write a filter that searches the headers for your backup server's IP address. HEADERS 3 CONTAINS x.x.x.x Matt The problem with this is if your primary does go down (rebooting for a patch for example), these points will be added to *all* email until your primary is back up. I posted just a few days ago asking if it was possible for Declude to check that primary was functional. If so, there could be a test that would add points for any mail sent to the secondary when the primary is functional. I realize that this would require a new version of Declude, but I think it could be really worthwhile. Nobody responded to my last post, so I wasn't sure if there is some reason why this wouldn't work or would be too difficult. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] new methods of subjects?
Has anyone seen an increase in spam with subjects of rr or ss or something similar? I've seen a huge increase in these, as well as bogus yahoo/hotmail accounts. Would filters like these be good? SUBJECT 0 IS RR CONTAINS in this case would catch words like correct Hi Barry! etc. There doesn't appear to be any spaces after the subject. So far I've seen it for rr,tt,vv,ww, and a few others. Just looking for input. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New Test?
Would it be possible to have a test that would check if the highest priority MX was running? If so, then the test should assign a weight if a particular email was sent to a lower priority MX. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] what happened??
Scott, anyone... HELP! We upgraded to imail 8.03 yesterday, all was well. I come in this morning, and try running Delog to scan yesterdays logfile. It can't open. Weird, so I try to open it in notepad, get Too large for notepad The file is 4 GB in size! What happened? normally 20MB or so, but as of 8PM, last modified time, it was 4GB. Today's log is at the same amount currently, what do I need to do? We're running Declude 1.76. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] what happened??
I meant to add I did run DECLUDE.EXE after the install, and stop/start the smtp service. When I left yesterday, I had checked the log to see that it was functioning properly, and it was logging just fine. Logging is set to LOW. Sorry for the lack of info there, I don't like surprises first thing in the morning. I stopped/started smtp + Queue manager just now, but any other options are needed. Thanks! Paul - Original Message - From: paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 9:12 AM Subject: what happened?? Scott, anyone... HELP! We upgraded to imail 8.03 yesterday, all was well. I come in this morning, and try running Delog to scan yesterdays logfile. It can't open. Weird, so I try to open it in notepad, get Too large for notepad The file is 4 GB in size! What happened? normally 20MB or so, but as of 8PM, last modified time, it was 4GB. Today's log is at the same amount currently, what do I need to do? We're running Declude 1.76. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] I know what happened!
Color me stupid I deleted the log file for today, and let Declude recreate it. After 5 minutes the file was up to 112K! So, I opened notepad, and waited.. finally opened, and I saw a bunch of lines: Unknown test type in enter goof here ARGH! When I edited out entries in our killfile yesterday, I created a test called FROMKILL, however, I forgot to add MAILFROM 20 IS - I just had the names... Please excuse me while I go beat my head against the wall. =) So it should be fixed now. Paul thump! thump! thump! - Original Message - From: paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 9:24 AM Subject: Re: [Declude.JunkMail] what happened?? I meant to add I did run DECLUDE.EXE after the install, and stop/start the smtp service. When I left yesterday, I had checked the log to see that it was functioning properly, and it was logging just fine. Logging is set to LOW. Sorry for the lack of info there, I don't like surprises first thing in the morning. I stopped/started smtp + Queue manager just now, but any other options are needed. Thanks! Paul - Original Message - From: paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 9:12 AM Subject: what happened?? Scott, anyone... HELP! We upgraded to imail 8.03 yesterday, all was well. I come in this morning, and try running Delog to scan yesterdays logfile. It can't open. Weird, so I try to open it in notepad, get Too large for notepad The file is 4 GB in size! What happened? normally 20MB or so, but as of 8PM, last modified time, it was 4GB. Today's log is at the same amount currently, what do I need to do? We're running Declude 1.76. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bah, puny spammer!
DSBL:6 SPAMCOP:10 BADHEADERS:6 HELOBOGUS:6 REVDNS:4 ROUTING:8 IPNOTINMX:2 NOLEGITCONTENT:2 COUNTRY:10 COMMENTS:153 SNIFFER:7 FIVETENSRC:5 EASYNET-DNSBL:7 EASYNET-DYNA:6 EASYNET-PROXIES:5 BH-CNKR:10 SORBS-HTTP:7 PSBL:5 CBL:5 GIBBERISHBODY:3 VERISCAM:7 BENTALLIPBL:7 BENTALLSPAMHINT:22 BENTALLSPAMURL:161 . Total weight = 464 Wow! Andrew, So do you add 1 point per comment? 153 seems an odd total What are those last 2 tests you have listed? What do they do / how are they weighted? Usually I see 70's - 100's. 464, you should send him a Congrats! message. =) Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bah, puny spammer!
Paul, those last 3 tests are our in-house tests that may or may not be suitable for anyone else. The first of the three is an IPFILE test that contains our banned IPs. We put them here instead of IMail because we like the logging of the mail-handling decisions to all be in Declude's log. Same here, I have 3 seperate IP lists, IPLIST, mostly cable/DSL IPs, HighIP, usually IPs like markedmail, etc. and KILLIP, 9 out of 10 is a foreign IP. As you say, it's nice to have Declude log them, I did it because it was far easier for me to add IPs to the killip file than going to the server and updating the control access file. The second is a text FILTER test (only availabe with Declude JunkMail Pro) that has lots of snippets of spammish body text, including HTML content tips posted here (notably Kami, Bill and Matthew) and our own list of keywords to hint towards a body weight for spam that had made it through to mailboxes (e.g. last Christmas' little cars campaigns, and current mortgage and loan come-ons). The test is called 'hint' because every filter line is a low weight. Ok, same here. The third is another text FILTER test, and contains URI specific hints as well as blacklisted domains (high weights) we see in URLs. I keep meaning to break this file in to two tests; the URI hints and the blacklisted domains. I'd be interested in seeing that, if I may, I've got a BODYTEST set so far with urls included, as well as phrases. The COMMENTS test scored so high because after running for a month with the fixed weight option, and Scott's assurance that it only scores bogus comments and that I'd seen zero false positives, I found that it was a safe test, so I switched to the dynamic weight option, and score with a small base weight, and after that, it's up to the spammer as to how high the score will get. Hmm, I haven't yet adjusted my COMMENTS test to add weight, it simply adds a WARN line, or HOLD above a certain limit. If you're interested in the URI hinting, I'd suggest that you look at Kami's filter files, which are much cleaner than what I could offer. Kami has been a BIG help to me, I've referenced his files many times. I'd still like to check out those last 2 filters, if you don't mind. If you do, I understand. =) Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude v1.75 bogs down the server
Return Receipt Your [Declude.JunkMail] Declude v1.75 bogs down the server document : was Paul Hung/The Telluride Group received by: at: 09/08/2003 09:01:46 AM --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Increased AOL, Hotmail, Yahoo, etc. false positives
Has anyone found that AOL, Hotmail, and Yahoo.com addresses have been failing on the following tests: helobogus, nopostmaster, noabuse, revdns These e-mails usually fail these four tests, and thus trigger my Weight10 rule. I performed a reverse DNS lookup on several of the IP addresses and found that there was no entry for reverse DNS. Any ideas? Is it just me? - Paul
Re: [Declude.JunkMail] Setting MAX Testing Weight
As was mentioned here before, it's not a BAD idea to want Declude to stop after X has been reached, but, what if the whitelist came right after that X number? Scott, are there any plans to, or can Declude already, run the Whitelist tests FIRST, so that if they are whitelisted, forgoes any weight testing alltogether? I think that would be beneficial in this case. If we list the whitelist tests first, will they be run first? Paul - Original Message - From: Todd - Smart Mail To: [EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 10:27 PM Subject: Re: [Declude.JunkMail] Setting MAX Testing Weight I brought this up last week.Anyone see the benefit beside me? The idea of being able to stop testing once a given Weight has been reached seems to have multiple benefits to me.My numbers indicate that about 45% of my spam would benefitfrom stopping testing at 4X my Hold Weight. I know that Declude is not a resource hog but my Decludetests have increased dramatically over the past couple months and I don't see them getting any less in the future. I've Added 2 x Subjectspaces Spamdomains 4 x Comments Spamcheck And a host of DNS tests. That's my CPU, Bandwidth, and other resources. Andas more and more people move to spam prevention it seems the DNS Blacklists will get more use. I guess my point is why continue to test and use resourcesonce you reach a certain point where you're3X,4Xor 5Xyour hold weight? Any thoughts? Todd Hunter Progressive Systems
[Declude.JunkMail] sure to be silly question
Ok, I've got a question about the COMMENTS test. Since I have a copy of every email I've gotten from this and the AV list since I joined, I looked through them and didn't see my answer. I also looked at the JM revisions page and found nothing either, so here goes. Below is the line from the message source of an email I got this morning. VERY bad idea to spam the guy in charge of email. =) anyway, since the words gen*eric via*gra minus the *s in case of filters, are shoen in the email, but seperated by the junk in the . What's the way to set a block/test for this? I've yet to use the COMMENTS test, but want to know the BEST way to do so. Geinput type=hidden name=zZKIrRcpWfFgeyDneric Vip style=margin-bottom: -20font size=1 color=#FFxvtAXyZLNqZbKsaWiqfpg/font/pagra Any help is appreciated! Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] sure to be silly question
Another way to scale the weight of this test is to use: COMMENTS comments weight x 5 0 where the test will accumulate the total number of obfuscation comments it finds and add 5 to that number and apply that to the weight result for the test. So which is a preferrable approach? I've added the COMMENTS20,40,60,80,100 lines to Global, and WARN actions in $default$, so I'm guessing it's set now, but if this way is easier, I'd switch. Right now no weight is added, and just warnings are added to the headers. 80 + 100 are set to HOLD for review. Thanks all! Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Ebay and Spamdomians
In my experience, for HOTMAIL.COM in particular I've never seen a message sent through a non-Hotmail server. I think you might have a configuration problem if you are seeing tons of legitimate e-mail from non Hotmail servers. Especially since it's a web-based e-mail client I wouldn't think they could use anything but Microsoft owned, e.g. hotmail.com, msn.com, servers. I'm glad I posted on this as I am realizing that I am not understanding exactly what is going on. When I had the spamdomains test set at 2/3s of the hold weight, I would find 4 or 5 legitimate messages a day held, with spamdomains putting each message over the top. A quick look in my logs shows that 4 or 5 messages a day is a tiny percentage compared to the number of spammy messages that fail spamdomains. The problem is that these 4 or 5 messages a day are too many for me. It seems somebody is on my case whenever there is a false positive. I realize now that yahoo.com was probably a bad example, although I am sure that I have seen it happen. Perhaps Sheldon's explanation is correct. The bottom line is that I think I need to pay better attention to those false positives and see if I can figure out more about them. Thanks for the feedback, Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
In almost all cases, this is a situation where someone thought it would be cool to tweak a setting that they weren't familiar with (Gee, Split attachments into multiple E-mails probably will make my E-mail faster!, they think). Heh, in our case it would be Hey, good way to get your message deleted. =) I've been deleting the Vulnerabilities, and more than 95% have all been SPAM, only 1 person I've spoken with to correct this problem ever complained, and as Scott mentioned, he thought it was to help speed up delivery. I just explained that ANY potential threat to our users is taken seriously, and we'll not risk the whole for someone too lazy to fix their mail. He fixed his problem. =) What about the rest on the list? Do you delete vulnerabilities? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Ebay and Spamdomians
I've been surprised at everyone waxing poetic over the spamdomains test. I have had to give this test very little wieght because we constantly get legitimate mail from spam domain addresses, but sent through other servers. For example, I see a ton of legitimate email from hotmail but where the sender sent it presumably through their work server. That's not a knock against Declude. The test works as advertised, and I do use it. I just have to give it very little weight. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filtering (Pro version)
On the Filtering (Pro version) - create your own filters, similar to the filters in IMail, 1. Is there a space character like iMail filters (/s) For example: BODY 3 CONTAINS /ssex/s 2. Realistically, how many rules can you put in a filter file. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test No Messages
Too many people dealing with the msblast virus to complain about getting spam... :) Isn't THAT the truth sheesh. And what's even funnier, is the # of machines I've cleaned that have HAD the update sitting, waiting to be installed ARGH! What's updates ready to install mean? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Virus Pro and Fprot (DOS)
I don't delete on any one test. But currently any e-mail messages that have an overall weight of 50 get deleted automatically. But that's using junkmail. I'm talking Declude Virus. There's no weights in virus scanning, it is or it isn't. Some people ignore the vulnerability detections, others, like me, delete them, some HOLD for review. They may not be viruses now, but COULD be in the future. But you are right about junkmail tests, you shouldn't delete mail on one test alone. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] spamdomains
A few days ago I mentioned that I've had to reduce the weight I give to the spamdomains test drastically due to false positives. Here is an example of the type of thing I am running into: Received: from picturecd3.kodak.com [192.232.121.230] by netinteraction.com with ESMTP (SMTPD32-7.13) id A1136D2013E; Sun, 10 Aug 2003 18:27:47 -0700 Received: from picturecd.kodak.com ([207.160.143.56]) by picturecd3.kodak.com (8.11.6/8.11.6) with SMTP id h7B1Kwn15568 for [EMAIL PROTECTED]; Sun, 10 Aug 2003 21:20:59 -0400 (EDT) Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] snip X-RBL-Warning: SPAMDOMAINS: Spamdomain 'hotmail.com' found: Address of [EMAIL PROTECTED] sent from invalid picturecd3.kodak.com. This was some photos that someone sent a client. That leaves me with a frustrating choice. I can either fish these out of hold every time somebody does this, or I can reduce the weight precisely for a domain that that really can benefit from the spamdomains test. Again, this isn't a criticism. I just wanted to show what is happening in the real world. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Ban Attachments
What would be the best way to delete all messages that contain an attachment using Pro? Thanks, Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Report System
Darrell, looks like you've got a request from everyone on the Declude list! I'd like to add my name as well, it sounds like a very useful tool. Paul Terry, I used delog for awhile, but I needed several other features that did not come with delog. So I developed an application that had all of the features that I needed. Below is a sample report that I generated(tab format). The reports can be in tab, csv, or html format and you have the ability to email them as well. There are many other things that dlanalyzer can report on. You can get reports on domains, users, tests, and different reporting periods. The combinations are endless. Right now I am finishing up database support and a few other miscellaneous features I wanted to add in.. If you would like to try it out let me know and I will make it available.. Darrell Start Time: 6/1/2003 12:00:00 AM End Time: 6/2/2003 12:00:00 AM Total Messages: 25935 Messages That Failed: 18252 Spam Percentage: 70.38% TEST# FAILEDPercentage BADHEADERS 373514.40% BASE64 12034.64% BLACKLIST 13255.11% COMMENTS668 2.58% DECREASEIPWGHT 40 0.15% DECREASEWEIGHT 557 2.15% DECREASEWEIGHTLOW 313 1.21% DSBL380714.68% DSN 12154.68% EASYNET-DNSBL 741828.60% FXBLACKLIST 25749.92% HELOBOGUS 477618.42% HEUR10 289911.18% IPBLACKLIST 5 0.02% MAILFROM385 1.48% NJABL 408 1.57% NOABUSE 334112.88% NONENGLISH 214 0.83% NOPOSTMASTER402015.50% OLDEMPLOYEE 29 0.11% ORDB261 1.01% OSDUL 113 0.44% OSLIST 2 0.01% OSRELAY 343 1.32% OSSOFT 326512.59% OSSRC 330812.75% POSTMASTER 12 0.05% REVDNS 423116.31% ROUTING 14875.73% SNIFFER 328512.67% SNIFFERAV 12 0.05% SNIFFERCASINO 159 0.61% SNIFFERDEBT 815 3.14% SNIFFEREXP 269 1.04% SNIFFERGETRICH 630 2.43% SNIFFERGREY 421 1.62% SNIFFERINK 196 0.76% SNIFFERINSURAN 58 0.22% SNIFFEROBFUS350 1.35% SNIFFERPHARM17276.66% SNIFFERPORN 16306.28% SNIFFERSCAM 1 0.00% SNIFFERSPAMWAR 127 0.49% SNIFFERTHEFT138 0.53% SNIFFERTRAVEL 438 1.69% SPAMCOP 417216.09% SPAMHEADERS 416016.04% WEIGHT1010482 40.42% WEIGHT5 769 2.97% WORDFILTER 782630.18% --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Is there a test.....
Is there a test already that checks if the to + from fields are the same? i.e to: [EMAIL PROTECTED] IP 1.2.3.4 From [EMAIL PROTECTED] IP insert favorite spam IP here I realize that some people send mail to themselves as tests, but I've seen an increase in the above. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Is there a test.....
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 28, 2003 1:27 PM Subject: Re: [Declude.JunkMail] Is there a test. Is there a test already that checks if the to + from fields are the same? i.e to: [EMAIL PROTECTED] IP 1.2.3.4 From [EMAIL PROTECTED] IP insert favorite spam IP here I realize that some people send mail to themselves as tests, but I've seen an increase in the above. No, there isn't such a test, but we are looking into it (it does get a bit tricky because of the total number of addresses, including To:, RCPT TO, From:, MAIL FROM:, Reply-To:, Sender:, etc. That's what I figured, but the 2 we're most interested in are X-DECLUDE SENDER: and RCPT TO: Let me know if you have any progress in this. I can see where the confusion can come in for sure. Thanks! Anyone else seeing this? And if so, how are you fighting it? seems I'm stuck on just listing the IPs, and adding to my subject filter when applicable. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude JunkMail v1.75 (release version) released
Return Receipt Your Re: [Declude.JunkMail] Declude JunkMail v1.75 (release document version) released : was Paul Hung/The Telluride Group received by: at: 07/22/2003 03:21:54 PM --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] A good SD.TXT File?
Return Receipt Your RE: [Declude.JunkMail] A good SD.TXT File? document : was Paul Hung/The Telluride Group received by: at: 07/22/2003 05:54:15 PM --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filtering Body Content
Some background: Running Declude Junkmail Pro (how do I find out what version I'm running?) In my GLOBAL.CFG, I have the line: BADBODY filter C:\Imail\Declude\blackbody.txt x 3 0 In the file BLACKBODY.TXT, I had the line (notice the accent on the letter i): BODY 7 CONTAINS penís I have the WEIGHT10 rule enabled. For some reason after I added that line to BLACKBODY.TXT, Declude decided to start tagging random e-mails as Spam, even though their content did not have the string penís. Prior to this, the string [EMAIL PROTECTED] also seemed to cause the same problem. Anyone have any ideas? Thanks y'all. __ Paul Hung
Re: [Declude.JunkMail] False Positives
I am concerned about false positives the time required to deal with them. Of those of currently runing Declude Junkmail, what is your rate of false postives and how do you best manage the false postives? For BEST results, get the PRO version. Everyone waging this spam fight is concerned about FPs, but as John already posted, set a high Delete, low HOLD, with Spamreview free go over the held messages. Nothing is a simple It's there, no more spam solution, but Declude sure makes that task a lot easier to manage. As for time needed to deal with it, even straight install you will see a reduction in junk with some simple tweaks. After you get the feel for how it works, you can create custom filters pro only and watch the junk numbers drop. The most time is spent tweaking filters. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] argh! change!
That's the HOLD action. Although you can use it, the HOLD action will prevent the E-mail from being delivered. So if you use the HOLD action, the recipient will not receive the E-mail. Right, I understand that option, which is why I'd prefer to be able to COPY the lower weighted mails to be reviewed by spamreview, but still be delivered. The way I had it set before, and still do to an extent, was to copy the failed email to a review area to get headers, etc. to add to filters with. This way, mail was still being delivered, and we could update filters at the same time. Spamreview seems to be an easier approach to this, so I wanted to copy the lower failing mail still let it be delivered and review it with Spamreview. I apologize if I'm not being clear enough. =) But I'll assume the answer then is No, you cannot copy lower failing e-mail to the spam folder for review, this is only accomplished by the HOLD action. =) If this is wrong, PLEASE correct me. Question 2: Correct (unless you have modified the configuration to specifically force Declude JunkMail to run first). Ok, got that, thanks. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] argh! change!
It sounds like you're looking for an action that acts like the HOLD action (by copying the Q*.SMD and D*.SMD files to a specific directory), but also delivers the E-mail. Unfortunately, there isn't anything like that in Declude JunkMail. Right, that's what I was looking for. It makes sense to me now why that's not practical, that would involve creating a copy of the Q + D files, causing higher processing time, etc. Better to keep it as it is, it's working just fine now, no need to mess it up. =) Thanks Scott. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] argh! change!
Well, after using the same Declude setup since we started back in October, I finally just changed the weight system to weight ranges, and altered what is done to the mail. I've also installed Spamreview, and hope to cut down on mail copied for review. Here's my question / setup: here is the setup: GLOBAL: WEIGHT10-19W weightrange x x 10 19 WEIGHT10-19C weightrange x x 10 19 WEIGHT20-24W weightrange x x 20 24 WEIGHT20-24C weightrange x x 20 24 WEIGHT25-29W weightrange x x 25 29 WEIGHT25-29H weightrange x x 25 29 WEIGHT30 weight x x 30 0 Default : WEIGHT10-19W WARN nothing listed fot weight10-19c - see question. WEIGHT20-24W WARN WEIGHT20-24C COPYTO junkfolder for review WEIGHT25-29W WARN WEIGHT25-29H HOLD SPAM folder for Spamreview WEIGHT30 DELETE So far so good, all is logging fine. here's my question: Can I have Declude COPY the lesser valued mail to the SPAM folder in the spool? So I can review it with Spamreview? If so, what's the way to do it? weight10-19cCOPYTOSPAM ? -- or does this simply create a SPAM folder for the user? Question 2: By this point, all messages should've been scanned by Declude as well, correct? So no viruses should be present in the SPAM folder, unless something happened to the scanner. correct? Thanks all! Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FROM TESTS
Sorry for not trying to search this more first, but it's not an ultimate MUST know, just a can it do this? type question: Is there a test that checks the FROM and X-DECLUDE SENDER lines to see if they match? Is that even possible? Granted, when I see a [EMAIL PROTECTED] mail that has a DECLUDE SENDER of [EMAIL PROTECTED] I can just add the first address to a header test. However, these addresses in legit mail, should match correct? Unless it's a mailing list, which would cause a FP as they give the senders name but use the list's name as the DECLUDE SENDER. so I guess it could be more of an identifier test that heavy weighted one Thoughts? Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DNSstuff problems
As the subject states, is DNSstuff still having problems? Seems every time I try a lookup I get a Page cannot be displayed error. Once in a while it works, super-fast in fact, but seems more often than not it's down. Just seeing what's going on. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Counting
How did this get to Weight of 24. FILTER-BODY filter c:\IMail\Declude\IMail_Filter_TextinBody.txt x 0 0 Item Listed had a weight of 4 I am guessing that it caught more than one line in your filter. From what I can see, it only lists the last item caught in your filter file, although it will give all of the points for all of the lines caught. Scott, is there a way to have it list all of the lines caught in the filter? I would find this very helpful. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] observation...
It seems the move of DNSstuff went well! What speed! It hasn't moved that fast on searches in a long time! Happy camper. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist Add-on
I had a situation today that has made me consider the whitelist add-on that I have seen discussed here. With the archive down, I am not sure what the name of it is or where to go for more information. Could someone send that information to me please ([EMAIL PROTECTED]). Is it just me or does it seem that major ISPs are being listed in more and more spam databases? I had a customer have his rather important incoming email get autodeleted because it reached a score of 31 on a system of 10+ hold and 30+ delete. btinternet.com (British Telecom) is listed in about 10 spam databases. It seems more and more I have to give major ISPs huge negetive weights, and I seem to have to constantly make them more and more negetive to keep up. Then more and more spam gets through. From my perspective this trend is becoming counter productive; the spam databases are unrealistic to use individually; even with Declude's superb weighting system things are getting more difficult. Scott, do you have an opinion about the whitelist add-on? The idea of keeping track of who are customers are sending email to and then having them whitelisted sounds interesting, but I want to know if there are any reasons why this might cause problems. Thanks, Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] question from new user
Ok so what are the best tests that catch the most junkmail and not good mail. oh if only we knew.. there would be no spam. =) Do I really need to subscribe to a service? We're not and we catch over 70%. lastly if i wanted to create a blacklist.txt file I have read the testfrom documentation and the placeholder is this the name that is used in the junkmail file for determining what is to be done with this, aka if i had the line TESTNAME fromfile d:\Imail\Declude\blacklist.txt blist 5 0 would blist be the name I used in $default.Junkmail file TESTNAME is the name of the test in the above example. So if you make a test called BLACKLIST, you set it as follows. BLACKLIST fromfile d:\imail\Declude\blacklist.txt x 5 0 - blacklist.txt is where you store the data - results given to BLACKLIST, pass or fail. 5 or 0. Trial and error, that's all I can say. I'll tell you one thing, you learn alot about e-mail doing this stuff. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail v8.0 and Declude Jinkmail??
In any case, we've been through this before, and can do it again. :) -Scott What's that phrase? If it ain't broke Certainly the people who are using Declude now wouldn't give up one of the best and easiest to use programs around to use something proven in the past to be problematic, and the newcomers to Imail who join the mailing list will still hear praises to Declude. I don't see a problem. =) Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] White list question
We have a customer who subscribes to a real estate service that sends info via a list serv. The messages are being diverted because they fail a few too many tests. How do we white-list list serv messages when they come from the subscribers, not from the list? Here are some headers: From: preston whisenant [EMAIL PROTECTED] Save Address Received: from lists2.texasstar.net [63.214.164.124] by LandDeals.com (SMTPD32-6.06) id AB5E4270284; Tue, 25 Mar 2003 15:53:02 + X-Originating-IP: [67.234.71.122] X-Originating-Email: [EMAIL PROTECTED] To: CIBList [EMAIL PROTECTED] [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] All emails are now showing up with attachment?
For what it is worth, I am now getting email showing up with attachments in my Outlook. It seems strange as I just installed the latest Declude beta before this happened. However, when I go to webmail I don't see any attachments. I haven't heard from any clients yet, so I assume it isn't happening to anyone else. I can't imagine this would be related to Declude, but I thought I would mention it in case this is happening to lots of people. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] All emails are now showing up with attachment?
It appears a reboot solved the emails showing up with attachment problem for me. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
