RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I'm all for your GUI because I know it will make your business more successful even though it will probably be of no use to me at this point. I certainly could have used it in the beginning and I would have probably bought Declude earlier than I did. I'll bet that Dave might even be able to teach you a few things in that regard, and it would keep them out of playing with the executable for that much longer :) I think that everyone who want to set up (and maintain!) a effective spamfilter should have a good knowledge about how SMTP, DNS and Co. works. At this point there should be no difference between a text or GUI based configuration, because it's important WHAT you configure and not HOW. So instead of offering a GUI where users don't know what to configure, create a manual, statistic background for individual tests and configuration parameters so that your customers know what they do - independent if in a text file (really anyone should be able to use notepad) or using a GUI and the newest infrared-bluetooth-solar-powered-force-feedback mouse. So please: -a complete reference of all existing tests independent if released or in beta-state. for us spamfighters counts only if usefull or not -this reference should have ONE place and ONE format. -tecnical or statistical background, usefull informations, alerts, user reports, special solutions can be attached as additional document to each individual test. So anyone trying out a test the first time or looking for how to set it up has ALL important information on ONE place and not to search the archive Since I know for every single test in my configuration file how often it has correct/wrong results I'm able to configure and optimize my configuration far far better then before. (BTW: MTLDB has both correct and wrong results below 1% of all processed messages on our server. The ratio between correct and wrong is 55:45) Having such a documentation it should be absolutely no problem for everyone to create his own cfg-file. Also I mean that Declude is very very flexible and any GUI - of not realized very very VERY good - will decrease this flexibility. As I know there is also a long ToDo list and I really hope that every thing on this list has more priority then any GUI programming. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Sharyn (and others that despise GUI's and learning new things at this stage in the game), I think that we must all recognize that the majority of Declude's market lies with those that aren't nearly as experienced with this stuff as we are, and they need a GUI in order to tap deeper into that market. Whether we like it or not, a GUI will happen and I'm sure it's a top priority for them. I think that at the same time we should be understanding of the need and the importance of this for their business even though it doesn't suit our needs. Scott already indicated that he planed on having a system where the GUI was just simply an overlay to the config files and not necessarily required. There is no reason why they can't do that if they set out to make that happen. So if they do this right, it will have little or no effect on us. We shouldn't complain about the proposition of a GUI as long as this is the case. IMO, new features like the one that they released would be best addressed in updates to the GUI interface as a separate executable. This GUI interface could enable the new test by way of a check box, and it could be highlighted on a 'What's New' tab/selection. I don't see any reason however for separate 5 MB installers that leave DLL's lying around, especially for these purposes when they should simply be having us register and log into a customer's section of their Web site so that we can get the downloads instead of doing this by way of an app. They certainly shouldn't assume that one-size fits all so far as the way that things are configured as they did this time. IMO, it was a bit premature for this to have been released in this way, the real GUI and the rest of the process should have come first. Matt Sharyn Schmidt wrote: Message Declude is not a simple thing to implement and configure. Those of us running it are more than capable of adding a line to our config files and deciding how to weight it/configure it/otherwise implement it. We don't NEED a "click OK to install" GUI that does something to our configurations that we're going to have to go change anyway. I have been quietly listening to this thread, before I threw in my 2 cents, but I have to agree here. The "old" system of just letting us manually add aline to our global config file worked great. A GUI is unnecessary andI, personally, do not like random dll'sinstalled on my server that I can't uninstall.Having a pre-set "weight"configured is insane, as it is unlikely that all admins will assign the same weight to each test. My vote goes back to the old way as I prefer to be in control of what gets added to my global.cfg. That way, I have only myself to blame when it's not right :) Sharyn -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
People on this list hopefully will appriciate the irony of the following: G 07/12/2004 13:42 MTLDB:1 nIPNOTINMX:-3 nNOLEGITCONTENT:-5 . Total weight = -7. 07/12/2004 13:42 Using [incoming] CFG file d:\IMail\Declude\$default$.junkmail. 07/12/2004 13:42 Msg failed MTLDB (This E-mail came from 63.246.13.90, a potential spam source listed in MTLDB.). Action=WARN. 07/12/2004 13:42 L1 Message OK 07/12/2004 13:42 [Declude.JunkMail] GUI - End-User is the priority! 07/12/2004 13:42 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 63.246.13.90 ID: A9EBEAB010C 07/12/2004 13:42 Tests failed [weight=-7]: MTLDB=WARN CATCHALLMAILS=IGNORE 07/12/2004 13:42 Last action = IGNORE. $ nslookup 63.246.13.90 Server: hi-cs-dc2.horizonint.corp Address: 192.168.1.4 Name:mail.declude.com Address: 63.246.13.90 Regards, Brad Morgan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
An I missing something? When I try to resolve mtldb.declude.com I get; tracert mtldb.declude.com Unable to resolve target system name mtldb.declude.com. -M - Original Message - From: Serge To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 12:00 AM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I understand that new declude versions requires an up to date service agreement. But this is a simple IP4r test that can be run with existing versions, so why are they requiring a SA ? BTW, i do have a current SA, so that is not why i am bitchin, but it seems things are starting to get out of hands here. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I understand that new declude versions requires an up to date service agreement. But this is a simple IP4r test that can be run with existing versions, so why are they requiring a SA ? BTW, i do have a current SA, so that is not why i am bitchin, but it seems things are starting to get out of hands here. The reason for that is that it isn't easy administering a DNSBL -- there are a lot of costs involved. We're expecting to get tens of millions of queries per day. If someone else was running this test, that would be a different story (for example, if we limited the SPAMCOP test to those with a Service Agreement, I think that would be wrong). Plus, this is something that isn't available anywhere else. It is essentially a new feature to Declude -- and as such, should require a Service Agreement. It is a service, and as such really shouldn't be free. I think that it should be seen as an extra benefit to the Service Agreement, making the Service Agreement more valuable. FWIW, I do agree with management that this should only be available to those with an active Service Agreement. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Scott et al, Standing by the sidelines here trying to keep up with this interesting thread and actually have some extra time to chime in. I am very concerned about installing this upgrade with the false positives being reported, dlls and uninstall bug reported, etc. Will Declude be addressing these issues and providing more information, what the install specifically does, suggested configurations concerning false postitives, warnings, ? I do believe this can be a valuable feature of Declude and like the concept. We do something similar via BlackIce firewall we have used for years as an extra layer of security. Over the last year we modifying the issue list file relating to virus signatures blocking IP's for 24 hours when detected. When the 24 hour block expires and upon the next connect from the IP with no virus signature detected the IP is no longer blocked. You can also manually unblock if a customer requests after verifying their work station is clean of virus'. Doing so has created a little extra end user support for us from time-to-time. However, customers love us afterwards because we helped them identify their workstation was infected by a virus unbeknownst to them. Something similar to this automation with Declude would seem helpful. Thanks. -Don Don Schreiner CompBiz, Inc. www.compbiz.net 407-322-8654 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 8:08 AM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail An I missing something? When I try to resolve mtldb.declude.com I get; tracert mtldb.declude.com Unable to resolve target system name mtldb.declude.com. That is by design -- mtldb.declude.com should not be resolvable. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- CompBiz.Net scanned for Virus' --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
R. Scott Perry wrote: The management could have just said, Scott, you did a great job in the past; take this new project and just do it however you like. But that would have just increased their reliance on me -- whereas this way, I can help mold the new company. They can learn from their mistakes this way (and the mistakes are relatively minor), and move from an average team with above average members to an above average team. The mistakes with this were not relatively minor. While I'm not using the test, others seem to indicate that it is better at detecting ham than it is at detecting spam. Now anyone that installed this is scoring a massive number of false positives at 8 points on their system, and there has yet to be a public announcement from Barry, or an acknowledgment from you as to the issue. This doesn't affect me at all, but it causes me pause. If that's the way that they and you want to run their business, that's your prerogative. As a customer, I'm taken back by not only the release, but also by your response, and I'm very disappointed that there now seems to be a large disconnect between those that are calling the shots, and your customers. This has made me start to rethink my choices because I can't rely on something that has become progressively abstract and recent developments are starting to scare me much more. If you put yourself in my shoes, you would feel exactly the same way. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
does this mean we should stop using the test once our SA expires if we choose not to renew ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 12:07 PM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I understand that new declude versions requires an up to date service agreement. But this is a simple IP4r test that can be run with existing versions, so why are they requiring a SA ? BTW, i do have a current SA, so that is not why i am bitchin, but it seems things are starting to get out of hands here. The reason for that is that it isn't easy administering a DNSBL -- there are a lot of costs involved. We're expecting to get tens of millions of queries per day. If someone else was running this test, that would be a different story (for example, if we limited the SPAMCOP test to those with a Service Agreement, I think that would be wrong). Plus, this is something that isn't available anywhere else. It is essentially a new feature to Declude -- and as such, should require a Service Agreement. It is a service, and as such really shouldn't be free. I think that it should be seen as an extra benefit to the Service Agreement, making the Service Agreement more valuable. FWIW, I do agree with management that this should only be available to those with an active Service Agreement. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] The reason for that is that it isn't easy administering a DNSBL -- there are a lot of costs involved. We're expecting to get tens of millions of queries per day. If someone else was running this test, that would be a different story (for example, if we limited the SPAMCOP test to those with a Service Agreement, I think that would be wrong). Plus, this is something that isn't available anywhere else. It is essentially a new feature to Declude -- and as such, should require a Service Agreement. It is a service, and as such really shouldn't be free. I think that it should be seen as an extra benefit to the Service Agreement, making the Service Agreement more valuable. FWIW, I do agree with management that this should only be available to those with an active Service Agreement. And how are you preventing anyone but current customers with active SAs from using the DNSBL? If someone knows the test site hostname, what is to prevent them from using it? Also, it does not appear that this IP4R test is very robust as almost all queries posted to the server fail with a response of srvfail or timeout with no servers could be reached. Right now it is very rare for mtldb.declude.com to come back with a valid response, either positive or negative. I've got to say that Computerized Horizons struck-out big time on this one. Not only is the test flawed (hitting way more legit mail than spam), it was supplied in a most bizarre fashion. One of the most appealing thing I found about the Declude products was the fact that they were so open and understandable, much like open-source software in the UNIX/Linux world. However, this last update changed all of that and, thus, left a lot to be desired. I know that change is inevitable, but I don't recall anyone asking for graphical installs or graphical upgrades on this list, and I for one hope that Computerized Horizons goes back to the old tried-and-true methods that have worked so well in the past. In the mean time, I have disabled this test because of it very high false-positive hit rate and extremely low valid hit rate on actual spam message. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
does this mean we should stop using the test once our SA expires if we choose not to renew ? That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
And how are you preventing anyone but current customers with active SAs from using the DNSBL? If someone knows the test site hostname, what is to prevent them from using it? We'll be monitoring it, and if it appears as though it is being misused, we may restrict by IP address. Also, it does not appear that this IP4R test is very robust as almost all queries posted to the server fail with a response of srvfail or timeout with no servers could be reached. Right now it is very rare for mtldb.declude.com to come back with a valid response, either positive or negative. I'll have to look into that. There is a known issue where some lookups are not working properly, but I was unaware that there were any timeouts or server failures. I know that change is inevitable, but I don't recall anyone asking for graphical installs or graphical upgrades on this list, and I for one hope that Computerized Horizons goes back to the old tried-and-true methods that have worked so well in the past. The reason few people ask on this list is because the people that need the GUIs and install programs are the ones that say What's a mailing list? It's hard for some of us to believe, but there are a lot of mailserver admins out there that don't know what a mailing list is. As for the tried and true methods of the past, please watch for future developments. This is a key moment for the new management, and I believe I will steer them in the right direction. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Standing by the sidelines here trying to keep up with this interesting thread and actually have some extra time to chime in. I am very concerned about installing this upgrade with the false positives being reported, dlls and uninstall bug reported, etc. Will Declude be addressing these issues and providing more information, what the install specifically does... That's what I am working on. As for the install, it has you register on our website (if you have not done so yet), and adds a line to the global.cfg file. The install program was really designed for non-techies. ... suggested configurations concerning false postitives, warnings, ? We're working on that. The beta period was unfortunately short and not as widespread as it should have been. I do believe this can be a valuable feature of Declude and like the concept. Agreed. We do something similar via BlackIce firewall we have used for years as an extra layer of security. Over the last year we modifying the issue list file relating to virus signatures blocking IP's for 24 hours when detected. When the 24 hour block expires and upon the next connect from the IP with no virus signature detected the IP is no longer blocked. The difference here is that the test is designed to block spam from hijacked computers, rather than block viruses, so the IPs need to be in the database for quite some time. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
The mistakes with this were not relatively minor. While I'm not using the test, others seem to indicate that it is better at detecting ham than it is at detecting spam. Now anyone that installed this is scoring a massive number of false positives at 8 points on their system, and there has yet to be a public announcement from Barry, or an acknowledgment from you as to the issue. The issue is that this test was developed with just minor input from me, which included only a very short beta period. That's why there are the issues that are being discussed here. This doesn't affect me at all, but it causes me pause. If that's the way that they and you want to run their business, that's your prerogative. I personally think that it is the best way to transition a business. Again, we should focus on the *next* project, rather than this one. The most important question is whether the issues that are being brought up here are addressed in the next project. If not, there is serious cause for concern; if so, this project has helped bring the new management to the level we all want to see them at. As a customer, I'm taken back by not only the release, but also by your response, and I'm very disappointed that there now seems to be a large disconnect between those that are calling the shots, and your customers. Would you mind elaborating on this a bit? What do you think could be done to improve the situation? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
That's what I am working on. As for the install, it has you register on our website (if you have not done so yet), and adds a line to the global.cfg file. The install program was really designed for non-techies. At some point when this gets ironed out will the config line be made available either through the list or through directly emailing support to verify that you have an active support agreement? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] As for the tried and true methods of the past, please watch for future developments. This is a key moment for the new management, and I believe I will steer them in the right direction. Because of your positive track-record, Scott, I am willing to wait and see how future developments go. You have certainly earned that level of respect from me. Thanks for the feedback! Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Ditto! Go enjoy whats left of your weekend. Jay - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 3:52 PM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail - Original Message - From: R. Scott Perry [EMAIL PROTECTED] As for the tried and true methods of the past, please watch for future developments. This is a key moment for the new management, and I believe I will steer them in the right direction. Because of your positive track-record, Scott, I am willing to wait and see how future developments go. You have certainly earned that level of respect from me. Thanks for the feedback! Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
R. Scott Perry wrote: This doesn't affect me at all, but it causes me pause. If that's the way that they and you want to run their business, that's your prerogative. I personally think that it is the best way to transition a business. Again, we should focus on the *next* project, rather than this one. The most important question is whether the issues that are being brought up here are addressed in the next project. If not, there is serious cause for concern; if so, this project has helped bring the new management to the level we all want to see them at. In this case I'm mostly concerned that this got out the door and the environment that allowed for that. The idea is very honorable, but using the data that you have, I'm pretty sure that it's impractical to implement without spending much more time on it. There are other issues such as privacy that I'm not comfortable with either. If you are going to gather information from our systems and use this information for other purposes such as this, you should put a strict privacy policy in place and allow people to opt-out without turning off their forging virus detection capabilities. In this case, I worry that any of my clients that might have sent a virus is now listed in your database and potentially being blocked by other admins, and I would prefer that my data not be used in this test since it is not accurate and could cause issues for my customers. I think that it's my responsibility to look after this data since it came from my service, but I have had no input on how it is used. The new management should be more conscious of such things, and I think this would be expected in this industry to have an opt-in policy with a disclaimer about it's use. I share my data with Sniffer, although it is not personally identifiable, and it's my choice as to whether or not to share it. As a customer, I'm taken back by not only the release, but also by your response, and I'm very disappointed that there now seems to be a large disconnect between those that are calling the shots, and your customers. Would you mind elaborating on this a bit? What do you think could be done to improve the situation? I would recommend pulling the test by emptying the zone. Like you said, there are a lot of admins that don't know how to actually administrate, and they are likely to just install this test and forget about it. I'm a bit alarmed by the lack of corrective action here, and personally I don't believe that you can make accurate use of this data without a process such as the one used by CBL that limits nominations by way of reverse DNS patterns, and that will take time (proving me wrong would also be fully acceptable). So while I believe that it was a mistake that it got out the door in the first place, I think it's also a mistake not to react to it more aggressively. This doesn't affect me, but it is telling so far as how well the new management understands the environment, and how responsive they are to their customers needs. I believe the proper recommendation would be to not install this test at this time, am I incorrect about that? As far as improving the situation goes, there are a lot of things that make me feel uncomfortable, primarily because it seems like we're still talking to you, but other people are calling the shots and doing development with seemingly little interaction from this community. If you look at the features added to Declude in the last year or so (my history here at least), it appears that all the major developments except for CMDSPACE came from interacting with people in this group, some of course more obvious than others, and given the new owner's inexperience in this market, it would make sense that they at least read the list and maybe ask questions. The isolation from the wealth of knowledge that exists here makes no sense to me. I'm very much unsure now if the new owners are concerned enough about people like myself that are operating gateway services and seek a higher level of flexibility. I am guessing that they see more potential in the single domain/ISP type implementations and have bought into the idea that one must provide a GUI so that less experienced admins can make better use of the product, and that the power users needs may not justify to them the commitment or resources necessary to keep us happy. I wouldn't blame them for that choice if they made it, although I think that the brain trust of Declude to date has evolved as combination of yourself and those that participate on this list, and that represents both goodwill and intellectual value which is hard to measure in terms of revenue. If they are going to refocus their efforts on building a brainless application over a configurable application, I would really want to know because that will probably end up affecting my business. I'm completely in the dark about what the new management is
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Here is a potential problem with this test. I have a backup MX server that forwards all to my main server. Yes, 95% of the e-mail that flows through this server is spam/virus. However, since Declude Virus does not allow you to bypass and IP, Declude Virus sees all e-mail coming through that server as from that IP, and that IP is listed if your virus database. Now, say for what ever reason a outgoing e-mail from one of my clients has that IP in the headers as hop 1 or 2. (I have a client right now sending all outgoing through that server until I am able to resolve another issue.) They happen to send to a domain that is using Imail/Declude and is using this new test. Their message is going to false positive on that test. Therefore, this goes back to requesting a feature in Declude Virus of IPBYPASS. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I wouldn't blame them for that choice if they made it, although I think that the brain trust of Declude to date has evolved as combination of yourself and those that participate on this list, and that represents both goodwill and intellectual value which is hard to measure in terms of revenue. If they are going to refocus their efforts on building a brainless application over a configurable application, I would really want to know because that will probably end up affecting my business. The way I see it happening, there would be a cute install program and GUI interface -- but everything could still be manually configured. FWIW, I would have added an install program and GUI had I had time. You would be surprised how many people ask support I just bought Declude JunkMail and it hasn't blocked any spam, what is wrong?, simply because they didn't change the default configuration (with the WARN action for all tests) to block spam. For every person on this list (who tends to be quite knowledgeable about computers, or working to get to that point), there are several off the list that either don't have the knowledge or don't have the time to learn about the configuration. The install program and GUI interface don't necessarily need to take away from advanced features (some of which have been getting added to interims over the past few months). You could add new features by releasing a combination of executable and a separate GUI application, and still allow power users to avoid the GUI system all together. That is exactly how I see it being done. :) In the mean time, it would make sense to also spend some time tightening up loose ends which have not been getting that much attention. If you asked for everyone's top 5 list from around here at least, I'm pretty sure that it would include things besides a new DNSBL test on virus data with a GUI installer, or the GUI itself. Declude is very capable at the moment, but there are some loose ends that could be tied up over a short period of time that would really help finish the foundation. Voicing what those are in this list however would be a waste of time if those that are calling the shots aren't listening. FWIW, at this point, I am almost completely in charge of adding new features to Declude. Yes, management could veto my decisions about Declude, but they know that could be very risky. If you want a list, I'll draft one for you, but I don't wish to bogart your time, and I have one request outstanding that I feel is my #1 wish and is widely sought by your customer base from what I can tell. I'm working on that one. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
At some point when this gets ironed out will the config line be made available either through the list or through directly emailing support to verify that you have an active support agreement? I'm going to recommend that in the future, they provide a way of bypassing the whole 5MB download process for people who don't want it -- where people could go to a URL to either register or log on, and then get the information they need to add the test manually. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Thanks for the response, it puts my anxiety more at ease having some of these things answered. If you want to get Dave up to speed faster, loan him to me for a month and I'll show him this side of things. Free room and board :) But seriously, if they aren't ready for what gets said here, maybe they shouldn't be making certain decisions, designing installers and implementing RBL's quite yet? I wouldn't expect even the best and brightest to pick up on that stuff so fast. Being sheltered from it for a period of time probably makes sense, just not what they are doing as a whole, or at least without more guidance. They will take years in isolation for them to recognize the need for some of the things that get discussed here, especially since as you accurately point out, most don't even get the basics and these are the people that they interact with the most. These people are a good segment to spend more time accommodating than you have been able to traditionally, but they are just one side of the business. I'm all for your GUI because I know it will make your business more successful even though it will probably be of no use to me at this point. I certainly could have used it in the beginning and I would have probably bought Declude earlier than I did. I'll bet that Dave might even be able to teach you a few things in that regard, and it would keep them out of playing with the executable for that much longer :) Matt R. Scott Perry wrote: I wouldn't blame them for that choice if they made it, although I think that the brain trust of Declude to date has evolved as combination of yourself and those that participate on this list, and that represents both goodwill and intellectual value which is hard to measure in terms of revenue. If they are going to refocus their efforts on building a brainless application over a configurable application, I would really want to know because that will probably end up affecting my business. The way I see it happening, there would be a cute install program and GUI interface -- but everything could still be manually configured. FWIW, I would have added an install program and GUI had I had time. You would be surprised how many people ask support I just bought Declude JunkMail and it hasn't blocked any spam, what is wrong?, simply because they didn't change the default configuration (with the WARN action for all tests) to block spam. For every person on this list (who tends to be quite knowledgeable about computers, or working to get to that point), there are several off the list that either don't have the knowledge or don't have the time to learn about the configuration. The install program and GUI interface don't necessarily need to take away from advanced features (some of which have been getting added to interims over the past few months). You could add new features by releasing a combination of executable and a separate GUI application, and still allow power users to avoid the GUI system all together. That is exactly how I see it being done. :) In the mean time, it would make sense to also spend some time tightening up loose ends which have not been getting that much attention. If you asked for everyone's top 5 list from around here at least, I'm pretty sure that it would include things besides a new DNSBL test on virus data with a GUI installer, or the GUI itself. Declude is very capable at the moment, but there are some loose ends that could be tied up over a short period of time that would really help finish the foundation. Voicing what those are in this list however would be a waste of time if those that are calling the shots aren't listening. FWIW, at this point, I am almost completely in charge of adding new features to Declude. Yes, management could veto my decisions about Declude, but they know that could be very risky. If you want a list, I'll draft one for you, but I don't wish to bogart your time, and I have one request outstanding that I feel is my #1 wish and is widely sought by your customer base from what I can tell. I'm working on that one. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Seems that Computerized Horizons should read their own press releases before sending them to Business Wire. If a current Service Agreement is required then the following paragraph from the Computerized Horizons pr is a lie: Although immediately available at no charge to current Declude 'JunkMail' customers the company is open to discussing licensed access by others wishing to eradicate this threat. The test is NOT free to current Declude 'JunkMail' customers if a current Service Agreement is required. Here's the Press Release by Computerized Horizons if interested: http://www.tmcnet.com/usubmit/2004/Jul/1055222.htm Hope they issue a correction! -Joe - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 3:08 PM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail does this mean we should stop using the test once our SA expires if we choose not to renew ? That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Although immediately available at no charge to current Declude 'JunkMail' customers the company is open to discussing licensed access by others wishing to eradicate this threat. The test is NOT free to current Declude 'JunkMail' customers if a current Service Agreement is required. Well, now we are discussing the meaning of the word current. To me, current means with a service agreement. If some one bought Declude 3 years ago and has not had a service agreement since, can you call them a current customer? Sorry, I back Scott and the others at Declude up on this. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I'm all for your GUI because I know it will make your business more successful even though it will probably be of no use to me at this point. I certainly could have used it in the beginning and I would have probably bought Declude earlier than I did. I'll bet that Dave might even be able to teach you a few things in that regard, and it would keep them out of playing with the executable for that much longer :) Do you know what is funny? When I first started using Declude I was a GUI junky. And while I would like to see some things easier to do, it works the way it is. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
At 10:39 AM 7/9/2004, Dan Geiser wrote: Is this guy serious when he says The test is available for download. What do we have to download? What version number includes this test? What is the format of the test? Is it just an IP4R test? What host name do we use? I found that kinda strange as well, but in blind faith, I did download and install it. So far it seems to be running very well. Very useful in conjunction with SA and Sniffer. All that I can tell about it is that it added a line to my global.cfg. I'm sure Scott or someone will comment with more information shortly. It is an ip4r test, but I'm not sure what all I'm allowed to share... -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Goto declude.com and you'll see what it is you have to download. Greg Dan Geiser wrote: Is this guy serious when he says The test is available for download. What do we have to download? What version number includes this test? What is the format of the test? Is it just an IP4R test? What host name do we use? - Original Message - *From:* Barry @ CPHZ mailto:[EMAIL PROTECTED] *To:* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] *Sent:* Friday, July 09, 2004 10:35 AM *Subject:* New Multiple Threat Lookup Database test for Declude JunkMail We are pleased to let you know that today we have released a new test for all Declude JunkMail customers who are covered by a currently valid Support Agreement. The MTLDB test will test each E-mail against our database of IP addresses that have sent viruses. If the IP address is listed, the E-mail will fail the test. Otherwise, the E-mail will pass the test. The MTLDB test is used in the same way as other Declude JunkMail tests. For most customers, it would be used towards the weighting system, so that it is more likely that spam will get caught. However, like other tests in Declude JunkMail, it is possible to take a separate action for E-mails failing the MTLDB test (such as quarantining them with the HOLD action). The test is available for download www.declude.com http://www.declude.com/ Thanks for your support. Barry */Barry Simpson President CEO Computerized Horizons, LLC 65 Parker Street Unit 5 Newburyport, MA 01950 /* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 8:39 AM Subject: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Is this guy serious when he says "The test is available for download". What do we have to download? What version number includes this test? What is the format of the test? Is it just an IP4R test? What host name do we use? - Original Message - From: Barry @ CPHZ To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:35 AM Subject: New Multiple Threat Lookup Database test for Declude JunkMail We are pleased to let you know that today we have released a new test for all Declude JunkMail customers who are covered by a currently valid Support Agreement. The MTLDB test will test each E-mail against our database of IP addresses that have sent viruses. If the IP address is listed, the E-mail will fail the test. Otherwise, the E-mail will pass the test. The MTLDB test is used in the same way as other Declude JunkMail tests. For most customers, it would be used towards the weighting system, so that it is more likely that spam will get caught. However, like other tests in Declude JunkMail, it is possible to take a separate action for E-mails failing the MTLDB test (such as quarantining them with the HOLD action). The test is available for download www.declude.com Thanks for your support. Barry Barry SimpsonPresident CEOComputerized Horizons, LLC65 Parker StreetUnit 5Newburyport, MA 01950
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Title: Message I guess they wrote a "setup" program that will install new code and even activate it for you. Hopefully, there'll be some "readme" inside that mysterious .EXE file. Otherwise, it is pretty much a cat in the sack! The installation process for the MTLDB: Download Now!(MTLDB.exe 5.6 MB) Run it on your serverYou will beasked for some registration information The application will then append a line to your JunkMail configuration file. Thesetup processwill NOT change any existing settings. Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Title: Message Automatically changing the configuration files is a bad thing in my opinion. All my configuration files are built from scripts from base files, allowing to easily make changes to one section and then make the appropriate changes in what ever configuration files are needed. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, July 09, 2004 8:53 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I guess they wrote a setup program that will install new code and even activate it for you. Hopefully, there'll be some readme inside that mysterious .EXE file. Otherwise, it is pretty much a cat in the sack! The installation process for the MTLDB: Download Now!(MTLDB.exe 5.6 MB) Run it on your server You will beasked for some registration information The application will then append a line to your JunkMail configuration file. Thesetup processwill NOT change any existing settings. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.HM-Software.com/ image001.gif
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Title: Message I installed this test, but I'd like to voice my opinion that I do not like the way this test was distributed. I don't like anything messing with my global.cfg, even if it is a program distributed by Declude. It seemsto me thatthis was an attempt by the new owners to harvest information about Declude users via the signup mechanism. -Dan Horne
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Admin server can not be reached...Error 3592. Need any special ports open or anything? - Original Message - From: Jay Calvert To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:49 AM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 8:39 AM Subject: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Is this guy serious when he says "The test is available for download". What do we have to download? What version number includes this test? What is the format of the test? Is it just an IP4R test? What host name do we use? - Original Message - From: Barry @ CPHZ To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:35 AM Subject: New Multiple Threat Lookup Database test for Declude JunkMail We are pleased to let you know that today we have released a new test for all Declude JunkMail customers who are covered by a currently valid Support Agreement. The MTLDB test will test each E-mail against our database of IP addresses that have sent viruses. If the IP address is listed, the E-mail will fail the test. Otherwise, the E-mail will pass the test. The MTLDB test is used in the same way as other Declude JunkMail tests. For most customers, it would be used towards the weighting system, so that it is more likely that spam will get caught. However, like other tests in Declude JunkMail, it is possible to take a separate action for E-mails failing the MTLDB test (such as quarantining them with the HOLD action). The test is available for download www.declude.com Thanks for your support. Barry Barry SimpsonPresident CEOComputerized Horizons, LLC65 Parker StreetUnit 5Newburyport, MA 01950
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. If you purchased Declude before mid-April 2004, you won't have a username/password. In this case, you can go to http://www.declude.com and click on My Account at the top of the page, you can create an account there. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
At 10:49 AM 7/9/2004, Jay Calvert wrote: I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. I never had one either, so I just clicked new user, and it asked me for an email address/password to use, and it continued on... -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Russ Uhte (Lists) wrote: I found that kinda strange as well, but in blind faith, I did download and install it. So far it seems to be running very well. Very useful in conjunction with SA and Sniffer. All that I can tell about it is that it added a line to my global.cfg. I'm sure Scott or someone will comment with more information shortly. It is an ip4r test, but I'm not sure what all I'm allowed to share... Why a 5 MB download for an IP4R test? Also, I think it would be a very good idea to have a process of opting-out customers from the data collection (or rather opt-in as that is the standard that we use for judging spam and this could be managed effectively in a download such as this). There are privacy concerns in some cases, and I have also sent myself real viruses before in order to test things out as I'm sure that some others have done the same thing. I certainly don't want to get my own server blacklisted. Is there also an exclusion for ECAIR viruses and more importantly, is there an exclusion for things like macro viruses that will get sent from legitimate servers? Regarding the data, as with all RBL's, it's quite helpful to know what the delisting procedure is for this...automatic expiration (how long) with or without a Web based delisting tool? Maybe all of this has been considered, but I didn't get much from the E-mail or from the site in this regard. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Title: Message I agree. We build our config file from an external interface, and if we have anything added manually or from another source, it will be overwritten the first time we make changes through our interface. Erik Erik Hjelholt, Managing DirectorAlberni-dot-Net, a div. of Tandem Security Inc.4716 Roger St., Port Alberni, BC V9Y 3Z2Phone: 250-720-8110 - Fax: 250-723-0901 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of John Tolmachoff (Lists)Sent: Friday, July 9, 2004 09:07To: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Automatically changing the configuration files is a bad thing in my opinion. All my configuration files are built from scripts from base files, allowing to easily make changes to one section and then make the appropriate changes in what ever configuration files are needed. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SchmidtSent: Friday, July 09, 2004 8:53 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I guess they wrote a "setup" program that will install new code and even activate it for you. Hopefully, there'll be some "readme" inside that mysterious .EXE file. Otherwise, it is pretty much a cat in the sack! The installation process for the MTLDB:Download Now!(MTLDB.exe 5.6 MB)Run it on your serverYou will beasked for some registration informationThe application will then append a line to your JunkMail configuration file. Thesetup processwill NOT change any existing settings. Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Scott, This is just in regard to the site and not the new test. Could you ask them to code the page in a way so that it doesn't reload every 10 seconds? I use Netscape 7 and it may be that it's just not friendly with that browser, but after a few minutes of sitting on the site, pressing my back button is useless because my history fills up with reloads of the same page over and over, and if this goes on too long, you can't back up out of the site. Matt R. Scott Perry wrote: I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. If you purchased Declude before mid-April 2004, you won't have a username/password. In this case, you can go to http://www.declude.com and click on My Account at the top of the page, you can create an account there. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Allow ICMP packets fixed this for me. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/09/04 11:08AM Admin server can not be reached...Error 3592. Need any special ports open or anything? - Original Message - From: Jay Calvert To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:49 AM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 8:39 AM Subject: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Is this guy serious when he says The test is available for download. What do we have to download? What version number includes this test? What is the format of the test? Is it just an IP4R test? What host name do we use? - Original Message - From: Barry @ CPHZ To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:35 AM Subject: New Multiple Threat Lookup Database test for Declude JunkMail We are pleased to let you know that today we have released a new test for all Declude JunkMail customers who are covered by a currently valid Support Agreement. The MTLDB test will test each E-mail against our database of IP addresses that have sent viruses. If the IP address is listed, the E-mail will fail the test. Otherwise, the E-mail will pass the test. The MTLDB test is used in the same way as other Declude JunkMail tests. For most customers, it would be used towards the weighting system, so that it is more likely that spam will get caught. However, like other tests in Declude JunkMail, it is possible to take a separate action for E-mails failing the MTLDB test (such as quarantining them with the HOLD action). The test is available for download www.declude.com Thanks for your support. Barry Barry Simpson President CEO Computerized Horizons, LLC 65 Parker Street Unit 5 Newburyport, MA 01950 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
It seems to me that this was an attempt by the new owners to harvest information about Declude users via the signup mechanism. I believe the reason for requiring the signup information is to help ensure that customers with up-to-date Service Agreements get to use the test at no cost, while those without active Service Agreements do not. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I tried that, and it claimed my email address did not exist on their system. I've only had one email address the entire time we've done business with Declude. Keith Purtell, Web/Network Administrator VantageMed Corporation CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Russ Uhte (Lists) Sent: Friday, July 09, 2004 11:11 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail At 10:49 AM 7/9/2004, Jay Calvert wrote: I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. I never had one either, so I just clicked new user, and it asked me for an email address/password to use, and it continued on... -Russ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Why a 5 MB download for an IP4R test? I was a bit surprised, too, when I saw that it was a 5.6MB file. :) Also, I think it would be a very good idea to have a process of opting-out customers from the data collection (or rather opt-in as that is the standard that we use for judging spam and this could be managed effectively in a download such as this). There is -- you can add a line AUTOFORGE OFF to your virus.cfg file to opt out. There are privacy concerns in some cases, and I have also sent myself real viruses before in order to test things out as I'm sure that some others have done the same thing. I certainly don't want to get my own server blacklisted. Is there also an exclusion for ECAIR viruses and more importantly, is there an exclusion for things like macro viruses that will get sent from legitimate servers? We will certainly be looking at ways to ensure that IPs do not get listed accidentally. Regarding the data, as with all RBL's, it's quite helpful to know what the delisting procedure is for this...automatic expiration (how long) with or without a Web based delisting tool? Maybe all of this has been considered, but I didn't get much from the E-mail or from the site in this regard. The de-listing procedure is going to be handled manually initially. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I ran the test few minutes with 0 weight and alert action, so far near all messages were false positive. BTW: I don't fully understand the idea behind this test. --- Franco Celli --- [Quipo ISP - Questa E-mail e' stata controllata dal programma Declude Virus] [Quipo ISP - This E-mail was scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I tried that, and it claimed my email address did not exist on their system. I've only had one email address the entire time we've done business with Declude. You need to log on as a new account. The website does not know about customers from before the new website was put online. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Maybe all of this has been considered, but I didn't get much from the E-mail or from the site in this regard. I did not even get an e-mail about this. Maybe Scott does not like me, getting back at me for all the intern jokes. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
BTW: I don't fully understand the idea behind this test. I agree...can someone explain the rationale behind this test? How effective will this be at identifying spam? - Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Scott, Thanks for the answers. I just wanted to add my comments to two very important things. Is there also an exclusion for ECAIR viruses and more importantly, is there an exclusion for things like macro viruses that will get sent from legitimate servers? We will certainly be looking at ways to ensure that IPs do not get listed accidentally. I think that for this to really go prime-time, you need exclusions so that only forging viruses or all viruses that come from DUL space, have no reverse DNS entry or have a reverse with an IP encoded in it get listed, and specifically not the types of things that get manually spread or might use a mail server to relay. Those exclusions I believe are the things that CBL uses in order to avoid listing legitimate mail servers and it works very well, though I'm sure that they also maintain an exclusion list separate from this. Excluding your own customer's IP's wouldn't be a bad idea either. Regarding the data, as with all RBL's, it's quite helpful to know what the delisting procedure is for this...automatic expiration (how long) with or without a Web based delisting tool? Maybe all of this has been considered, but I didn't get much from the E-mail or from the site in this regard. The de-listing procedure is going to be handled manually initially. You didn't address the part about automatic expiration. I've found terrible problems with almost all of the open-relay lists because it appears that none of them are expiring anything. DSBL admins boast about how they have 3.4 million IP's listed, but they have listings going back something like 5 years and they provide no way for residential IP's to be delisted without contacting an admin and they have expressed that they believe that multiple hop scanning is stupid...but only when you maintain bad data IMO. Anyway, I'm ranting... Please delist after 2 weeks of inactivity (spam trap included). I think that makes perfect sense. I also think it would make sense to have a simple form like CBL that allows for at least an easy way to submit IP's for delisting, if not automated removal. If this is being used for tracking viruses primarily, it would seem better to help protect from false positives. I think that many of us are pretty comfortable with our block rates and can't afford to throw in new tests that might increase our FP rate unnecessarily and an expiration/removal method would definitely help. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
BTW: I don't fully understand the idea behind this test. I agree...can someone explain the rationale behind this test? How effective will this be at identifying spam? The idea is that people are reporting 60% to 85% of spam coming from zombies -- IP addresses that have trojan horses installed on them, most due to viruses. The IPs that we list are those that were sending viruses in the past; therefore, they will likely be sending spam in the future. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Hi Scott: The IPs that we list are those that were sending viruses in the past; therefore, they will likely be sending spam in the future. I wonder, whether most corporate PCs (with identifiable, fix IP addresses) are more likely to be protected behind firewalls or mail servers with virus scanners - while consumer workstations (with always-changing dynamic/dial-up dsl/cable) ip addresses are more likely to be clueless and thus more likely to be infected. So - if some dial-up/dynamic PC gets infected, that IP address will likely be assigned to someone else who happens to connect tomorrow? Is your test eliminating any dial-up/dynamic IPs, since by definition the infected/spam workstation will change IPs? How do you account for businesses using Internet gateways, firewalls, NAT routers etc where one IP address could feasible represent a large number of different workstations? I have some concerns, how reliable such a test possibly can be, if it doesn't have an aggressive automatic de-listing policy (similar to Spamcop's). Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
[Responding to two posts] So - if some dial-up/dynamic PC gets infected, that IP address will likely be assigned to someone else who happens to connect tomorrow? Is your test eliminating any dial-up/dynamic IPs, since by definition the infected/spam workstation will change IPs? But, by definition, those IPs are guaranteed to be dynamic -- and therefore shouldn't be sending E-mail directly, without the assistance of an MTA. How do you account for businesses using Internet gateways, firewalls, NAT routers etc where one IP address could feasible represent a large number of different workstations? If a business has infected computers, and the business allows those infected computers to send out viruses through the firewall on the same IP that outgoing legitimate E-mail goes on, they have serious problems. They would need to fix the problems, and request removal of their IP. Considering that most administrators will block ANY TCP/IP traffic from/to a server and only open exactly those 2 or 3 ports that are needed for its primary function, you can assume that trying to ping will not be permitted - thus preventing install. Not true -- a good admin will allow ICMP traffic through, *unless* they believe it to be a specific security risk. As a rule of thumb, when people ask me for assistance regarding troubles reaching a computer and I can't ping it, I tell them that it can't be pinged, and they have to take care of it from there. If you disable a vital networking tool, you need to accept the consequences. On the other hand, I don't believe an install program should need to use ICMP traffic, and I have passed this information on to the developer of the install program. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
a good admin will allow ICMP traffic through, *unless* they believe it to be a specific security risk Sorry, disagree there. A *good* admin will recognize that ICMP *IS* a security risk. It allows remote computers to build a map of your network and find out what IP addresses are valid. While security through obscurity is not enough by itself, blocking ICMP traffic is pretty standard practice these days. ICMP is also used for many DOS attacks. Here is a quote from HACKING EXPOSED (which should be required reading for all network admins, IMO): As discussed throughout this book, we reiterate that ICMP traffic is dangerous. While ICMP serves a valuable diagnostic purpose, ICMP is easily abused and is often the 'bullet' used for bandwidth consumption attacks. And another: Ping sweeps (or ICMP ECHO packets) are only the tip of the iceberg when it comes to ICMP information about a system. You can gather all kinds of valuable information about a system by simply sending an ICMP packet to it. Now, in my configuration, I am able to block only incoming ICMP packets while allowing outgoing, so I was able to install without a problem. Many admins do not have that option, though. -Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, July 09, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail [Responding to two posts] So - if some dial-up/dynamic PC gets infected, that IP address will likely be assigned to someone else who happens to connect tomorrow? Is your test eliminating any dial-up/dynamic IPs, since by definition the infected/spam workstation will change IPs? But, by definition, those IPs are guaranteed to be dynamic -- and therefore shouldn't be sending E-mail directly, without the assistance of an MTA. How do you account for businesses using Internet gateways, firewalls, NAT routers etc where one IP address could feasible represent a large number of different workstations? If a business has infected computers, and the business allows those infected computers to send out viruses through the firewall on the same IP that outgoing legitimate E-mail goes on, they have serious problems. They would need to fix the problems, and request removal of their IP. Considering that most administrators will block ANY TCP/IP traffic from/to a server and only open exactly those 2 or 3 ports that are needed for its primary function, you can assume that trying to ping will not be permitted - thus preventing install. Not true -- a good admin will allow ICMP traffic through, *unless* they believe it to be a specific security risk. As a rule of thumb, when people ask me for assistance regarding troubles reaching a computer and I can't ping it, I tell them that it can't be pinged, and they have to take care of it from there. If you disable a vital networking tool, you need to accept the consequences. On the other hand, I don't believe an install program should need to use ICMP traffic, and I have passed this information on to the developer of the install program. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Please take this as being constructive. I'm not out to prove a point with spam blocking, I'm out to just simply block spam and deliver good E-mail. When some idiot blasts legitimate mail from DUL space, the problem becomes mine to solve, and my customers expect for me to solve it, period. Same thing goes for businesses that don't have good practices concerning this stuff. I can definitely tell you that employees of large corporations such as GM and VW have employees in branch offices that purchase and install bulk-mail software on their desktop computers and send out E-mail that way. Again, this is my problem. Both of these things speak to the need that was described in Andy's post. I don't think that the attitude that the problem is someone else's gets you very far in the business of offering spam and virus blocking as a service. While this attitude is quite popular with RBL administrators and the movement in general, it is increasingly unpopular with people like myself that have to deal with the shortcomings that result from this being used as a policy. I think that some other things like your unwillingness to allow for Outlook's omission of the To header in BADHEADERS, and the inability to turn off individual vulnerabilities with the exception of a couple are also reflections of the belief that it is the other guy's problem, though not the only reason. The bottom line is that the more that people that I rely on who go about things with this attitude, the more work it creates for me and the worse off my customers are as a result. I'm in the business of delivering good E-mail and blocking spam and viruses, but I'm not in the business of blocking stupidity if I can help it. I do however understand that there are instances where practicality doesn't present an easy solution and that laying the blame on the stupid is an easy and obvious out. I'm sure that you would like to allow for much more flexibility/accuracy with your tests if allowed the time to develop them, so my only real concern is that one's stupidity doesn't affect your willingness to address or prioritize a problem. That said, I do appreciate the effort here with this test, and as with anything it will evolve and become stronger and more accurate, but I just hope that you don't limit yourself from doing the right thing just because of a real-world condition that doesn't make sense to you. Thanks, Matt So - if some dial-up/dynamic PC gets infected, that IP address will likely be assigned to someone else who happens to connect tomorrow? Is your test eliminating any dial-up/dynamic IPs, since by definition the infected/spam workstation will change IPs? But, by definition, those IPs are guaranteed to be dynamic -- and therefore shouldn't be sending E-mail directly, without the assistance of an MTA. How do you account for businesses using Internet gateways, firewalls, NAT routers etc where one IP address could feasible represent a large number of different workstations? If a business has infected computers, and the business allows those infected computers to send out viruses through the firewall on the same IP that outgoing legitimate E-mail goes on, they have serious problems. They would need to fix the problems, and request removal of their IP. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Dan, while you make a good point, there is a balance to everything. A couple of years ago I attended a MS security seminar in Irvine. They brought up a very good point Security is like a triangle. The three points are cost, function and safety. The point inside the triangle where your security setting is extremely difficult to plot easily. What I do is allow ICMP traffic to my DMZ servers from the Internet, and to other servers by source, and to LAN only as needed. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Friday, July 09, 2004 11:08 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail a good admin will allow ICMP traffic through, *unless* they believe it to be a specific security risk Sorry, disagree there. A *good* admin will recognize that ICMP *IS* a security risk. It allows remote computers to build a map of your network and find out what IP addresses are valid. While security through obscurity is not enough by itself, blocking ICMP traffic is pretty standard practice these days. ICMP is also used for many DOS attacks. Here is a quote from HACKING EXPOSED (which should be required reading for all network admins, IMO): As discussed throughout this book, we reiterate that ICMP traffic is dangerous. While ICMP serves a valuable diagnostic purpose, ICMP is easily abused and is often the 'bullet' used for bandwidth consumption attacks. And another: Ping sweeps (or ICMP ECHO packets) are only the tip of the iceberg when it comes to ICMP information about a system. You can gather all kinds of valuable information about a system by simply sending an ICMP packet to it. Now, in my configuration, I am able to block only incoming ICMP packets while allowing outgoing, so I was able to install without a problem. Many admins do not have that option, though. -Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, July 09, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail [Responding to two posts] So - if some dial-up/dynamic PC gets infected, that IP address will likely be assigned to someone else who happens to connect tomorrow? Is your test eliminating any dial-up/dynamic IPs, since by definition the infected/spam workstation will change IPs? But, by definition, those IPs are guaranteed to be dynamic -- and therefore shouldn't be sending E-mail directly, without the assistance of an MTA. How do you account for businesses using Internet gateways, firewalls, NAT routers etc where one IP address could feasible represent a large number of different workstations? If a business has infected computers, and the business allows those infected computers to send out viruses through the firewall on the same IP that outgoing legitimate E-mail goes on, they have serious problems. They would need to fix the problems, and request removal of their IP. Considering that most administrators will block ANY TCP/IP traffic from/to a server and only open exactly those 2 or 3 ports that are needed for its primary function, you can assume that trying to ping will not be permitted - thus preventing install. Not true -- a good admin will allow ICMP traffic through, *unless* they believe it to be a specific security risk. As a rule of thumb, when people ask me for assistance regarding troubles reaching a computer and I can't ping it, I tell them that it can't be pinged, and they have to take care of it from there. If you disable a vital networking tool, you need to accept the consequences. On the other hand, I don't believe an install program should need to use ICMP traffic, and I have passed this information on to the developer of the install program. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Ah, but you DO recognize that ICMP is a threat, and so you have set access-rules on it. That was my main point. And as Sandy pointed out, there are many firewalls out there that do NOT allow you to set access-rules other than allow ICMP globally or disallow ICMP globally. For an admin that must put up with one of those firewalls for one reason or another, the only secure setting is to disallow ICMP. Normally I disallow all ICMP traffic inbound, even though I can get more granular. If I have need of ICMP for one reason or another, I do as Scott Fisher did and allow it while it is needed and then disable it again. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, July 09, 2004 2:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Dan, while you make a good point, there is a balance to everything. A couple of years ago I attended a MS security seminar in Irvine. They brought up a very good point Security is like a triangle. The three points are cost, function and safety. The point inside the triangle where your security setting is extremely difficult to plot easily. What I do is allow ICMP traffic to my DMZ servers from the Internet, and to other servers by source, and to LAN only as needed. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Friday, July 09, 2004 11:08 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail a good admin will allow ICMP traffic through, *unless* they believe it to be a specific security risk Sorry, disagree there. A *good* admin will recognize that ICMP *IS* a security risk. It allows remote computers to build a map of your network and find out what IP addresses are valid. While security through obscurity is not enough by itself, blocking ICMP traffic is pretty standard practice these days. ICMP is also used for many DOS attacks. Here is a quote from HACKING EXPOSED (which should be required reading for all network admins, IMO): As discussed throughout this book, we reiterate that ICMP traffic is dangerous. While ICMP serves a valuable diagnostic purpose, ICMP is easily abused and is often the 'bullet' used for bandwidth consumption attacks. And another: Ping sweeps (or ICMP ECHO packets) are only the tip of the iceberg when it comes to ICMP information about a system. You can gather all kinds of valuable information about a system by simply sending an ICMP packet to it. Now, in my configuration, I am able to block only incoming ICMP packets while allowing outgoing, so I was able to install without a problem. Many admins do not have that option, though. -Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, July 09, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail [Responding to two posts] So - if some dial-up/dynamic PC gets infected, that IP address will likely be assigned to someone else who happens to connect tomorrow? Is your test eliminating any dial-up/dynamic IPs, since by definition the infected/spam workstation will change IPs? But, by definition, those IPs are guaranteed to be dynamic -- and therefore shouldn't be sending E-mail directly, without the assistance of an MTA. How do you account for businesses using Internet gateways, firewalls, NAT routers etc where one IP address could feasible represent a large number of different workstations? If a business has infected computers, and the business allows those infected computers to send out viruses through the firewall on the same IP that outgoing legitimate E-mail goes on, they have serious problems. They would need to fix the problems, and request removal of their IP. Considering that most administrators will block ANY TCP/IP traffic from/to a server and only open exactly those 2 or 3 ports that are needed for its primary function, you can assume that trying to ping will not be permitted - thus preventing install. Not true -- a good admin will allow ICMP traffic through, *unless* they believe it to be a specific security risk. As a rule of thumb, when people ask me for assistance regarding troubles reaching a computer and I can't ping it, I tell them that it can't be pinged, and they have to take care of it from there. If you disable a vital networking tool, you need to accept the consequences. On the other hand, I don't believe an install program should need to use ICMP traffic, and I have passed this information on to the developer of the install
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
That said, I do appreciate the effort here with this test, and as with anything it will evolve and become stronger and more accurate, but I just hope that you don't limit yourself from doing the right thing just because of a real-world condition that doesn't make sense to you. I am going to ask questions here of Scott and others at Declude. Scott, please do not take this the wrong way. Scott, did you create this test, or is it otherwise your idea? Scott, are you in control of features and changes to declude.exe, or are others now influencing your decisions? I have to say I have noticed a change in the traditional way features and suggestions are taking place. In defense of Scott's post, I will have to say it is becoming increasingly hard to fight spam and viruses as more and more come from IPs that are dynamic, and more and more business are using those same blocks. Example, one server I maintain kept receiving a ton of viruses from a Mpower /16 block. So I block the whole thing. Turns out, I have a client in the block, and I was block his e-mail to my server. BAD! Now, if this client would listen to me what I have been trying to tell him for 2 years now to get a firewall, I could simply set up a VPN between his firewall and mine, and I could then block those IPs as my server would see him coming from the private IP, not the ISP one. What we have is a society that wants to spend as little as possible, yet the ones we are trying to protect them from are spending money and time. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
At 01:38 PM 7/9/2004, Dan Horne wrote: Ah, but you DO recognize that ICMP is a threat, and so you have set access-rules on it. That was my main point. And as Sandy pointed out, Obviously ICMP _CAN_ be a security risk, but so is having your network connected to the Internet. I know a lot of admins that block ICMP for a plethora of reasons. At this point, this is probably getting a little off-topic, but in reality, if you block ICMP, you break IP. That's the bottom line, and nobody can argue that. So, everyone does what he/she needs to do to sleep better at night, and if this includes blocking ICMP, then so be it... But I'm gonna have to agree with Scott when he said I can't ping you, fix that problem first!! -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Scott, did you create this test, or is it otherwise your idea? I helped come up with the original idea. However, most of the design and development work was done by others, with occasional input from me. Scott, are you in control of features and changes to declude.exe, or are others now influencing your decisions? The owners of the company make the final decisions. However, I can say that for the time being at least, no changes will be made to the declude.exe code without my knowledge (there could potentially be changes I don't agree with, but at least I'll know if that does happen). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Scott, are you in control of features and changes to declude.exe, or are others now influencing your decisions? The owners of the company make the final decisions. However, I can say that for the time being at least, no changes will be made to the declude.exe code without my knowledge (there could potentially be changes I don't agree with, but at least I'll know if that does happen). But what about changes you would like to make? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
The owners of the company make the final decisions. However, I can say that for the time being at least, no changes will be made to the declude.exe code without my knowledge (there could potentially be changes I don't agree with, but at least I'll know if that does happen). But what about changes you would like to make? It depends on the effect of those changes. I've been making bug fixes and minor enhancements, but major new features would need to be run by management. The main reason that we haven't seen many new features lately is that we are in a holding pattern waiting for the next release. We don't want to add a bunch of new features, and then have to delay the next release waiting to find any issues with the new features. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I was taking the optimistic interpretation that a big new release was around the corner. Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 07/09/04 02:31PM Sounds like new features are going to be slow going from this point??? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, July 09, 2004 12:19 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail The owners of the company make the final decisions. However, I can say that for the time being at least, no changes will be made to the declude.exe code without my knowledge (there could potentially be changes I don't agree with, but at least I'll know if that does happen). But what about changes you would like to make? It depends on the effect of those changes. I've been making bug fixes and minor enhancements, but major new features would need to be run by management. The main reason that we haven't seen many new features lately is that we are in a holding pattern waiting for the next release. We don't want to add a bunch of new features, and then have to delay the next release waiting to find any issues with the new features. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Sounds like new features are going to be slow going from this point??? Until the next release, most likely. But after that, it should be back to the usual rate. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Hi Scott: As a rule of thumb, when people ask me for assistance regarding troubles reaching a computer and I can't ping it, I tell them that it can't be pinged, and they have to take care of it from there. If you disable a vital networking tool, you need to accept the consequences. That's fine - IF I asked Computerized Horizon to diagnose connectivity to my network, I would support that position. But, since we are NOT talking about that, I really don't see how your comment could remotely apply to the issue at hand. The ONLY entity who has any reason to diagnose my connectivity are my backbone providers - and anyone can ping up to and even across my border routers to the internal interfaces. There is no point, even for THEM, to ping INSIDE my network, because my local Ethernets and its wiring are MY responsibility - not theirs. (The only exception might be if they were managing my border routers for me.) Anyone who successfully ping across my router has done all the diagnostics they need to do. I can handle it from there. If anyone wants to ping inside my network, they'll have to come to my office and then they are more than happy to send ICMP commands all over my Ethernets. I suggest people become familiar with the very long list of various ICMP exploits and DOS attacks, before suggesting that it should be wide open. I repeat that all connections via any protocol should be disallowed to any machine, except for those expressly needed by the applications of a particular machine. By the way, I do permit CERTAIN ICMP traffic across the border routers. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
At 03:59 PM 7/9/2004, Andy Schmidt wrote: Hi Scott: As a rule of thumb, when people ask me for assistance regarding troubles reaching a computer and I can't ping it, I tell them that it can't be pinged, and they have to take care of it from there. If you disable a vital networking tool, you need to accept the consequences. That's fine - IF I asked Computerized Horizon to diagnose connectivity to my network, I would support that position. But, since we are NOT talking about that, I really don't see how your comment could remotely apply to the issue at hand. The ONLY entity who has any reason to diagnose my connectivity are my backbone providers - and anyone can ping up to and even across my border routers to the internal interfaces. There is no point, even for THEM, to ping INSIDE my network, because my local Ethernets and its wiring are MY responsibility - not theirs. (The only exception might be if they were managing my border routers for me.) You've never had to request additional IP blocks from an upstream provider have you?? ;) They will rarely grant you the additional blocks if they can't verify that you are efficiently using the blocks that you have. They do this verification with an echo request... But of course, you can open your firewall to only allow them in!! Anyone who successfully ping across my router has done all the diagnostics they need to do. I can handle it from there. If anyone wants to ping inside my network, they'll have to come to my office and then they are more than happy to send ICMP commands all over my Ethernets. I suggest people become familiar with the very long list of various ICMP exploits and DOS attacks, before suggesting that it should be wide open. I Maybe I'm way off base here, but I was (possibly wrongly) under the assumption that the majority of ICMP vulns/sploits were pretty old. If there have been some recent vulns/sploits, I'd love to read more about them. And remember a DDoS or DoS is just as easy to launch against a TCP/UDP port as it is against ICMP. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I couldn't agree more with Matt. It's annoying as all heck. -M - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 12:17 PM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Scott, This is just in regard to the site and not the new test. Could you ask them to code the page in a way so that it doesn't reload every 10 seconds? I use Netscape 7 and it may be that it's just not friendly with that browser, but after a few minutes of sitting on the site, pressing my back button is useless because my history fills up with reloads of the same page over and over, and if this goes on too long, you can't back up out of the site. Matt R. Scott Perry wrote: I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. If you purchased Declude before mid-April 2004, you won't have a username/password. In this case, you can go to http://www.declude.com and click on My Account at the top of the page, you can create an account there. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Scott maybe they should change the following on declude site: We do NOT block any e-mail or list IPs We do NOT run any blacklists This new test uses IP blacklists run by declude, no ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 10, 2004 1:16 AM Subject: RE: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Well, I think this new test is maybe testing the waters, as so far, even though I like the idea, I do not like the implementation of this test, and have not yet done it on my server, nor on the other Imail/Declude servers I consult/maintain on. The reports so far from those that have implemented this test have been rather less than enthusiastic. Testing the waters does seem like an appropriate description. This test was developed mostly by the new team (management and developers), and from a business perspective they did a very good job (adding a GUI interface for the install, using SSL to get customer data, coming up with methods of storing the data and retrieving it, etc.). From a technical perspective, there were some glitches (such as requiring a 5MB install program that doesn't uninstall fully and requires ICMP packets, and some unresolved questions about exactly how the test will work). But, I do plan a critique afterwards, covering what I think could have been done differently and why. The management could have just said, Scott, you did a great job in the past; take this new project and just do it however you like. But that would have just increased their reliance on me -- whereas this way, I can help mold the new company. They can learn from their mistakes this way (and the mistakes are relatively minor), and move from an average team with above average members to an above average team. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
I understand that new declude versions requires an up to date service agreement. But this is a simple IP4r test that can be run with existing versions, so why are they requiring a SA ? BTW, i do have a current SA, so that is not why i am bitchin, but it seems things are starting to get out of hands here. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
