Re: [Declude.JunkMail] Increased SPAM not being blocked.
> No, you only need to use IPBYPASS if a "good" mailserver will be receiving > the spam and passing it on to you (typically either a gateway mailserver or > backup mailserver). So instead of using HOP=1 when you know the IP address of the smtp gateway, it is preferable to use IPBYPASS=[ip address]? If so, why? It's much easier to understand what is happening that way. The HOP option is good if you have a configuration that likely will never change, and is very easy to understand (for example, your MX record is split evenly between two servers (with no backups), so all mail will go to IMail through those two servers). Otherwise, it can get very confusing (IE "HOP 1" combined with an IPBYPASS line -- I'd have to check the manual to see how that would work). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Increased SPAM not being blocked.
"R. Scott Perry" wrote: > >I do have a whitelist with about 50 entries but these > >are known domain names and email addresses that I have verified personally. > > Are any of them your domains? For example, if we were to whitelist > @declude.com, we would receive a lot more spam (because many spammers know > that people whitelist their own domain). > > >Scott we don't have a backup mail server so I don't need to use IPBYPASS do I? > > No, you only need to use IPBYPASS if a "good" mailserver will be receiving > the spam and passing it on to you (typically either a gateway mailserver or > backup mailserver). > So instead of using HOP=1 when you know the IP address of the smtp gateway, it is preferable to use IPBYPASS=[ip address]? If so, why? -- Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Increased SPAM not being blocked.
> >I do have a whitelist with about 50 entries but these > >are known domain names and email addresses that I have verified > personally. > > Are any of them your domains? For example, if we were to whitelist > @declude.com, we would receive a lot more spam (because many spammers know > that people whitelist their own domain). Ditt on on whitelisting your postmaster or abuse accounts. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Increased SPAM not being blocked.
Sadly, we too have seen a sudden influx of spam using the standard edition. >>> >>RE: [Declude.JunkMail] Increased SPAM not being blocked. >>Thanks for all the responses. First Kami we don't have the Pro version so we >>can't use customized filters but I can use your from files in addition to >>the ones that I am already using. I use a from file that I update manually --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Increased SPAM not being blocked.
I do have a whitelist with about 50 entries but these are known domain names and email addresses that I have verified personally. Are any of them your domains? For example, if we were to whitelist @declude.com, we would receive a lot more spam (because many spammers know that people whitelist their own domain). Scott we don't have a backup mail server so I don't need to use IPBYPASS do I? No, you only need to use IPBYPASS if a "good" mailserver will be receiving the spam and passing it on to you (typically either a gateway mailserver or backup mailserver). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Increased SPAM not being blocked.
Thanks for all the responses. First Kami we don't have the Pro version so we can't use customized filters but I can use your from files in addition to the ones that I am already using. I use a from file that I update manually and I also update it using the killlistgen utility from imagefxonline. I haven't tried using spamchk yet but I'll look into it. Regarding the content blocking on URL's, is that a customized test because I don't believe it is included in declude. I do have a whitelist with about 50 entries but these are known domain names and email addresses that I have verified personally. Scott we don't have a backup mail server so I don't need to use IPBYPASS do I? I'll get together some headers to send to you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Karen D. Oland Sent: Monday, August 18, 2003 11:25 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Increased SPAM not being blocked. > >There are a few people who are receiving over 30 spams a day and that is > >just unacceptable considering we are running antispam software. Also, what do you have whitelisted? --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Increased SPAM not being blocked.
Maybe start using the BLACKLIST option. I've been doing that for a little while, and it seems to cut back on a lot of spam. I have them setup with a 20 weight and a ROUTETO my spam account so I can review and see if they're legit or not.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Increased SPAM not being blocked.
> >There are a few people who are receiving over 30 spams a day and that is > >just unacceptable considering we are running antispam software. Also, what do you have whitelisted? --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Increased SPAM not being blocked.
Over the past several weeks our level of spam has doubled and a good majority of it isn't failing enough tests to be blocked based on my settings. The problem is that a good deal of it isn't failing ANY tests or only helobogus and ipnotinmx. Are you sure that the other tests are running (for example, mail from a backup won't be scanned properly unless you use an IPBYPASS line in the global.cfg file)? There are a few people who are receiving over 30 spams a day and that is just unacceptable considering we are running antispam software. It sounds like they are being targeted for some reason; most likely, there is a pattern to the spams they are receiving (for example, almost all may be advertising the same product or service), which means that you'll need to come up with filtering for that user. But, my guess would be a simple configuration issue (such as not having a backup listed in the IPBYPASS option). Another option is to send me the complete headers of several spams that aren't getting caught; from that, I can often tell if a configuration change is necessary. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Increased SPAM not being blocked.
Have you tried content blocking on the URL's in the body? Or checked the from or RDNS ranges to see if they have anything in common? Usually, when I've seen this, it is one new spammer, shoving out as many as possible before their new IP is known and blocked. K > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Karl Hentschel > Sent: Monday, August 18, 2003 1:23 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Increased SPAM not being blocked. > > > Over the past several weeks our level of spam has doubled and a good > majority of it isn't failing enough tests to be blocked based on my > settings. The problem is that a good deal of it isn't failing ANY tests or > only helobogus and ipnotinmx. I can't really block on helobogus > or ipnotinmx > alone because I would have a great deal of false positives. One > test that a > few of the emails fail is SBL. Is anyone effectively blocking on > SBL alone? > Are there any other methods being used other than the declude > tests? I have > tried using keywords but it tends to generate too many false positives. > There are a few people who are receiving over 30 spams a day and that is > just unacceptable considering we are running antispam software. Any > suggestions would be appreciated. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.