Re: [Declude.JunkMail] OSRELAY question.
There was a report in the last few days about relays.osirusoft.com going sour in some way. I didn't pay much attention until I had a dozen OSRELAY false positives staring me in the face. I've turned off all relays.osirusoft.com based tests (I used two) Dan On Tuesday, August 26, 2003 17:14, Chuck Schick [EMAIL PROTECTED] wrote: In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. I hate to say it but: X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com implies that *someone* thinks you should stop using relays.osirusoft.com. :) Apparently, they have had some serious problems (their web site hasn't been reachable for quite some time), and want people to stop using them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 5:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
I've seen it to. Additionally http://relays.osirusoft.com isn't responding and emails are being bounced. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 8:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
I'm feeling dumb this evening, so I'll share my dumb question, sorry in advance. The appropriate action for us to take then is to A) do nothing B) modify our global.cfg to comment out the 6 or so relays.osirusoft.com tests C) Something completely different Inquiring minds would like to know. Thanks in advance. Rob Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
hi scott does this mean we need to stop using all of the tests below ? OSDUL ip4rrelays.osirusoft.com 127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com 127.0.0.8 6 0 OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 OSPROXY ip4rrelays.osirusoft.com 127.0.0.9 7 0 OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 OSSRC ip4rrelays.osirusoft.com 127.0.0.4 10 0 OSDIPS ip4rrelays.osirusoft.com 127.0.0.3 5 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 12:26 AM Subject: Re: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. I hate to say it but: X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com implies that *someone* thinks you should stop using relays.osirusoft.com. :) Apparently, they have had some serious problems (their web site hasn't been reachable for quite some time), and want people to stop using them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Well...made it to their web site and this is what it says Due to the severe drain of resources, relays.osirusoft.com will be down for an undetermined period of time. Please ask all sites using data from relays.osirusoft.com to stop until further notice. So, I have commented out the tests until further notice. MB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 5:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Yes, because if you do not disable the Osirusoft tests, it will only cause unnecessary mail processing delays, as your queries wait for a response and eventually time-out (approx 10 seconds), since the rbl is no longer responding to queries, or is returning bogus responses. In either case, not a good thing... Bill - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 6:16 PM Subject: Re: [Declude.JunkMail] OSRELAY question. hi scott does this mean we need to stop using all of the tests below ? OSDUL ip4rrelays.osirusoft.com 127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com 127.0.0.8 6 0 OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 OSPROXY ip4rrelays.osirusoft.com 127.0.0.9 7 0 OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 OSSRC ip4rrelays.osirusoft.com 127.0.0.4 10 0 OSDIPS ip4rrelays.osirusoft.com 127.0.0.3 5 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 12:26 AM Subject: Re: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. I hate to say it but: X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com implies that *someone* thinks you should stop using relays.osirusoft.com. :) Apparently, they have had some serious problems (their web site hasn't been reachable for quite some time), and want people to stop using them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
I would go with option B and comment them out. Bill - Original Message - From: Robert Grosshandler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:55 PM Subject: RE: [Declude.JunkMail] OSRELAY question. I'm feeling dumb this evening, so I'll share my dumb question, sorry in advance. The appropriate action for us to take then is to A) do nothing B) modify our global.cfg to comment out the 6 or so relays.osirusoft.com tests C) Something completely different Inquiring minds would like to know. Thanks in advance. Rob Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:32 PM Subject: RE: [Declude.JunkMail] OSRELAY question. Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 5:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-HONGKONG HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: RE: [Declude.JunkMail] OSRELAY question.
Hi, Thanks for your interest in Alligate. We recommend that you first look over the product documentation so that you will have a good understanding of Alligate's capabilities and installation requirements. The documentation can be downloaded at the following address: http://www.alligate.com/downloads.asp Of particular interest to you would probably be the initial sections on setup and operation. There is a considerable amount of detail on customizing, however it will be extremely efficient with no customization whatsoever. Please take a few minutes and peruse the documentation, and if this sounds like it will do the job for you, please lets us know and we will mail temporary license codes to you for evaluation. We will be happy to supply you with a free 30 day license so that you can evaluate the product. In order to generate the license and key codes for you we will need to know the IP address for the computer you will be using to test Alligate. We will also need to know the number of domains you will be processing. These are both used in license key generation. Pricing is determined by the number of domains your are receiving mail for. Licensing costs are available at http://www.alligate.com/pricing.htm Thanks again, Brian Milburn Solid Oak Software --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
wow! yes there are a lot... but that begs another important question... which ones to use.. :( what is everyone else using ??? thanks sheldon - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:41 AM Subject: Re: [Declude.JunkMail] OSRELAY question. Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webmaster Oilfield Directory Sent: Wednesday, August 27, 2003 7:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. wow! yes there are a lot... but that begs another important question... which ones to use.. :( what is everyone else using ??? thanks sheldon - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:41 AM Subject: Re: [Declude.JunkMail] OSRELAY question. Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. The problem is that it is very, very difficult to determine the key piece of information: false positive ratios. Most of the information that people have about the DNS-based spam tests are things like It works really well for me as a small business or As an ISP I find that I can't use it, it has more false positives than I want -- neither of which provides enough information to decide whether or not you should use it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Hi; What I have found working the best was: 1: Add as many of the tests as you want with 0 weight. 2: Add a header for every test 3: Monitor your headers and adjust the weights accordingly. 4: After several months start taking out the tests that their weight has stayed 0. This is a lengthy process but as Scott said this is not a one size fits all... We still adjust our weights after all this time and just fine tune them. It has been discussed here over and over again and of course it is one of Declude's strengths that allows you to not base your final decision based on a single test. What we find the tests most useful is with brand new spams we get since on the average our weighing makes sure if something fails 4-5 tests they get into a holding weight. Of course if we see a new spam its content will be marked and it no longer needs any external weight to trap it. Just some thoughts... Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, August 27, 2003 1:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. The problem is that it is very, very difficult to determine the key piece of information: false positive ratios. Most of the information that people have about the DNS-based spam tests are things like It works really well for me as a small business or As an ISP I find that I can't use it, it has more false positives than I want -- neither of which provides enough information to decide whether or not you should use it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
I've found that my scoring in Declude shouldn't be indicative of what is most commonly associated with spam only, but also what is most commonly associated with other tests and false positives. This speaks to the trouble with rating the individual blacklists, scoring them in isolation from one another isn't quite as informative as you would think it would be, although it is quite valuable to know the false positive rates of each individual test so you can avoid them or score them lower. Maybe instead of a rating, people could come up with a standardized rule base that blacklists use for blocking and removal, that way you could determine from the rule base whether or not they are likely to so something defeatist like block Yahoo/SBC's mail servers or rely on a slow update process for open relays. Matt Omar K. wrote: Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Webmaster Oilfield Directory Sent: Wednesday, August 27, 2003 7:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. wow! yes there are a lot... but that begs another important question... which ones to use.. :( what is everyone else using ??? thanks sheldon - Original Message - From: "R. Scott Perry" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:41 AM Subject: Re: [Declude.JunkMail] OSRELAY question. Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation.
RE: [Declude.JunkMail] OSRELAY question.
Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list
RE: [Declude.JunkMail] OSRELAY question.
Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL* brazil.blackholes.us BHOLE-CHINA * china.blackholes.us BHOLE-CN-KR * cn-kr.blackholes.us BHOLE-HONGKONG * hongkong.blackholes.us BHOLE-JAPAN * japan.blackholes.us BHOLE-KOREA * korea.blackholes.us BHOLE-RUSSIA* russia.blackholes.us BHOLE-CW* cw.blackholes.us BHOLE-LEVEL3* level3.blackholes.us BHOLE-RR* rr.blackholes.us BHOLE-VERIO * verio.blackholes.us BHOLE-XO* xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1
RE: [Declude.JunkMail] OSRELAY question.
Thanks Kami, We are still on IMail 7.15. IMail 8 is sitting on the shelf until I have some time to deal with the upgrade. I assume to include one of these test in Declude it would be in the form of CHINABLACKHOLE ip4r china.blackholes.us 127.0.0.25 0 Todd At 03:51 PM 8/27/2003 -0400, you wrote: Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL*brazil.blackholes.us BHOLE-CHINA*china.blackholes.us BHOLE-CN-KR*cn-kr.blackholes.us BHOLE-HONGKONG*hongkong.blackholes.us BHOLE-JAPAN*japan.blackholes.us BHOLE-KOREA*korea.blackholes.us BHOLE-RUSSIA*russia.blackholes.us BHOLE-CW*cw.blackholes.us BHOLE-LEVEL3*level3.blackholes.us BHOLE-RR*rr.blackholes.us BHOLE-VERIO*verio.blackholes.us BHOLE-XO*xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http
RE: [Declude.JunkMail] OSRELAY question.
Kami, I assume based on your weights that you are Holding at 20? Todd At 03:51 PM 8/27/2003 -0400, you wrote: Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL* brazil.blackholes.us BHOLE-CHINA * china.blackholes.us BHOLE-CN-KR * cn-kr.blackholes.us BHOLE-HONGKONG * hongkong.blackholes.us BHOLE-JAPAN * japan.blackholes.us BHOLE-KOREA * korea.blackholes.us BHOLE-RUSSIA* russia.blackholes.us BHOLE-CW* cw.blackholes.us BHOLE-LEVEL3* level3.blackholes.us BHOLE-RR* rr.blackholes.us BHOLE-VERIO * verio.blackholes.us BHOLE-XO* xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS
RE: [Declude.JunkMail] OSRELAY question.
Hi Todd: Yes we hold on 20. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, I assume based on your weights that you are Holding at 20? Todd At 03:51 PM 8/27/2003 -0400, you wrote: Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL* brazil.blackholes.us BHOLE-CHINA * china.blackholes.us BHOLE-CN-KR * cn-kr.blackholes.us BHOLE-HONGKONG * hongkong.blackholes.us BHOLE-JAPAN * japan.blackholes.us BHOLE-KOREA * korea.blackholes.us BHOLE-RUSSIA* russia.blackholes.us BHOLE-CW* cw.blackholes.us BHOLE-LEVEL3* level3.blackholes.us BHOLE-RR* rr.blackholes.us BHOLE-VERIO * verio.blackholes.us BHOLE-XO* xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP
RE: [Declude.JunkMail] OSRELAY question.
Until a few days ago, I was using SORBSALL, but on checking out their home page, I found that it had grown quite a lot since I started using it. Since JunkMail will only incur the lookup once, I suggest that if you're using SORBS that you break it up into all the little tests to query the same rbl, and set your weights accordingly. I found that a) this is much more flexible and b) much more effective, very spammy sources are listed under multiple categories. Check out the bottom of the page for the description and usage of the individual tests and return codes, then set your weights and actions as you see fit: http://www.dnsbl.sorbs.net/using.html Andrew 8) # This is an automatically maintained list generated by spamtraps whose messages # are then tested by a community maintained script at http://sourceforge.net/projects/sorbs/ # For the all-in info, see the home page at http://www.dnsbl.sorbs.net/ #SORBSALL ip4rdnsbl.sorbs.net * 7 0 #open web proxy servers SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 7 0 #open socks proxy servers SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 7 0 #open proxies that are neither web nor socks SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 7 0 #open smtp relay servers SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 7 0 #hosts that send spam and netblocks of providers that support spammers SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 7 0 #hosts that have spammer abused vulnerabilites, e.g. formmail script SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 7 0 #hosts that demand that they are never to be scanned by SORBS SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 3 0 #hosts that are in a netblock hijacked from someone else SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 7 0 #hosts that are in a dynamic IP range at their ISP #this one gets us in trouble because our HOP settings usually catch the workstation #as it sends to its own ISPs mail server, and we can't differentiate between a server #that sends the mail and the workstation... #SORBS-DUL ip4rdnsbl.sorbs.net 127.0.0.10 3 0 #hosts that have badly configured DNS, e.g. private IP addresses or broadcasts SORBS-BADCONF rhsbldnsbl.sorbs.net127.0.0.11 3 0 #domains where the correct admin has stated that mailfrom should never be from this domain #eg corp.supernews.com and news.supernews.net SORBS-NOMAILrhsbldnsbl.sorbs.net127.0.0.12 1 0
