Re: [Declude.JunkMail] Alligate
This is correct. We stopped offering the IMail specific (non Declude) version of Alligate a couple of months ago. We have also suspended free trials of the Declude add-in until we can bring it up to date so that the same detection methods are used by both the Declude version and our gateway version. We are currently spending too much time maintaining conditional pattern files mainly for about 8 or 10 registered Declude version users. There is not really that much interest in this as a Declude test it seems... lots of free trials, but very few sales. We have far more invested in free trial tech support than the revenue this has generated. The Declude version of Alligate is now lacking about 50% if the refinements and enhancements that we have incorporated into the gateway version. Until we can bring the code up to date, it just doesn't make sense to continue to offer free trials and provide free tech support until we are working with the same code base for both versions of the product. Brian Milburn Solid Oak Software On 10/10/2003 12:20pm you wrote... >FYI > > > >-Original Message- >From: Brian Milburn [mailto:[EMAIL PROTECTED] >Sent: Friday, October 10, 2003 12:05 PM >To: [EMAIL PROTECTED] >Subject: Re: Alligate Information Request > > > > > >Hi, > > > >Thanks for your interest in Alligate for IMail. > > > >We have decided we are no longer going to offer an IMail specific version. >The > >Declude Add-in is not currently being offered, however should be available > >again shortly, probably within a couple of weeks. It is in need of a major > >update to bring it up to the same level that our gateway product is. > > > >I would also invite you to look over the documentation for our gateway > >version. The gateway version of Alligate requires a dedicated computer, > >however it is significantly more powerful than any IMail version and greatly > >reduces the load on your mail server. Additionally, the gateway version has > >integrated email vulnerability detection which eliminates virtually all > >viruses and other email based dangers before they ever get to your mail > >server. > > > >The link for the gateway documentation is: > > > >http://www.getalligate.com > > > >Thanks again, > > > >Brian Milburn > >Solid Oak Software > > >Sincerely, > >William J. Baumbach II [EMAIL PROTECTED] >9975 Pennsylvania Ave. Manassas, Va. 20110-2028 >Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 >- > > >[ scanned for spam to: [EMAIL PROTECTED] outgoing >http://www.DcMetroNet.com on 10/10/2003 at 12:21:21-0500et. ] > >This email message is for the sole use of the intended recipient(s) and may >contain confidential and privileged information. Any unauthorized review, >use, disclosure or distribution of this email is prohibited. If you are not >the intended recipient, please contact the sender and destroy all paper and >electronic copies of this message. > >[ scanned for viruses to: [EMAIL PROTECTED] outgoing >http://www.DcMetroNet.com on 10/10/2003 at 12:21:25-0500et. ] > > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate
John, Our demo policy is now more open than before. I don't want to put too fine a point on it, but as part of our open source release, we changed the way we do demos for Message Sniffer. The sniffer2.snf license has some restrictions but it continually updated. You might consider implementing Message Sniffer "for evaluation purposes" using the demo license until you have the funds you need. Sure, it won't perform as well as a registered version, and it can't be customized, no support, etc... None the less, as an additional test it might be quite helpful. Just a thought, _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of John |Tolmachoff (Lists) |Sent: Thursday, August 28, 2003 1:44 PM |To: [EMAIL PROTECTED] |Subject: RE: [Declude.JunkMail] Alligate | | |I do not use MessageSniffer at this time, but would if I could. | |I like the product. I have evaluated it. It is a very good test to use. | |Why would I use both, the broader the scope of the tests, the |more chance of catching all spam with a lesser FP rate. | |They both have there strengths, and weaknesses. Their |weaknesses is nothing to detract from them, it is inhearant in |any program. | |I just do not have the funds at this time. | |John Tolmachoff MCSE CSSA |Engineer/Consultant |eServices For You |www.eservicesforyou.com | | |> -Original Message- |> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- |> [EMAIL PROTECTED] On Behalf Of Bill Newberg |> Sent: Thursday, August 28, 2003 9:39 AM |> To: [EMAIL PROTECTED] |> Subject: FW: [Declude.JunkMail] Alligate |> |> John, |> |> I understand you are very pleased with the product. Do you use |> MessageSniffer as well? If so, why? |> |> Thanks, |> |> Bill |> |> > |> > -- Original Message -- |> > From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]> |> > Reply-To: [EMAIL PROTECTED] |> > Date: Thu, 28 Aug 2003 09:03:45 -0700 |> > |> > Please see the link to the archives in my earlier post on this. |> > |> > John Tolmachoff MCSE CSSA |> > Engineer/Consultant |> > eServices For You |> > www.eservicesforyou.com |> > |> > |> > > -Original Message- |> > > From: [EMAIL PROTECTED] |[mailto:Declude.JunkMail- |> > > [EMAIL PROTECTED] On Behalf |Of bill.maillists |> > > Sent: Thursday, August 28, 2003 8:28 AM |> > > To: [EMAIL PROTECTED] |> > > Subject: [Declude.JunkMail] Alligate |> > > |> > > I"m already using Message Sniffer with Declude. What would |> > Alligate do |> > that |> > > Message Sniffer doesn't? |> > > |> > > Thanks, |> > > |> > > Bill Newberg |> |> --- |> [This E-mail was scanned for viruses by Declude Virus |(http://www.declude.com)] |> |> --- |> This E-mail came from the Declude.JunkMail mailing list. To |> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type |> "unsubscribe Declude.JunkMail". The archives can be found at |> http://www.mail-archive.com. | |--- |[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate
I do not use MessageSniffer at this time, but would if I could. I like the product. I have evaluated it. It is a very good test to use. Why would I use both, the broader the scope of the tests, the more chance of catching all spam with a lesser FP rate. They both have there strengths, and weaknesses. Their weaknesses is nothing to detract from them, it is inhearant in any program. I just do not have the funds at this time. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Bill Newberg > Sent: Thursday, August 28, 2003 9:39 AM > To: [EMAIL PROTECTED] > Subject: FW: [Declude.JunkMail] Alligate > > John, > > I understand you are very pleased with the product. Do you use > MessageSniffer as well? If so, why? > > Thanks, > > Bill > > > > > -- Original Message -- > > From: "John Tolmachoff \(Lists\)" <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > Date: Thu, 28 Aug 2003 09:03:45 -0700 > > > > Please see the link to the archives in my earlier post on this. > > > > John Tolmachoff MCSE CSSA > > Engineer/Consultant > > eServices For You > > www.eservicesforyou.com > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > > [EMAIL PROTECTED] On Behalf Of bill.maillists > > > Sent: Thursday, August 28, 2003 8:28 AM > > > To: [EMAIL PROTECTED] > > > Subject: [Declude.JunkMail] Alligate > > > > > > I"m already using Message Sniffer with Declude. What would > > Alligate do > > that > > > Message Sniffer doesn't? > > > > > > Thanks, > > > > > > Bill Newberg > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate
Please see the link to the archives in my earlier post on this. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of bill.maillists > Sent: Thursday, August 28, 2003 8:28 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Alligate > > I"m already using Message Sniffer with Declude. What would Alligate do that > Message Sniffer doesn't? > > Thanks, > > Bill Newberg > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate
We use both, and like the combination. >Is anyone using Alligate http://www.alligate.com ? >I'm using message sniffer and was looking at adding alligate also. >I'd appreciate any feedback.. >Mark === Rob www.iGive.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate
Yes, many of us are using Alligate. Please see the discussion from last week: http://www.mail-archive.com/[EMAIL PROTECTED]/msg10255.html John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Mark Smith > Sent: Thursday, August 28, 2003 7:09 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Alligate > > Is anyone using Alligate http://www.alligate.com ? > I'm using message sniffer and was looking at adding alligate also. > > I'd appreciate any feedback.. > > Mark > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: RE : [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
Please forward a copy of the newsletter to me ([EMAIL PROTECTED]) as an attachment and I will adjust the rule base (if appropriate). This is a service we provide by default to each subscriber, but we also - in general - code the core rule base to avoid false positives whenever we hear about them and the choice is widely applicable. Your assistance is greatly appreciated. Thanks, _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |[EMAIL PROTECTED] |Sent: Thursday, August 21, 2003 7:38 AM |To: [EMAIL PROTECTED] |Subject: RE : [Declude.JunkMail] Alligate vs. Message |Sniffer...opinions? | | |Hi, | |Message sniffer is not so bad as I tested it but have a big |problem with News letter it has a bif False positive rate with them. | |Regards |Mehdi Blagui | |-Message d'origine- |De : [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] De la part de |Matthew Bramble Envoyé : jeudi 21 août 2003 03:32 À : |[EMAIL PROTECTED] Objet : Re: [Declude.JunkMail] |Alligate vs. Message Sniffer...opinions? | | |John, | |I just joined the list today, but I found your configuration file from |back in June and it was very helpful in understanding how to fine tune |Alligate. I'm going to study it's logs more closely before I |start that | |phase though, looking for false positives. I've turned that test down |to 3/10 of failure and reduced several other tests by 1/10 to 2/10 of |failure in order to accommodate it (BADHEADERS for instance). |It seems |to get most of it's scoring from technical-type stuff instead of the |heuristics, and if this is the case, I don't think that a scaled test |would be that much more useful to me. If I could score the |content and |obfuscation, and just those things, I wouldn't be double counting the |technicals, and that should reduce some false positives. | |I don't want to knock Alligate, it has some nice functionality, |especially when used without Declude (auto whitelisting and digest |notification), and it does what it says, but it has a relatively high |false positive rate in the default configuration and therefore |it can't |be scored higher than it is on my scale. If they could get the auto |whitelisting and digest notification to work with Declude, that might |make me a buyer. I'm still looking for more information on Message |Sniffer within this context. | |I've looked at AutoWhite and will probably give it a try, but I can't |find any information on Match. Would you care to share a link? | |Thanks, | |Matt | | | | |John Tolmachoff (Lists) wrote: | |>As one of the earlier testers and helped develop the variable |scale of |>Alligate, I can understand your position. I have a client that gets a |lot of |>e-mail from the Far East and a lot of bcc broadcasts and |lists. Many of |>these show elements of spam, but are legit. That is what |makes it hard. |> |>There are a number of adjustments available in Alligate. You |might want |to |>look over my config file I posted earlier today. |> |>One thing I do for this specific issue is I use 2 programs. One is |Match, |>which is very simple but does need to be revised. The other is |AutoWhite. A |>30 demo of AutoWhite is available at |>www.eservicesforyou.com/products/autowhite.html. Match is free. |> |>While everyone can have a unique setup, please let me know if |you would |like |>to spend some time going over the possible configurations in Alligate. |> |>John Tolmachoff MCSE CSSA |>Engineer/Consultant |>eServices For You |>www.eservicesforyou.com |> |> |> | | |--- |[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: RE : [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
> Message sniffer is not so bad as I tested it but have a big problem > with News letter it has a bif False positive rate with them. On the home page for MessageSniffer you'll find a "Help (Q&A)" section which is worth your time to read if it's worth your time to implement. Submit false positives to: [EMAIL PROTECTED] Submit novel spam to: [EMAIL PROTECTED] Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE : [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
Hi, Message sniffer is not so bad as I tested it but have a big problem with News letter it has a bif False positive rate with them. Regards Mehdi Blagui -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Matthew Bramble Envoyé : jeudi 21 août 2003 03:32 À : [EMAIL PROTECTED] Objet : Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions? John, I just joined the list today, but I found your configuration file from back in June and it was very helpful in understanding how to fine tune Alligate. I'm going to study it's logs more closely before I start that phase though, looking for false positives. I've turned that test down to 3/10 of failure and reduced several other tests by 1/10 to 2/10 of failure in order to accommodate it (BADHEADERS for instance). It seems to get most of it's scoring from technical-type stuff instead of the heuristics, and if this is the case, I don't think that a scaled test would be that much more useful to me. If I could score the content and obfuscation, and just those things, I wouldn't be double counting the technicals, and that should reduce some false positives. I don't want to knock Alligate, it has some nice functionality, especially when used without Declude (auto whitelisting and digest notification), and it does what it says, but it has a relatively high false positive rate in the default configuration and therefore it can't be scored higher than it is on my scale. If they could get the auto whitelisting and digest notification to work with Declude, that might make me a buyer. I'm still looking for more information on Message Sniffer within this context. I've looked at AutoWhite and will probably give it a try, but I can't find any information on Match. Would you care to share a link? Thanks, Matt John Tolmachoff (Lists) wrote: >As one of the earlier testers and helped develop the variable scale of >Alligate, I can understand your position. I have a client that gets a lot of >e-mail from the Far East and a lot of bcc broadcasts and lists. Many of >these show elements of spam, but are legit. That is what makes it hard. > >There are a number of adjustments available in Alligate. You might want to >look over my config file I posted earlier today. > >One thing I do for this specific issue is I use 2 programs. One is Match, >which is very simple but does need to be revised. The other is AutoWhite. A >30 demo of AutoWhite is available at >www.eservicesforyou.com/products/autowhite.html. Match is free. > >While everyone can have a unique setup, please let me know if you would like >to spend some time going over the possible configurations in Alligate. > >John Tolmachoff MCSE CSSA >Engineer/Consultant >eServices For You >www.eservicesforyou.com > > > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
> I don't want to knock Alligate, it has some nice functionality, > especially when used without Declude (auto whitelisting and digest > notification), and it does what it says, but it has a relatively high > false positive rate in the default configuration and therefore it can't > be scored higher than it is on my scale. If they could get the auto > whitelisting and digest notification to work with Declude, that might > make me a buyer. I'm still looking for more information on Message > Sniffer within this context. As Brian stated, and I alluded to, there is more functionality in the full version, as opposed to the Declude only version. The Declude only version costs less, but requires more hands on to get it to fit your situation. On that same note, I will help as much as I can on the list. If you feel you could use more hands on help, at least to help on the learning curve, I and others are available on a time basis. > I've looked at AutoWhite and will probably give it a try, but I can't > find any information on Match. Would you care to share a link? Match never made it out of beta stage, primarly do to time and loss of the programmer working on it. It is scheduled to be rebuilt in the future. Basically what it does is it looks for 2 matches. If first checks the from file to see if the from address is listed. It then checks the to file to see if the recipient is listed. If it finds a match in both files, it returns a "fail" to Declude. You can then weight or action based on that. It was developed for a major client I have that gets a lot of e-mail that tends to fail a good number of tests, but is legit. What I do is list the from domains in the from file and the clients specific addresses in the to file. This way, I can "Whitelist" e-mail from a specific domain or user to a specific domain or user. Yes, there is some overlap with functions in other programs, but if fits a need. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
Matthew, your MAILPOLICE tests are configured wrong. Those are rhsbl tests, not ip4r tests. The config lines should read... MAILPOLICE-BULK rhsbl bulk.rhs.mailpolice.com 127.0.0.2 10 0 MAILPOLICE-PORN rhsbl porn.rhs.mailpolice.com 127.0.0.2 10 0 Bill -Original Message- From: Matthew Bramble Sent: Wed, 20 Aug 2003 21:27:15 -0400 Subject: Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions? I'd also like to share my configuration. We have about 50 E-mail domains with about 250 users, with many addresses listed in who-is records and on Web sites, along with "nobody" alias redirection for all domains. This results in a lot of garbage coming our way. We are definitely capturing 95%-97% of all the spam currently and our false reject rate is less than 1-3 in 1000, most of which is automated delivery messages, with user exceptions being mostly of the variety of open relay users or that one person that uses Base64 encoding from a poorly configured server. Unfortunately some addresses get litterally hundreds of spams a day, often it's their own fault, but they need more relief than I have been giving them. I don't have the time to constantly monitor rejected mail (about ~15,000 a week), so we generally kill it at a score of 10 unless we tweak the settings, in which case we monitor it as I am doing now. I think our setup even without the Alligate is quite solid after a year of playing with it occasionally, but it needs more than RFC and blacklist tests to close the gap that's left. This BONDEDSENDER thing also looks like it has promise as I found 19 examples today of E-mail that was saved, probably all of it was ad-related, and some I would probably consider spam, but not the brutal idiotic stuff that goes to harvested addresses. I'm going to capture those messages for review since I can only see the senders now. Anyway, here's teh beef of my config file: --8< SBLip4rsbl.spamhaus.org 127.0.0.2100 OSSOFTip4rrelays.osirusoft.com 127.0.0.6100 SPAMCOPip4rbl.spamcop.net 127.0.0.2100 FIVETEN-BULKip4rblackholes.five-ten-sg.com 127.0.0.4100 MAILPOLICE-BULKip4rbulk.rhs.mailpolice.com 127.0.0.2100 MAILPOLICE-PORNip4rporn.rhs.mailpolice.com 127.0.0.2100 OSSRCip4rrelays.osirusoft.com 127.0.0.470 EASYNET-DNSBLip4rblackholes.easynet.nl127.0.0.2 70 EASYNET-PROXIESip4rproxies.blackholes.easynet.nl 127.0.0.2 70 FIVETEN-SPAMSUPPORTip4rblackholes.five-ten-sg.com 127.0.0.770 FIVETEN-MISCip4rblackholes.five-ten-sg.com 127.0.0.970 BLITZEDALLip4ropm.blitzed.org* 70 DSBLip4rlist.dsbl.org* 50 MONKEYPROXIESip4rproxies.relays.monkeys.com* 50 OSFORMip4rrelays.osirusoft.com 127.0.0.850 OSPROXYip4rrelays.osirusoft.com 127.0.0.950 FIVETEN-SPAMip4rblackholes.five-ten-sg.com 127.0.0.250 FIVETEN-MULTISTAGEip4rblackholes.five-ten-sg.com 127.0.0.550 FIVETEN-SINGLESTAGEip4rblackholes.five-ten-sg.com 127.0.0.650 FIVETEN-FREEip4rblackholes.five-ten-sg.com 127.0.0.1250 MONKEYFORMMAILip4rformmail.relays.monkeys.com* 40 ORDBip4rrelays.ordb.org* 40 OSDULip4rrelays.osirusoft.com 127.0.0.340 OSRELAYip4rrelays.osirusoft.com 127.0.0.240 OSSMARTip4rrelays.osirusoft.com 127.0.0.540 V6NETip4rspammers.v6net.org 127.0.0.240 OSLISTip4rrelays.osirusoft.com 127.0.0.720 DSNrhsbldsn.rfc-ignorant.org 127.0.0.210 NOABUSErhsblabuse.rfc-ignorant.org 127.0.0.410 NOPOSTMASTERrhsblpostmaster.rfc-ignorant.org 127.0.0.310 BONDEDSENDERip4rquery.bondedsender.org 127.0.0.10-200 MAILFROMenvfromxx70 ROUTINGspamroutingxx70 HELOBOGUShelovalidxx50 SPAMHEADERSspamheadersxx50 BADHEADERSbadheadersxx30 BASE64base64xx30 PERCENT
Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
Hi Matt, I guess I'll chime in here... On 08/20/03 10:31pm you wrote... >I just joined the list today, but I found your configuration file from >back in June and it was very helpful in understanding how to fine tune >Alligate. I'm going to study it's logs more closely before I start that >phase though, looking for false positives. I've turned that test down >to 3/10 of failure and reduced several other tests by 1/10 to 2/10 of >failure in order to accommodate it (BADHEADERS for instance). It seems >to get most of it's scoring from technical-type stuff instead of the >heuristics, and if this is the case, I don't think that a scaled test >would be that much more useful to me. If I could score the content and >obfuscation, and just those things, I wouldn't be double counting the >technicals, and that should reduce some false positives. You are correct that Alligate will accumulate scores on many of the same things as Declude will. This is basically the same engine as we use on the gateway product, but it is 100% stand alone so it must do everything. The technical violations are some of the best spam indicators there are, however, you are racking up double scores. You can rely more on the heuristics by decreasing the values of certain Alligate tests or setting them to 0 (zero). Most of the hard penalty tests support this, as well as most of the heuristic tests where the score is variable depending on the degree of failure. >I don't want to knock Alligate, it has some nice functionality, >especially when used without Declude (auto whitelisting and digest >notification), and it does what it says, but it has a relatively high >false positive rate in the default configuration and therefore it can't >be scored higher than it is on my scale. If they could get the auto >whitelisting and digest notification to work with Declude, that might >make me a buyer. I'm still looking for more information on Message >Sniffer within this context. The full IMail version does everything and will work in Declude as well. But it costs more. Many Declude version users wanted scaled down, more affordable "Declude test only" version, so that's we we did. Alligate really depends on training to achieve the best results. This involves automatic whitelisting and users responses to digests. Unfortunately, using it as a test in Declude limits it's full functionality, however properly adjusted, it will still provide several features that don't exist in any other product. You just need to figure out what features are important to your flow, and which aren't and adjust the configuration accordingly. In our gateway version the false positive rate is usually in the area of 1 in 3000 messages after about 30 days of "training". In the gateway version this is all done without administrator intervention, but the same results should be possible in the Declude version, except you have to do the "training". And, you save lots of money :) You will find this list to be extremely helpful. As I am sure Scott would agree, there are people here that know the products almost better than we do ourselves. They have this down to a fine science, and the advice you can get here will help you get the most for the least. Most Declude users I have worked with are "hands on" people and know their business. Brian --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
At 10:31 PM 8/20/2003 -0400, you wrote: I don't want to knock Alligate, it has some nice functionality, especially when used without Declude (auto whitelisting and digest notification), and it does what it says, but it has a relatively high false positive rate in the default configuration and therefore it can't be scored higher than it is on my scale. If they could get the auto whitelisting and digest notification to work with Declude, that might make me a buyer. I'm still looking for more information on Message Sniffer within this context. One thing you will find with the registered version of Message Sniffer is that the heuristics are divided into categories. Within Declude you can assign different weights to each category depending upon your needs. This is particularly helpful with the Gray Hosting category (Group 60). It's important to note that this is not available in the demo rule base. Although the demo rule base is now updated as frequently as registered versions, the categories are not differentiated and new rules are slightly delayed. You can find details about the result codes and the heuristics categories at the following URL: http://www.sortmonster.com/MessageSniffer/Help/ResultCodesHelp.html You can always download the evaluation and a fresh demo rule base file at: http://www.sortmonster.com/MessageSniffer/Try-It.html (there is no limit on the evaluation period) Another important thing about Message Sniffer is that your subscription includes customizing your rule base to fit your needs - including ongoing adjustments for missed spam and false positives, as well as white, black, and blocking rules upon request. While Message Sniffer regularly scores 93-95% capture rates out of the box (see prior statistics posted by Scott) the fine-tuned rates tend to be much better and the false positive rates tend toward very low fractions of a % after a very short tuning period (6-15 days on average). The rapid update process (several updates per day) also tends to weed out newer spam very quickly. If you have any specific questions please feel free to contact me off list at [EMAIL PROTECTED] Hope this helps, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief Sortmonster (www.sortmonster.com) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
John, I just joined the list today, but I found your configuration file from back in June and it was very helpful in understanding how to fine tune Alligate. I'm going to study it's logs more closely before I start that phase though, looking for false positives. I've turned that test down to 3/10 of failure and reduced several other tests by 1/10 to 2/10 of failure in order to accommodate it (BADHEADERS for instance). It seems to get most of it's scoring from technical-type stuff instead of the heuristics, and if this is the case, I don't think that a scaled test would be that much more useful to me. If I could score the content and obfuscation, and just those things, I wouldn't be double counting the technicals, and that should reduce some false positives. I don't want to knock Alligate, it has some nice functionality, especially when used without Declude (auto whitelisting and digest notification), and it does what it says, but it has a relatively high false positive rate in the default configuration and therefore it can't be scored higher than it is on my scale. If they could get the auto whitelisting and digest notification to work with Declude, that might make me a buyer. I'm still looking for more information on Message Sniffer within this context. I've looked at AutoWhite and will probably give it a try, but I can't find any information on Match. Would you care to share a link? Thanks, Matt John Tolmachoff (Lists) wrote: As one of the earlier testers and helped develop the variable scale of Alligate, I can understand your position. I have a client that gets a lot of e-mail from the Far East and a lot of bcc broadcasts and lists. Many of these show elements of spam, but are legit. That is what makes it hard. There are a number of adjustments available in Alligate. You might want to look over my config file I posted earlier today. One thing I do for this specific issue is I use 2 programs. One is Match, which is very simple but does need to be revised. The other is AutoWhite. A 30 demo of AutoWhite is available at www.eservicesforyou.com/products/autowhite.html. Match is free. While everyone can have a unique setup, please let me know if you would like to spend some time going over the possible configurations in Alligate. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
I'd also like to share my configuration. We have about 50 E-mail domains with about 250 users, with many addresses listed in who-is records and on Web sites, along with "nobody" alias redirection for all domains. This results in a lot of garbage coming our way. We are definitely capturing 95%-97% of all the spam currently and our false reject rate is less than 1-3 in 1000, most of which is automated delivery messages, with user exceptions being mostly of the variety of open relay users or that one person that uses Base64 encoding from a poorly configured server. Unfortunately some addresses get litterally hundreds of spams a day, often it's their own fault, but they need more relief than I have been giving them. I don't have the time to constantly monitor rejected mail (about ~15,000 a week), so we generally kill it at a score of 10 unless we tweak the settings, in which case we monitor it as I am doing now. I think our setup even without the Alligate is quite solid after a year of playing with it occasionally, but it needs more than RFC and blacklist tests to close the gap that's left. This BONDEDSENDER thing also looks like it has promise as I found 19 examples today of E-mail that was saved, probably all of it was ad-related, and some I would probably consider spam, but not the brutal idiotic stuff that goes to harvested addresses. I'm going to capture those messages for review since I can only see the senders now. Anyway, here's teh beef of my config file: --8< SBLip4rsbl.spamhaus.org 127.0.0.2100 OSSOFTip4rrelays.osirusoft.com 127.0.0.6100 SPAMCOPip4rbl.spamcop.net 127.0.0.2100 FIVETEN-BULKip4rblackholes.five-ten-sg.com 127.0.0.4100 MAILPOLICE-BULKip4rbulk.rhs.mailpolice.com 127.0.0.2100 MAILPOLICE-PORNip4rporn.rhs.mailpolice.com 127.0.0.2100 OSSRCip4rrelays.osirusoft.com 127.0.0.470 EASYNET-DNSBLip4rblackholes.easynet.nl127.0.0.2 70 EASYNET-PROXIESip4rproxies.blackholes.easynet.nl 127.0.0.2 70 FIVETEN-SPAMSUPPORTip4rblackholes.five-ten-sg.com 127.0.0.770 FIVETEN-MISCip4rblackholes.five-ten-sg.com 127.0.0.970 BLITZEDALLip4ropm.blitzed.org* 70 DSBLip4rlist.dsbl.org* 50 MONKEYPROXIESip4rproxies.relays.monkeys.com* 50 OSFORMip4rrelays.osirusoft.com 127.0.0.850 OSPROXYip4rrelays.osirusoft.com 127.0.0.950 FIVETEN-SPAMip4rblackholes.five-ten-sg.com 127.0.0.250 FIVETEN-MULTISTAGEip4rblackholes.five-ten-sg.com 127.0.0.550 FIVETEN-SINGLESTAGEip4rblackholes.five-ten-sg.com 127.0.0.650 FIVETEN-FREEip4rblackholes.five-ten-sg.com 127.0.0.1250 MONKEYFORMMAILip4rformmail.relays.monkeys.com* 40 ORDBip4rrelays.ordb.org* 40 OSDULip4rrelays.osirusoft.com 127.0.0.340 OSRELAYip4rrelays.osirusoft.com 127.0.0.240 OSSMARTip4rrelays.osirusoft.com 127.0.0.540 V6NETip4rspammers.v6net.org 127.0.0.240 OSLISTip4rrelays.osirusoft.com 127.0.0.720 DSNrhsbldsn.rfc-ignorant.org 127.0.0.210 NOABUSErhsblabuse.rfc-ignorant.org 127.0.0.410 NOPOSTMASTERrhsblpostmaster.rfc-ignorant.org 127.0.0.310 BONDEDSENDERip4rquery.bondedsender.org 127.0.0.10-200 MAILFROMenvfromxx70 ROUTINGspamroutingxx70 HELOBOGUShelovalidxx50 SPAMHEADERSspamheadersxx50 BADHEADERSbadheadersxx30 BASE64base64xx30 PERCENTpercentxx20 IPNOTINMXipnotinmxxx0-2 ALLIGATEexternalnonzero "C:\IMail\Alligate\NoXMail.exe"30 WEIGHT10weightxx100 -->8 I believe some of these tests are not catching anything and could be removed. Comments and questions are welcome. Matt Keith Johnson wrote: Rob, If you don't mind sharing, what config settings do you use for Alligate.. Keith --- [This E-
RE: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
Glad to. By the way, we also use Autowhite (I hate the thought of missing any mail). Also, our Declude config is near-stock, we hold on 20, delete on 30. #Alligate for IMail CONFIGURATION FILE (MINIMUM CONFIGURATION) #PLEASE SEE THE CONFIGURATION INSTRUCTIONS FOR MORE OPTIONS #GENERAL NOTES # A "#" symbol or "//" symbol at the beginning of the line indicates a #comment, or when preceeding a configuration value, will "undefine" that #value. # THE FOLLOWING 2 VALUES MUST BE PROVIDED FOR ALL VERSIONS LICENSE KEY # THE FOLLOWING 2 VALUES NEED REFLECT YOUR EMAIL ADDRESSES # THE POSTMASTER SHOULD BE A NEW, DEDICATED ACCOUNT FOR # SPAM HANDLING ONLY. POSTMASTER REPORTSTO xxx # THE FOLLOWING VALUE NEEDS TO BE USED IF YOU ARE USING Alligate # WITH IMail ALONE, OR WITH IMail and Declude Virus. #HANDOFFc:\imail\smtp32.exe # IF YOUR ARE USING Declude Junkmail, !!DELETE THE LINE ABOVE!! # AND RUN AlligateAS A Declude TEST. # DECLUDE SPECIFIC OPTIONS WHEN RUNNING AlligateAS # A DECLUDE TEST ONLY DECLUDETESTONLY TRUE #SPAMMESSAGENONE #ADULTMESSAGE NONE # THE FOLLOWING 4 KEYS NEED TO BE EDITED TO REFLECT YOUR # PREFERENCES **ONLY** IF YOU ROUTE FAILED MESSAGES # TO A PARTICULAR ADDRESS FOR REVIEW #ROUTESPAM [EMAIL PROTECTED] #ROUTESPAMSCORE 40 #ROUTEADULT [EMAIL PROTECTED] #ROUTEADULTSCORE40 # IF NOT RUNNING AS A DECLUDE TEST ONLY THEN THE FOLLOWING # 2 VALUES SHOULD BE USED #SPAMMESSAGEDEFAULT #ADULTMESSAGE DEFAULT # IF YOU WANT THE RECIPIENT OF OUTGOING MAIL TO BE ADDED TO THE # USERS WHITELIST AUTOMATICALLY, CHANGE THE NEXT VALUE TO TRUE AUTOWHITELIST TRUE # THE FOLLOWING 2 VALUES DEFINE WHETHER OR NOT TO SCAN OUTGOING # MAIL AND WILL CAUSE A REJECTION MESSAGE TO BE SENT TO YOUR # USER IF THE OUTGOING MESSAGE FAILS SCANOUTGOINGFALSE SENDREJECTION TRUE # THE BALANCE OF THESE VALUES ARE RECOMMENDED DEFAULTS AND # NEED NOT BE CHANGED REGARDLESS OF THE OPTIONS ABOVE SENDTOTRASH TRUE ALLOWRELAY FALSE NONENGLISH 6 BADROUTING 12 THRESHOLD 4 PATMATCHES 2 SATURATION 5 LOGALLFAILURES TRUE ADULTSCORE 18 ADULTKILLSCORE 45 SPAMSCORE 18 SPAMKILLSCORE 65 EXITCODESCORE 20 KILLSCORE 75 ADULTSUBJECT[ADULT] #SPAMSUBJECT[SPAM] LOGDETAIL DEBUG --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
As one of the earlier testers and helped develop the variable scale of Alligate, I can understand your position. I have a client that gets a lot of e-mail from the Far East and a lot of bcc broadcasts and lists. Many of these show elements of spam, but are legit. That is what makes it hard. There are a number of adjustments available in Alligate. You might want to look over my config file I posted earlier today. One thing I do for this specific issue is I use 2 programs. One is Match, which is very simple but does need to be revised. The other is AutoWhite. A 30 demo of AutoWhite is available at www.eservicesforyou.com/products/autowhite.html. Match is free. While everyone can have a unique setup, please let me know if you would like to spend some time going over the possible configurations in Alligate. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Matthew Bramble > Sent: Wednesday, August 20, 2003 1:20 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions? > > I've been a Declude Virus and JunkMail customer for about a year and a > half now. At first the spam blocking was just something that only a few > of my ~250 users (hosting) found beneficial, but in the last 6 months I > have had to continually push the limits with the tests in order to keep > it from overwhelming real E-mail. I've been asked by several customers > in the last few months if there is anything that I can do about the > spam...and my reply is that we are already blocking +80% of all E-mail > coming into the server (no kidding, I've run the stats, Sobig.F is > making it even worse). > > My problem has now become more of an issue with false positives, mostly > with opt-in advertising, automated information updates and newsletters, > with the former two being somewhat mission critical for many of my > customers. I'm at a point where adjusting the scoring to allow one > problematic sender in results as many as 100 spams getting through as > well, and at the same time, the spam that is being sent is getting > better at passing the tests, maybe because they are using zombie relays. > > So I'm looking at heuristics now, Alligate and Message Sniffer, in order > to help solve the problem. I've started testing Alligate as of > yesterday, and frankly, I'm not that impressed when it comes to > enhancing Declude. Some of my observations are as follows: > > 1) Many of the RFC related tests that Declude does seem to be done in > Alligate as well, but there seems to be no easy way to fine tune them. > This results for instance in a Base64 message failing two tests instead > of just one (yes, this is an issue for one sender). Is it advised to > turn off similar functionality in Declude and just rely on Alligate? > > 2) Alligate absolutely hates almost anything that is automated. Opt-in > advertising, automated information updates and newsletters are more > problematic with Alligate as it would appear. I would think that this > company would have a whitelist of sorts that covered all the > medium-large players, but it doesn't appear that way (maybe because it's > a newer service). > > 3) I'm using built in IIS 4.0 functionality to generate E-mail from > scripts (CDONTS), and Alligate pretty much barfed on someone's valid > resume submission, scoring it a 65 for failing just one test, "Bogus > envelope information." I'm thinking that this is because the mail is > sent with the user provided E-mail address, and that shouldn't need to > be changed. This is unacceptable. > > 4) I've noted in going over the rejections that it frequently scores > messages very high for adult content despite the message having no such > content. This worries me about the accuracy and weighting that they are > using. > > So the end result seems that in order to protect from false positives, > I've had to turn down several scores from the core Declude tests, and > that doesn't provide any real enhancement. I would imagine that with > some fine tuning, removing tests that are repeated, I could improve > detection slightly, but my gut tells me it isn't worth it at this > point. I'm hoping that others here could confirm my observations and > provide any guidance if you feel it is salvageable. I have seen the > recommendation for the variable scale that another member posted, and > that should help. > > I'm also about to start testing Message Sniffer (after Alligate) so that > I can determine which one of the two if either will be purchased and > installed. Any feedback about that application in comparison, the > accuracy, and the isolation from Declude's own tests would be > appreciated. I'm under the belief that pure heuristics with an > integrated blacklist is really what's needed. > > Thanks, > > Matt > > --- > [This E-mail was scanned for viruses by
RE: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
Rob, If you don't mind sharing, what config settings do you use for Alligate.. Keith -Original Message- From: Robert Grosshandler [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 5:54 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions? We use both. Between them, plus the Declude tests, our false positive level is very, very low. Our scoring is such that if an e-mail triggers both Sniffer and Alligate, we treat as spam. If it triggers both, and has other characteristics of spam, its score is high enough that it gets deleted without even being reviewed. If it triggers both, but very few other Declude tests, it gets held, and reviewed once a week. It's more money, sure, but neither test is perfect. Rob Www.iGive.com Turn shopping into Philanthropy --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate vs. Message Sniffer...opinions?
We use both. Between them, plus the Declude tests, our false positive level is very, very low. Our scoring is such that if an e-mail triggers both Sniffer and Alligate, we treat as spam. If it triggers both, and has other characteristics of spam, its score is high enough that it gets deleted without even being reviewed. If it triggers both, but very few other Declude tests, it gets held, and reviewed once a week. It's more money, sure, but neither test is perfect. Rob Www.iGive.com Turn shopping into Philanthropy --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate
John, We have it as a Declude only test Keith -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Wed 8/20/2003 1:05 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] Alligate Do you mean as a Declude ONLY test? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Keith Johnson > Sent: Tuesday, August 19, 2003 7:18 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Alligate > > Does anyone have any configs they are willing to share that they are using in > production for Alligate with Declude? Thanks for the aid. > > Keith > Nyuujjrx吖Nrzujryjʞmrxjqy• <>
RE: RE : [Declude.JunkMail] Alligate
Yes, Alligate is a very good product. I do see a number of false positives, but that is because of my clients. I have a large client that gets a lot of e-mail from the Far East and broadcast messages. These, because of the nature, tend to trip tests do to poor formatting or other problems. Example, they receive about 25 messages a day from a certain company. Those messages have almost every element of a spam message, yet are legit. Therefore, it fails many tests, including Alligate. But that is the beauty of Declude, and even Alligate. Flexibility and adaptability. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Blagui Mehdi > Sent: Wednesday, August 20, 2003 1:42 AM > To: [EMAIL PROTECTED] > Subject: RE : [Declude.JunkMail] Alligate > > Hi, > > Is Alligate so good ? What about false positive ? > > Thanks > Mehdi Blagui > > -Message d'origine- > De : [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] De la part de John Tolmachoff (Lists) > Envoyé : mercredi 20 août 2003 06:06 > À : [EMAIL PROTECTED] > Objet : RE: [Declude.JunkMail] Alligate > > > Do you mean as a Declude ONLY test? > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > > [EMAIL PROTECTED] On Behalf Of Keith Johnson > > Sent: Tuesday, August 19, 2003 7:18 PM > > To: [EMAIL PROTECTED] > > Subject: [Declude.JunkMail] Alligate > > > > Does anyone have any configs they are willing to share that they are using in > > production for Alligate with Declude? Thanks for the aid. > > > > Keith > > Nyuujjrx吖Nrzujryjʞmrxjqy• > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE : [Declude.JunkMail] Alligate
Hi, Is Alligate so good ? What about false positive ? Thanks Mehdi Blagui -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de John Tolmachoff (Lists) Envoyé : mercredi 20 août 2003 06:06 À : [EMAIL PROTECTED] Objet : RE: [Declude.JunkMail] Alligate Do you mean as a Declude ONLY test? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Keith Johnson > Sent: Tuesday, August 19, 2003 7:18 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Alligate > > Does anyone have any configs they are willing to share that they are using in > production for Alligate with Declude? Thanks for the aid. > > Keith > Nyuujjrx吖Nrzujryjʞmrxjqy• --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Alligate
Do you mean as a Declude ONLY test? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Keith Johnson > Sent: Tuesday, August 19, 2003 7:18 PM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Alligate > > Does anyone have any configs they are willing to share that they are using in > production for Alligate with Declude? Thanks for the aid. > > Keith > Nyuujjrx吖Nrzujryjʞmrxjqy• #Alligate for IMail CONFIGURATION FILE (MINIMUM CONFIGURATION) #PLEASE SEE THE CONFIGURATION INSTRUCTIONS FOR MORE OPTIONS #GENERAL NOTES # A "#" symbol or "//" symbol at the beginning of the line indicates a #comment, or when preceeding a configuration value, will "undefine" that #value. # THE FOLLOWING 2 VALUES MUST BE PROVIDED FOR ALL VERSIONS LICENSE x KEY xx # THE FOLLOWING 2 VALUES NEED REFLECT YOUR EMAIL ADDRESSES # THE POSTMASTER SHOULD BE A NEW, DEDICATED ACCOUNT FOR # SPAM HANDLING ONLY. POSTMASTER REPORTSTO x # THE FOLLOWING VALUE NEEDS TO BE USED IF YOU ARE USING Alligate # WITH IMail ALONE, OR WITH IMail and Declude Virus. #HANDOFFc:\imail\smtp32.exe # IF YOUR ARE USING Declude Junkmail, !!DELETE THE LINE ABOVE!! # AND RUN AlligateAS A Declude TEST. # DECLUDE SPECIFIC OPTIONS WHEN RUNNING AlligateAS # A DECLUDE TEST ONLY DECLUDETESTONLY TRUE SPAMMESSAGE NONE ADULTMESSAGENONE # THE FOLLOWING 4 KEYS NEED TO BE EDITED TO REFLECT YOUR # PREFERENCES **ONLY** IF YOU ROUTE FAILED MESSAGES # TO A PARTICULAR ADDRESS FOR REVIEW #ROUTESPAM [EMAIL PROTECTED] #ROUTESPAMSCORE 40 #ROUTEADULT [EMAIL PROTECTED] #ROUTEADULTSCORE40 # IF NOT RUNNING AS A DECLUDE TEST ONLY THEN THE FOLLOWING # 2 VALUES SHOULD BE USED #SPAMMESSAGEDEFAULT #ADULTMESSAGE DEFAULT # IF YOU WANT THE RECIPIENT OF OUTGOING MAIL TO BE ADDED TO THE # USERS WHITELIST AUTOMATICALLY, CHANGE THE NEXT VALUE TO TRUE AUTOWHITELIST FALSE # THE FOLLOWING 2 VALUES DEFINE WHETHER OR NOT TO SCAN OUTGOING # MAIL AND WILL CAUSE A REJECTION MESSAGE TO BE SENT TO YOUR # USER IF THE OUTGOING MESSAGE FAILS SCANOUTGOINGTRUE SENDREJECTION FALSE # THE BALANCE OF THESE VALUES ARE RECOMMENDED DEFAULTS AND # NEED NOT BE CHANGED REGARDLESS OF THE OPTIONS ABOVE SENDTOTRASH FALSE ALLOWRELAY TRUE NONENGLISH 6 BADROUTING 12 THRESHOLD 4 PATMATCHES 2 SATURATION 5 LOGALLFAILURES TRUE ADULTSCORE 18 #ADULTKILLSCORE 45 SPAMSCORE 18 #SPAMKILLSCORE 65 EXITCODESCORE 22 #KILLSCORE 75 #ADULTSUBJECT [ADULT] #SPAMSUBJECT[SPAM] LOGDETAIL DEBUG MAXSUBJECTSCORE 10 GOODSPAMMER 6 KNOWNSPAMMER8 HIGHASCII 5 SIGNATURE 4 DOHOSTLOOKUPTRUE REPEATIP4 REPEATHOST 4 CHECKREPEATSPAMMERS TRUE MAXREPEATSPAMMERS 500 TRASHBADENCODINGFALSE REPEATSPAMSCORE 30 REPEATADULTSCORE30 LOGFILEPATH E:\Alligate