Re: [Declude.JunkMail] DSBL Road Runner
Could there be another hop that was being detected and checked by DSBL. Vould be it was on the lsit and then was later removed. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, April 15, 2005 9:34 AM Subject: [Declude.JunkMail] DSBL Road Runner I am trying to determine why some email from Road Runner is getting picked up by DSBL. When I query DSBL for 24.93.47.42 it says Status Ip not listed by DSBL. Here is the line in my global.cfg DSBL ip4r list.dsbl.org * 8 0 Is the * picking up something since it looks for anything maybe some other record on their list? Kyle
RE: [Declude.JunkMail] DSBL Road Runner
This is what I have #= LOGS == # in the LOGFILE option, if present, automatically gets replaced with the month/date. # Log Level options: WARN / LOW / MID / HIGH / DEBUG / ERROR LOGFILE d:\imail\spool\dec.log LOGLEVEL MID HOP 0 #HOPHIGH 1 #= HEADERS == XSENDER ON XSPOOLNAME ON XINHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XINHEADER X-Country-Chain: %COUNTRYCHAIN% XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT% XINHEADER X-Note: Spam tests: %TESTSFAILED% XINHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XINHEADER X-Note: HELO/EHLO Received: %HELO% XINHEADER X-Note: Header code: %HEADERCODE% XINHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XOUTHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: Spam tests: %TESTSFAILED% XOUTHEADER X-Note: Total spam weight of this e-mail is %WEIGHT% XOUTHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XOUTHEADER X-Note: HELO/EHLO Received: %HELO% XOUTHEADER X-Note: Header code: %HEADERCODE% XOUTHEADER X-Country-Chain: %COUNTRYCHAIN% #= ADVANCED OPTIONS = HIDETESTS CATCHALLMAILS #IPNOTINMX NOLEGITCONTENT Rem out 2-25-05 For testing to see all test. HOP 0 # reduced from 3 to 2 to see if dns improves HOPHIGH 2 ### Orignal Settings Below ### #HOP 0 #HOPHIGH 1 #= WHITELISTS == From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, April 15, 2005 10:13 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DSBL Road Runner You might be scanning on multiple hops, and this might be picking up the client PC instead of the connecting server. Look for the HOP setting and see if it is anything besides 0, and if so, you are scanning on multiple hops. Prior hops are much more often listed in open relay lists such as DSBL, and it isn't wise to score DSBL on multiple hops at the same score as the last hop. DSBL doesn't like to delist IP's, and their automated removal process will not work with residential broadband IP's. They have no interest in changing this. Matt Kyle Fisher wrote: I am trying to determine why some email from Road Runner is getting picked up by DSBL. When I query DSBL for 24.93.47.42 it says Status Ip not listed by DSBL. Here is the line in my global.cfg DSBL ip4r list.dsbl.org * 8 0 Is the * picking up something since it looks for anything maybe some other record on their list? Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
Re: [Declude.JunkMail] DSBL Road Runner
The HOPHIGH setting in combination I believe will result in the last 3 hops being scanned. In your config that is set to 2. It is advisable that you either comment out HOPHIGH, or take a bunch of time to work out how to score differently the open relay type tests on hops besides the last. Here's an example of how to do this with DSBL: DSBL(LAST) dnsbl %IP4R%.list.dsbl.org 127.0.0.2 5 0 DSBL(ALL) ip4r list.dsbl.org127.0.0.2 2 0 Note that this technique only needs to be applied to what you currently list as ip4r tests, and only lists that will tag residential IP space, which are primarily open relay type lists (generally spamtrap driven, or ones that test), but SBL and AHBL-SOURCES will also do this sometimes, primarily with international IP space. Matt Kyle Fisher wrote: This is what I have #= LOGS == # "" in the LOGFILE option, if present, automatically gets replaced with the month/date. # Log Level options: WARN / LOW / MID / HIGH / DEBUG / ERROR LOGFILE d:\imail\spool\dec.log LOGLEVEL MID HOP 0 #HOPHIGH 1 #= HEADERS == XSENDER ON XSPOOLNAME ON XINHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XINHEADER X-Country-Chain: %COUNTRYCHAIN% XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT% XINHEADER X-Note: Spam tests: %TESTSFAILED% XINHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XINHEADER X-Note: HELO/EHLO Received: %HELO% XINHEADER X-Note: Header code: %HEADERCODE% XINHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XOUTHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: Spam tests: %TESTSFAILED% XOUTHEADER X-Note: Total spam weight of this e-mail is %WEIGHT% XOUTHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XOUTHEADER X-Note: HELO/EHLO Received: %HELO% XOUTHEADER X-Note: Header code: %HEADERCODE% XOUTHEADER X-Country-Chain: %COUNTRYCHAIN% #= ADVANCED OPTIONS = HIDETESTS CATCHALLMAILS #IPNOTINMX NOLEGITCONTENT Rem out 2-25-05 For testing to see all test. HOP 0 # reduced from 3 to 2 to see if dns improves HOPHIGH 2 ### Orignal Settings Below ### #HOP 0 #HOPHIGH 1 #= WHITELISTS == From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Friday, April 15, 2005 10:13 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DSBL Road Runner You might be scanning on multiple hops, and this might be picking up the client PC instead of the connecting server. Look for the HOP setting and see if it is anything besides 0, and if so, you are scanning on multiple hops. Prior hops are much more often listed in open relay lists such as DSBL, and it isn't wise to score DSBL on multiple hops at the same score as the last hop. DSBL doesn't like to delist IP's, and their automated removal process will not work with residential broadband IP's. They have no interest in changing this. Matt Kyle Fisher wrote: I am trying to determine why some email from Road Runner is getting picked up by DSBL. When I query DSBL for 24.93.47.42 it says Status Ip not listed by DSBL. Here is the line in my global.cfg DSBL ip4r list.dsbl.org * 8 0 Is the * picking up something since it looks for anything maybe some other record on their list? Kyle -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] DSBL Road Runner
Ok thanks. I think I will just comment out HOPHIGH. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, April 15, 2005 10:44 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DSBL Road Runner The HOPHIGH setting in combination I believe will result in the last 3 hops being scanned. In your config that is set to 2. It is advisable that you either comment out HOPHIGH, or take a bunch of time to work out how to score differently the open relay type tests on hops besides the last. Here's an example of how to do this with DSBL: DSBL(LAST) dnsbl %IP4R%.list.dsbl.org 127.0.0.2 5 0 DSBL(ALL) ip4r list.dsbl.org 127.0.0.2 2 0 Note that this technique only needs to be applied to what you currently list as ip4r tests, and only lists that will tag residential IP space, which are primarily open relay type lists (generally spamtrap driven, or ones that test), but SBL and AHBL-SOURCES will also do this sometimes, primarily with international IP space. Matt Kyle Fisher wrote: This is what I have #= LOGS == # in the LOGFILE option, if present, automatically gets replaced with the month/date. # Log Level options: WARN / LOW / MID / HIGH / DEBUG / ERROR LOGFILE d:\imail\spool\dec.log LOGLEVEL MID HOP 0 #HOPHIGH 1 #= HEADERS == XSENDER ON XSPOOLNAME ON XINHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XINHEADER X-Country-Chain: %COUNTRYCHAIN% XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT% XINHEADER X-Note: Spam tests: %TESTSFAILED% XINHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XINHEADER X-Note: HELO/EHLO Received: %HELO% XINHEADER X-Note: Header code: %HEADERCODE% XINHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XOUTHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: Spam tests: %TESTSFAILED% XOUTHEADER X-Note: Total spam weight of this e-mail is %WEIGHT% XOUTHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XOUTHEADER X-Note: HELO/EHLO Received: %HELO% XOUTHEADER X-Note: Header code: %HEADERCODE% XOUTHEADER X-Country-Chain: %COUNTRYCHAIN% #= ADVANCED OPTIONS = HIDETESTS CATCHALLMAILS #IPNOTINMX NOLEGITCONTENT Rem out 2-25-05 For testing to see all test. HOP 0 # reduced from 3 to 2 to see if dns improves HOPHIGH 2 ### Orignal Settings Below ### #HOP 0 #HOPHIGH 1 #= WHITELISTS == From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Friday, April 15, 2005 10:13 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DSBL Road Runner You might be scanning on multiple hops, and this might be picking up the client PC instead of the connecting server. Look for the HOP setting and see if it is anything besides 0, and if so, you are scanning on multiple hops. Prior hops are much more often listed in open relay lists such as DSBL, and it isn't wise to score DSBL on multiple hops at the same score as the last hop. DSBL doesn't like to delist IP's, and their automated removal process will not work with residential broadband IP's. They have no interest in changing this. Matt Kyle Fisher wrote: I am trying to determine why some email from Road Runner is getting picked up by DSBL. When I query DSBL for 24.93.47.42 it says Status Ip not listed by DSBL. Here is the line in my global.cfg DSBL ip4r list.dsbl.org * 8 0 Is the * picking up something since it looks for anything maybe some other record on their list? Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/= -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: [Declude.JunkMail] DSBL Tests - results
Is it possible to have declude do a test on the following: HEADERS 20 CONTAINSX-IMAIL-SPAM-STATISTICS: 1. I have tried this but do cannot get it working. Is this put into the headers after declude is finished? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W. Kitchener, ON N2M 1L2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Tuesday, June 10, 2003 4:51 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DSBL Tests - results If you want IMail to do these tests then simply create a filter file and add it to your Global statement. FILTER-HEADER-XMAIL filter C:\IMail\Declude\IMail_Filter_Header_XHeader.txt x 0 0 Our header file: IMail_Filter_Header_XHeader.txt has the following entries: == HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl HEADERS 8 CONTAINS X-IMAIL-SPAM-VALFROM: HEADERS 5 CONTAINS X-IMAIL-SPAM-VALHELO: HEADERS 12 CONTAINSX-IMAIL-SPAM-VALREVDNS Hope this helps. Remember that the text search we do is based on our definitions. For example (WIREHUB-DNSBL is what we are calling the test in IMail. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, June 10, 2003 4:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DSBL Tests - results After I and these checks into the Antispam part of IMAIL 8 what needs to be done to have Delude know they have failed. - Original Message - From: Kami mailto:[EMAIL PROTECTED] Razvan To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 2:32 PM Subject: [Declude.JunkMail] DSBL Tests - results Hi; Just reporting on a finding to-date. We have included all of the ip4r tests on the Declude's site in the IMail 8 IP4r spam section. Since May 18 the following are the only tests that are triggered. We just ran a script on spam log file and the following unique tests are identified. BHOLE-CN-KR:*:cn-kr.blackholes.us BHOLE-CYPERCON:*:cybercon.blackholes.us WIREHUB-DYNA:*:dynablock.easynet.nl BHOLE-CHINA:*:china.blackholes.us WIREHUB-DNSBL:*:blackholes.easynet.nl BHOLE-SKYNETWEB:*:skynetweb.blackholes.us SORBS-HTTP:*:dnsbl.sorbs.net BHOLE-KOREA:*:korea.blackholes.us ybl:*:ybl.megacity.org BHOLE-CW:*:cw.blackholes.us COMPU:*:blackhole.compu.net BLARS:*:block.blars.org DSBL:*:list.dsbl.org NJABL:*:dnsbl.njabl.org SpamCop:*:bl.spamcop.net fiveten:*:blackholes.five-ten-sg.com BHOLE-VERIO:*:verio.blackholes.us DSBLALL:*:unconfirmed.dsbl.org We are not counting how many of each, I guess we can add that easily. For now the above are the results of almost 3 weeks. Regards, Kami --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe
Re: [Declude.JunkMail] DSBL Tests - results
I posted a message last week about this. Yes, for some odd reason this test does not run, and the header get added, until after Declude has passed the message back to IMail for delivery. However, it appears that other IMail spam tests get run, and headers added, before IMail passes the message to Declude. Bill - Original Message - From: Harry Vanderzand [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 19, 2003 5:43 AM Subject: RE: [Declude.JunkMail] DSBL Tests - results Is it possible to have declude do a test on the following: HEADERS 20 CONTAINS X-IMAIL-SPAM-STATISTICS: 1. I have tried this but do cannot get it working. Is this put into the headers after declude is finished? Harry Vanderzand inTown Internet Computer Services 11 Belmont Ave. W. Kitchener, ON N2M 1L2 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Tuesday, June 10, 2003 4:51 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DSBL Tests - results If you want IMail to do these tests then simply create a filter file and add it to your Global statement. FILTER-HEADER-XMAIL filter C:\IMail\Declude\IMail_Filter_Header_XHeader.txt x 0 0 Our header file: IMail_Filter_Header_XHeader.txt has the following entries: == HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl HEADERS 8 CONTAINS X-IMAIL-SPAM-VALFROM: HEADERS 5 CONTAINS X-IMAIL-SPAM-VALHELO: HEADERS 12 CONTAINSX-IMAIL-SPAM-VALREVDNS Hope this helps. Remember that the text search we do is based on our definitions. For example (WIREHUB-DNSBL is what we are calling the test in IMail. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, June 10, 2003 4:20 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DSBL Tests - results After I and these checks into the Antispam part of IMAIL 8 what needs to be done to have Delude know they have failed. - Original Message - From: Kami mailto:[EMAIL PROTECTED] Razvan To: [EMAIL PROTECTED] Sent: Tuesday, June 10, 2003 2:32 PM Subject: [Declude.JunkMail] DSBL Tests - results Hi; Just reporting on a finding to-date. We have included all of the ip4r tests on the Declude's site in the IMail 8 IP4r spam section. Since May 18 the following are the only tests that are triggered. We just ran a script on spam log file and the following unique tests are identified. BHOLE-CN-KR:*:cn-kr.blackholes.us BHOLE-CYPERCON:*:cybercon.blackholes.us WIREHUB-DYNA:*:dynablock.easynet.nl BHOLE-CHINA:*:china.blackholes.us WIREHUB-DNSBL:*:blackholes.easynet.nl BHOLE-SKYNETWEB:*:skynetweb.blackholes.us SORBS-HTTP:*:dnsbl.sorbs.net BHOLE-KOREA:*:korea.blackholes.us ybl:*:ybl.megacity.org BHOLE-CW:*:cw.blackholes.us COMPU:*:blackhole.compu.net BLARS:*:block.blars.org DSBL:*:list.dsbl.org NJABL:*:dnsbl.njabl.org SpamCop:*:bl.spamcop.net fiveten
RE: [Declude.JunkMail] DSBL Tests - results
Hi all, Over the weekend I've configured the following ip4r-tests from Bill.B's config file that we haven't used until now. This are the results after 10 hours (4 hours business time) In this time we've catched around 300 spam messages. BLITZEDALL ip4r opm.blitzed.org * 3 0 95 positive test results. No FP. All spam messages failed also other ip4r-Tests BONDEDSENDER ip4r query.bondedsender.org 127.0.0.10 -10 0 Only one single positive test. At least no FP. DEVNULL ip4r dev.null.dk * 3 0 No positive test result. DNSRBL-DUN ip4r dun.dnsrbl.net * 3 0 3 positive test results. No FP. All spam messages failed also other ip4r-Tests DNSRBL-SPAM ip4r spam.dnsrbl.net * 1 0 No positive test result. DSBL-MULTI ip4r multihop.dsbl.org * 2 0 Nearly all of the 38 positive responses are FP's. Bad test EASYNET-DYNA ip4r dynablock.easynet.nl * 3 0 Nearly all of the 130 positive responses are FP's. Bad test EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl * 2 0 165 positive test results. No FP. All spam messages failed also other ip4r-Tests EXSILIA-PROXIES ip4r proxies.exsilia.net * 3 0 No positive test result. EXSILIA-SPAM ip4r spam.exsilia.net * 3 0 One single positive response. Was the only ip4r-test catching this spam message. FABEL ip4r spamsources.fabel.dk * 3 0 22 positive test results. No FP. Most spam messages failed also other ip4r-Tests FIVETEN-SRC ip4r blackholes.five-ten-sg.com 127.0.0.2 2 0 129 positive results. Around 20% FP's. Most spam messages failed also other ip4r-Tests FIVETEN-DUL ip4r blackholes.five-ten-sg.com 127.0.0.3 1 0 No positive test result. FIVETEN-OPTIN ip4r blackholes.five-ten-sg.com 127.0.0.4 1 0 Two positive test results. Failed also other ip4r-tests. FIVETEN-MULTI ip4r blackholes.five-ten-sg.com 127.0.0.5 1 0 3 positive test results. Failed also SPAMCOP. FIVETEN-SINGLE ip4r blackholes.five-ten-sg.com 127.0.0.6 1 0 No positive test result. IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 41 positive test results. No FP. All spam messages failed also other ip4r-Tests KITHRUP ip4r 3y.spam.mrs.kithrup.com * 2 0 No positive test result. LEADMON ip4r spamguard.leadmon.net * 3 0 51 positive results. Around 50% FP's. Most spam messages failed also other ip4r-Tests. Bad test! SORBS ip4r dnsbl.sorbs.net * 3 0 179 positive results. Around 5% FP's. All spam messages failed also other ip4r-Tests SPAMHAUS ip4r sbl.spamhaus.org * 3 0 58 positive results. No FP. All spam messages failed also other ip4r-Tests SPAMBAG ip4r blacklist.spambag.org * 4 0 A few positive test results. No FP. All spam messages failed also other ip4r-Tests UCEB ip4r blackholes.uceb.org * 3 0 A few positive test results. Around 5% FP's. All spam messages failed also other ip4r-Tests --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DSBL Tests - results
Thanks for the valuable info are all the test below free and can be used by all of us ? and, if yes, why weren't they included in the default global.cfg ? EASYNET-PROXIESip4r proxies.blackholes.easynet.nl * 2 0 BLITZEDALLip4r opm.blitzed.org * 3 0 EXSILIA-SPAMip4r spam.exsilia.net * 3 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 SORBS ip4r dnsbl.sorbs.net * 3 0 SPAMHAUS ip4r sbl.spamhaus.org* 3 0 - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 9:14 AM Subject: RE: [Declude.JunkMail] DSBL Tests - results Hi all, Over the weekend I've configured the following ip4r-tests from Bill.B's config file that we haven't used until now. This are the results after 10 hours (4 hours business time) In this time we've catched around 300 spam messages. BLITZEDALL ip4r opm.blitzed.org * 3 0 95 positive test results. No FP. All spam messages failed also other ip4r-Tests BONDEDSENDER ip4r query.bondedsender.org 127.0.0.10 -10 0 Only one single positive test. At least no FP. DEVNULL ip4r dev.null.dk * 3 0 No positive test result. DNSRBL-DUN ip4r dun.dnsrbl.net * 3 0 3 positive test results. No FP. All spam messages failed also other ip4r-Tests DNSRBL-SPAM ip4r spam.dnsrbl.net * 1 0 No positive test result. DSBL-MULTI ip4r multihop.dsbl.org * 2 0 Nearly all of the 38 positive responses are FP's. Bad test EASYNET-DYNA ip4r dynablock.easynet.nl * 3 0 Nearly all of the 130 positive responses are FP's. Bad test EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl * 2 0 165 positive test results. No FP. All spam messages failed also other ip4r-Tests EXSILIA-PROXIES ip4r proxies.exsilia.net * 3 0 No positive test result. EXSILIA-SPAM ip4r spam.exsilia.net * 3 0 One single positive response. Was the only ip4r-test catching this spam message. FABEL ip4r spamsources.fabel.dk * 3 0 22 positive test results. No FP. Most spam messages failed also other ip4r-Tests FIVETEN-SRC ip4r blackholes.five-ten-sg.com 127.0.0.2 2 0 129 positive results. Around 20% FP's. Most spam messages failed also other ip4r-Tests FIVETEN-DUL ip4r blackholes.five-ten-sg.com 127.0.0.3 1 0 No positive test result. FIVETEN-OPTIN ip4r blackholes.five-ten-sg.com 127.0.0.4 1 0 Two positive test results. Failed also other ip4r-tests. FIVETEN-MULTI ip4r blackholes.five-ten-sg.com 127.0.0.5 1 0 3 positive test results. Failed also SPAMCOP. FIVETEN-SINGLE ip4r blackholes.five-ten-sg.com 127.0.0.6 1 0 No positive test result. IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 41 positive test results. No FP. All spam messages failed also other ip4r-Tests KITHRUP ip4r 3y.spam.mrs.kithrup.com * 2 0 No positive test result. LEADMON ip4r spamguard.leadmon.net * 3 0 51 positive results. Around 50% FP's. Most spam messages failed also other ip4r-Tests. Bad test! SORBS ip4r dnsbl.sorbs.net * 3 0 179 positive results. Around 5% FP's. All spam messages failed also other ip4r-Tests SPAMHAUS ip4r sbl.spamhaus.org * 3 0 58 positive results. No FP. All spam messages failed also other ip4r-Tests SPAMBAG ip4r blacklist.spambag.org * 4 0 A few positive test results. No FP. All spam messages failed also other ip4r-Tests UCEB ip4r blackholes.uceb.org * 3 0 A few positive test results. Around 5% FP's. All spam messages failed also other ip4r-Tests --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DSBL Tests - results
I think Scott only included some of the more reliable ip4r tests in the default JunkMail config file. You can find a listing of lots of available tests on the Declude web site (www.declude.com/Junkmail/support/ip4r.htm), and you will see in the test descriptions that most are freely available to everyone. Bill - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 5:50 AM Subject: Re: [Declude.JunkMail] DSBL Tests - results Thanks for the valuable info are all the test below free and can be used by all of us ? and, if yes, why weren't they included in the default global.cfg ? EASYNET-PROXIESip4r proxies.blackholes.easynet.nl * 2 0 BLITZEDALLip4r opm.blitzed.org * 3 0 EXSILIA-SPAMip4r spam.exsilia.net * 3 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 SORBS ip4r dnsbl.sorbs.net * 3 0 SPAMHAUS ip4r sbl.spamhaus.org* 3 0 - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 9:14 AM Subject: RE: [Declude.JunkMail] DSBL Tests - results Hi all, Over the weekend I've configured the following ip4r-tests from Bill.B's config file that we haven't used until now. This are the results after 10 hours (4 hours business time) In this time we've catched around 300 spam messages. BLITZEDALL ip4r opm.blitzed.org * 3 0 95 positive test results. No FP. All spam messages failed also other ip4r-Tests BONDEDSENDER ip4r query.bondedsender.org 127.0.0.10 -10 0 Only one single positive test. At least no FP. DEVNULL ip4r dev.null.dk * 3 0 No positive test result. DNSRBL-DUN ip4r dun.dnsrbl.net * 3 0 3 positive test results. No FP. All spam messages failed also other ip4r-Tests DNSRBL-SPAM ip4r spam.dnsrbl.net * 1 0 No positive test result. DSBL-MULTI ip4r multihop.dsbl.org * 2 0 Nearly all of the 38 positive responses are FP's. Bad test EASYNET-DYNA ip4r dynablock.easynet.nl * 3 0 Nearly all of the 130 positive responses are FP's. Bad test EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl * 2 0 165 positive test results. No FP. All spam messages failed also other ip4r-Tests EXSILIA-PROXIES ip4r proxies.exsilia.net * 3 0 No positive test result. EXSILIA-SPAM ip4r spam.exsilia.net * 3 0 One single positive response. Was the only ip4r-test catching this spam message. FABEL ip4r spamsources.fabel.dk * 3 0 22 positive test results. No FP. Most spam messages failed also other ip4r-Tests FIVETEN-SRC ip4r blackholes.five-ten-sg.com 127.0.0.2 2 0 129 positive results. Around 20% FP's. Most spam messages failed also other ip4r-Tests FIVETEN-DUL ip4r blackholes.five-ten-sg.com 127.0.0.3 1 0 No positive test result. FIVETEN-OPTIN ip4r blackholes.five-ten-sg.com 127.0.0.4 1 0 Two positive test results. Failed also other ip4r-tests. FIVETEN-MULTI ip4r blackholes.five-ten-sg.com 127.0.0.5 1 0 3 positive test results. Failed also SPAMCOP. FIVETEN-SINGLE ip4r blackholes.five-ten-sg.com 127.0.0.6 1 0 No positive test result. IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 41 positive test results. No FP. All spam messages failed also other ip4r-Tests KITHRUP ip4r 3y.spam.mrs.kithrup.com * 2 0 No positive test result. LEADMON ip4r spamguard.leadmon.net * 3 0 51 positive results. Around 50% FP's. Most spam messages failed also other ip4r-Tests. Bad test! SORBS ip4r dnsbl.sorbs.net * 3 0 179 positive results. Around 5% FP's. All spam messages failed also other ip4r-Tests SPAMHAUS ip4r sbl.spamhaus.org * 3 0 58 positive results. No FP. All spam messages failed also other ip4r-Tests SPAMBAG ip4r blacklist.spambag.org * 4 0 A few positive test results. No FP. All spam messages failed also other ip4r-Tests UCEB ip4r blackholes.uceb.org * 3 0 A few positive test results. Around 5% FP's. All spam messages failed also other ip4r-Tests --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from
Re: [Declude.JunkMail] DSBL Tests - results
All of those tests are free. The ones you list have just been added to the default configuration files, except for IPWHOIS (which has a lot of false positives in our testing) and SORBS (which we do not have enough information about yet). -Scott At 08:50 AM 6/16/2003, Serge wrote: Thanks for the valuable info are all the test below free and can be used by all of us ? and, if yes, why weren't they included in the default global.cfg ? EASYNET-PROXIESip4r proxies.blackholes.easynet.nl * 2 0 BLITZEDALLip4r opm.blitzed.org * 3 0 EXSILIA-SPAMip4r spam.exsilia.net * 3 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 SORBS ip4r dnsbl.sorbs.net * 3 0 SPAMHAUS ip4r sbl.spamhaus.org* 3 0 - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 9:14 AM Subject: RE: [Declude.JunkMail] DSBL Tests - results Hi all, Over the weekend I've configured the following ip4r-tests from Bill.B's config file that we haven't used until now. This are the results after 10 hours (4 hours business time) In this time we've catched around 300 spam messages. BLITZEDALL ip4r opm.blitzed.org * 3 0 95 positive test results. No FP. All spam messages failed also other ip4r-Tests BONDEDSENDER ip4r query.bondedsender.org 127.0.0.10 -10 0 Only one single positive test. At least no FP. DEVNULL ip4r dev.null.dk * 3 0 No positive test result. DNSRBL-DUN ip4r dun.dnsrbl.net * 3 0 3 positive test results. No FP. All spam messages failed also other ip4r-Tests DNSRBL-SPAM ip4r spam.dnsrbl.net * 1 0 No positive test result. DSBL-MULTI ip4r multihop.dsbl.org * 2 0 Nearly all of the 38 positive responses are FP's. Bad test EASYNET-DYNA ip4r dynablock.easynet.nl * 3 0 Nearly all of the 130 positive responses are FP's. Bad test EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl * 2 0 165 positive test results. No FP. All spam messages failed also other ip4r-Tests EXSILIA-PROXIES ip4r proxies.exsilia.net * 3 0 No positive test result. EXSILIA-SPAM ip4r spam.exsilia.net * 3 0 One single positive response. Was the only ip4r-test catching this spam message. FABEL ip4r spamsources.fabel.dk * 3 0 22 positive test results. No FP. Most spam messages failed also other ip4r-Tests FIVETEN-SRC ip4r blackholes.five-ten-sg.com 127.0.0.2 2 0 129 positive results. Around 20% FP's. Most spam messages failed also other ip4r-Tests FIVETEN-DUL ip4r blackholes.five-ten-sg.com 127.0.0.3 1 0 No positive test result. FIVETEN-OPTIN ip4r blackholes.five-ten-sg.com 127.0.0.4 1 0 Two positive test results. Failed also other ip4r-tests. FIVETEN-MULTI ip4r blackholes.five-ten-sg.com 127.0.0.5 1 0 3 positive test results. Failed also SPAMCOP. FIVETEN-SINGLE ip4r blackholes.five-ten-sg.com 127.0.0.6 1 0 No positive test result. IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 41 positive test results. No FP. All spam messages failed also other ip4r-Tests KITHRUP ip4r 3y.spam.mrs.kithrup.com * 2 0 No positive test result. LEADMON ip4r spamguard.leadmon.net * 3 0 51 positive results. Around 50% FP's. Most spam messages failed also other ip4r-Tests. Bad test! SORBS ip4r dnsbl.sorbs.net * 3 0 179 positive results. Around 5% FP's. All spam messages failed also other ip4r-Tests SPAMHAUS ip4r sbl.spamhaus.org * 3 0 58 positive results. No FP. All spam messages failed also other ip4r-Tests SPAMBAG ip4r blacklist.spambag.org * 4 0 A few positive test results. No FP. All spam messages failed also other ip4r-Tests UCEB ip4r blackholes.uceb.org * 3 0 A few positive test results. Around 5% FP's. All spam messages failed also other ip4r-Tests --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DSBL Tests - results
Scott, FWIW, I have had very good success with the ip4r test: ipwhois.rfc-ignorant.org but found lots of FP with the domain based test: whois.rfc-ignorant.org So I don't use that whois test any more. However, this has not been your experience? Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 8:38 AM Subject: Re: [Declude.JunkMail] DSBL Tests - results All of those tests are free. The ones you list have just been added to the default configuration files, except for IPWHOIS (which has a lot of false positives in our testing) and SORBS (which we do not have enough information about yet). -Scott At 08:50 AM 6/16/2003, Serge wrote: Thanks for the valuable info are all the test below free and can be used by all of us ? and, if yes, why weren't they included in the default global.cfg ? EASYNET-PROXIESip4r proxies.blackholes.easynet.nl * 2 0 BLITZEDALLip4r opm.blitzed.org * 3 0 EXSILIA-SPAMip4r spam.exsilia.net * 3 0 IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 SORBS ip4r dnsbl.sorbs.net * 3 0 SPAMHAUS ip4r sbl.spamhaus.org* 3 0 - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 16, 2003 9:14 AM Subject: RE: [Declude.JunkMail] DSBL Tests - results Hi all, Over the weekend I've configured the following ip4r-tests from Bill.B's config file that we haven't used until now. This are the results after 10 hours (4 hours business time) In this time we've catched around 300 spam messages. BLITZEDALL ip4r opm.blitzed.org * 3 0 95 positive test results. No FP. All spam messages failed also other ip4r-Tests BONDEDSENDER ip4r query.bondedsender.org 127.0.0.10 -10 0 Only one single positive test. At least no FP. DEVNULL ip4r dev.null.dk * 3 0 No positive test result. DNSRBL-DUN ip4r dun.dnsrbl.net * 3 0 3 positive test results. No FP. All spam messages failed also other ip4r-Tests DNSRBL-SPAM ip4r spam.dnsrbl.net * 1 0 No positive test result. DSBL-MULTI ip4r multihop.dsbl.org * 2 0 Nearly all of the 38 positive responses are FP's. Bad test EASYNET-DYNA ip4r dynablock.easynet.nl * 3 0 Nearly all of the 130 positive responses are FP's. Bad test EASYNET-PROXIES ip4r proxies.blackholes.easynet.nl * 2 0 165 positive test results. No FP. All spam messages failed also other ip4r-Tests EXSILIA-PROXIES ip4r proxies.exsilia.net * 3 0 No positive test result. EXSILIA-SPAM ip4r spam.exsilia.net * 3 0 One single positive response. Was the only ip4r-test catching this spam message. FABEL ip4r spamsources.fabel.dk * 3 0 22 positive test results. No FP. Most spam messages failed also other ip4r-Tests FIVETEN-SRC ip4r blackholes.five-ten-sg.com 127.0.0.2 2 0 129 positive results. Around 20% FP's. Most spam messages failed also other ip4r-Tests FIVETEN-DUL ip4r blackholes.five-ten-sg.com 127.0.0.3 1 0 No positive test result. FIVETEN-OPTIN ip4r blackholes.five-ten-sg.com 127.0.0.4 1 0 Two positive test results. Failed also other ip4r-tests. FIVETEN-MULTI ip4r blackholes.five-ten-sg.com 127.0.0.5 1 0 3 positive test results. Failed also SPAMCOP. FIVETEN-SINGLE ip4r blackholes.five-ten-sg.com 127.0.0.6 1 0 No positive test result. IPWHOIS ip4r ipwhois.rfc-ignorant.org * 3 0 41 positive test results. No FP. All spam messages failed also other ip4r-Tests KITHRUP ip4r 3y.spam.mrs.kithrup.com * 2 0 No positive test result. LEADMON ip4r spamguard.leadmon.net * 3 0 51 positive results. Around 50% FP's. Most spam messages failed also other ip4r-Tests. Bad test! SORBS ip4r dnsbl.sorbs.net * 3 0 179 positive results. Around 5% FP's. All spam messages failed also other ip4r-Tests SPAMHAUS ip4r sbl.spamhaus.org * 3 0 58 positive results. No FP. All spam messages failed also other ip4r-Tests SPAMBAG ip4r blacklist.spambag.org * 4 0 A few positive test results. No FP. All spam messages failed also other ip4r-Tests UCEB ip4r blackholes.uceb.org * 3 0 A few positive test results. Around 5% FP's. All spam messages failed also other ip4r-Tests --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses
RE: [Declude.JunkMail] DSBL
I'm new to Declude JunkMail these two lists that you mention. Should I add them to my GLOBAL.cfg file? Where do I go to get updates for my GLOBAL.cfg file? Also the section that says # # The following tests are commented out by default because they require a subscription, # or are not commonly used. # Where do I go to subscribe? Does anyone know how much the subscription is? Thanks, Greg Foulks, MCP NewFound Technologies, Inc. http://www.nfti.com Email: [EMAIL PROTECTED] Voice: 614.318.5036 Fax: 614.318.5005 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Wednesday, April 10, 2002 9:46 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DSBL It appears that DSBL is now three lists ... the two confirmed ones are: list.dsbl.org for single-stage relays tested by trusted users, multihop.dsbl.org That is correct. The multihop.dsbl.org was announced yesterday. I haven't noticed any hits on these with Declude ... are they working? We've had occasional hits, but not many. The DSBL zone only started working about a week ago (the first week or so of its existence it didn't have any hits) I'm using the format: DSBL ip4r list.dsbl.org * 10 0 DSBL ip4r multihop.dsbl.org * 10 0 I do hope that you are going to have different names for those tests, such as: DSBL ip4r list.dsbl.org * 10 0 DSBLMULTI ip4r multihop.dsbl.org * 10 0 -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] DSBL
I'm new to Declude JunkMail these two lists that you mention. Should I add them to my GLOBAL.cfg file? That's up to you -- different companies have different needs, so I would recommend going to http://www.dsbl.org to see if DSBL tests may suit your needs. Where do I go to get updates for my GLOBAL.cfg file? You can always find the latest version of the default config files at http://www.declude.com/junkmail/manual.htm . We usually make slight chances about once a month or so. Most people just keep their config files the way they are unless there is a change that they want to take advantage of (for example, the new DSBL tests). Also the section that says # # The following tests are commented out by default because they require a subscription, # or are not commonly used. # Where do I go to subscribe? Does anyone know how much the subscription is? http://www.declude.com/junkmail/support/ip4r.htm . You can go to http://www.sortmonster.com/ for SNIFFER, http://www.mail-abuse.org/feestructure.html to see how much MAPS charges, and http://www.postfixgate.com/ for POSTFIXGATE. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] DSBL
Not many hits yet for dsbl but seen a few Delog Version 1.05b Detailed Report for: 04/10/2002 10:10:46 Log file examined: I:\IMail\spool\dec0409.log Unique Message Count: 7957 Failed Message Count: 4891 Total Percentage of Spam: 61% User Selected tests: 20 OSSRC failed: 1138 OSSOFT failed: 245 OSDUL failed: 2 OSFORM failed: 0 OSLIST failed: 0 OSRELAY failed: 222 SPAMCOP failed: 1281 DSBL failed: 41 DSBLALL failed: 41 DSBLMULTI failed: 0 ORDB failed: 228 MAILFROM failed: 36 BADHEADERS failed: 1174 SPAMHEADERS failed: 1899 REVDNS failed: 980 ROUTING failed: 159 NOABUSE failed: 1471 WEIGHT10 failed: 2471 WEIGHT20 failed: 792 WEIGHT30 failed: 0 Just put in the DSBLMULTI and the WEIGHT30 today I just love spamcop ;) Takes care of so much of our spam. Wednesday, April 10, 2002, 08:26:04 AM, you wrote: DD It appears that DSBL is now three lists ... the two confirmed ones DD are: DD list.dsbl.org for single-stage relays tested by trusted users, multihop.dsbl.org DD I haven't noticed any hits on these with Declude ... are they working? DD I'm using the format: DD DSBL ip4r list.dsbl.org * 10 0 DD DSBL ip4r multihop.dsbl.org * 10 0 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] DSBL setup?
Scott, shouldn't these return A records when an NS lookup is done on list.dsbl.org or unconfirmed.dsbl.org. All I get is a response that the data does not exist, even when testing from www.dnsstuff.com. Bill -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Friday, March 29, 2002 11:13 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DSBL setup? Has anyone been able to get successful responses from either of the new DSBLs, list.dsbl.org or unconfirmed.dsbl.org? They are both non-responsive to my queries. We've had it set up here since yesterday morning, and haven't seen a hit on either one yet. Although the lists.dsbl.org zone was working yesterday (returning a positive response for the test entry 127.0.0.2), it is returning bogus responses now. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] DSBL setup?
Scott, shouldn't these return A records when an NS lookup is done on list.dsbl.org or unconfirmed.dsbl.org. Yes, if the IP is listed. Looking up the A record for 2.0.0.127.lists.dsbl.org should return 127.0.0.2, but it is not. All I get is a response that the data does not exist, even when testing from www.dnsstuff.com. We're always getting an answer of 205.231.149.52 (which appears to be the IP address of the DSBL servers), which doesn't make any sense. It appears that there are definitely problems over there. It seems that all A record queries on list.dsbl.org are returning 205.231.149.52. The exact same thing happens with the OPENRBL test, so it sounds like they both are using the same software, and that it isn't set up correctly yet. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] DSBL setup?
Can DSBL be used with Declude yet? If so, what are the configuration lines? Wow -- I just went to their site about 15 minutes ago, hoping they would have the zone information available now, and somehow missed it. Yes, it can work with Declude. You can add the following lines to your \IMail\Declude\global.cfg file: DSBLip4rlist.dsbl.org * 4 0 DSBLALL ip4runconfirmed.dsbl.org* 2 0 Then, you can add the following lines to your \IMail\Declude\$default$.JunkMail file: DSBLWARN DSBLALL WARN The DSBL test includes entries from trusted sources, whereas the DSBLALL includes all entries that are submitted (and therefore might include Hotmail and other similar domains where users may want to get revenge). To make things a bit confusing, I'm guessing that some entries will exist in both tests, which makes the weighting a bit tricky. Also, there is no documentation as to what the return values will be, which is why there are *'s there instead of 127.0.0.2. And, the unconfirmed.dsbl.org zone doesn't seem to be operational yet. That's what I know so far. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .