Darryl,
You can run Declude on its own server in front of clients' email servers, as a
gateway. Only external email then gets scanned for spam.
Dan
On Thursday, September 18, 2003 8:01, Darryl Koster [EMAIL PROTECTED] wrote:
The hosting business I run deals mainly with business and I have
Interesting points,
There's a name for industries where more than one supplier isn't practical: natural
monopoly. I can't recall a single example where a natural monopoly improved after
privatization. In economics terms, systems for maximizing profit (capitalism) don't
work with systems
on 9/18/03 9:38 PM, R. Scott Perry wrote:
Thanks a bunch for both new features. Are you planning on doing anything
in the future with the IP's that you are collecting, i.e. new
functionality like creating a blacklist? Or is this just being done to
facilitate that test?
We haven't decided
One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in
our config or .eml files and if Declude Virus sees a forging virus it would
not send the warning messages automatically. That way we wouldn't have to
manually update what is a forging virus in our files.
Already done.
You can add a line SKIPIFFORGING to any of the \IMail\Declude\*.eml
Scott:
Will the recipient and postmaster then show the sender as FORGED?
Since we had a list of the forged in the virus.cfg.
1: Can we delete all the skipifvirus lines in the .eml files?
2: Can we delete all the forged
on 9/19/03 7:51 AM, R. Scott Perry wrote:
One thing that would be nice is if we could put a DONOTSENDTOFORGINGVIRUS in
our config or .eml files and if Declude Virus sees a forging virus it would
not send the warning messages automatically. That way we wouldn't have to
manually update what is
Hello.
First of all, I am noticing an increase in the amount of spam getting
through. I blocked weight 10 yesterday but am still receiving spam.
Doesn't seem like blocking weight 10 did much. Here are headers from
one of the many spam messages. How do I go about blocking this? I seem
to be
Will the recipient and postmaster then show the sender as FORGED?
No, but that will likely be added.
Since we had a list of the forged in the virus.cfg.
1: Can we delete all the skipifvirus lines in the .eml files?
2: Can we delete all the forged entries in the virus.cfg?
I would recommend
Question about the spamdomains.txt file
I have email coming from sprintpcs that can come from several domains.
I have
sprint.
sprintpcs.com .sprintip.net
So that will take care of sprint matching sprint, and sprintpcs.com
matching mail from .sprintip.net
But need to add a third possible
First of all, I am noticing an increase in the amount of spam getting
through. I blocked weight 10 yesterday but am still receiving spam.
Doesn't seem like blocking weight 10 did much. Here are headers from
one of the many spam messages. How do I go about blocking this? I seem
to be getting a
I have email coming from sprintpcs that can come from several domains.
I have
sprint.
sprintpcs.com .sprintip.net
So that will take care of sprint matching sprint, and sprintpcs.com
matching mail from .sprintip.net
But need to add a third possible domain of .lightsurf.net
Unfortunately, that
Does anyone have what has proven to be an effective filter list (ie
myfile.txt) that seems to be working? I could really use the help.
Chris Butler
Internal Systems Engineer
Region VI ESC
phone 936.435.8276
fax 936.295.1447
[EMAIL PROTECTED]
---
[This E-mail scanned for viruses by Declude
I finally got this figured out.
What I needed to do was have my ISP delegate control of my subnet to our
server.
Easy enough but I guess I wasn't fully aware of their settings to see what
was going on in order to
come to this conclusion.
Thanks for the help.
- Original Message -
From:
We have just released Declude Virus v1.76 (beta). See
http://www.declude.com/junkmail/manual.htm . Notable changes since the
last beta include:
o Adds a bypasswhitelisting test type that can be used in rare
cases when whitelist bypassing is necessary.
o Fixes a rare issue
Filter list for what?
I have 9 different filter lists that are very effective. Each serves a
different function.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL
It might be easier to get them to act as a secondary for your reverse
DNS. ISP's don't typically like to delegate control of such things.
It works just as effectively and DNS's auto notification features allow
my changes for instance to be published immediately to the ISP's
authoritative DNS
How do I reliably block this kind of thing?
Can my own domain be added to the SpamDomains list? I've replaced the
recipient address with [local-user] in the headers below, but it was the
samevalid local user account on all parameters. 138.89.104.227 is
not one of my IPs.
Glenn Z.
o Adds a bypasswhitelisting test type that can be used in rare
cases when whitelist bypassing is necessary.
Used where and how?
Best Regards
Andy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
Title: Message
According to
external DNS, you only have one mail host.
For starters, you
can whitelist your own IP. And if that server is the only machine of yours
that is going to identify itself as wcnet.net,
HELO20
ENDSWITH wcnet.net
should do nicely
until someone called
o Adds a bypasswhitelisting test type that can be used in rare
cases when whitelist bypassing is necessary.
Used where and how?
Used only as a last resort. :)
It can be defined with a line such as EMERGENCYBYPASS bypasswhitelisting
60 3 0 0. The 60 refers to the weight the E-mail
Title: Message
I should
add:
If you want to go
the extra mile and say:
MAILFROM 20
ENDSWITH wcnet.net
Then you'll find
that works great against spammers who fake their mailfrom address so it looks
your own name (or say, [EMAIL PROTECTED] while trying to send
to you!), but:
You'll also
Hi Scott:
Am I mistaken - or did the MAILFROM used to permit EITHER an MX OR an A
record?
Suddenly, I see LOTS of mail being held, because of mailfrom failures:
X-Declude: Version 1.76; D3f8a026a02001aec.SMD from mailer390.marist.edu
[148.100.80.47]
X-Declude: Triggered MAILFROM, IPNOTINMX [-3]
Uh - cool feature.
Currently I have a certain receiving Postmaster account whitelisted (so that
the occasional false positive can alert us after we sent them a BOUNCE or
ALERT) - which means it gets 80% spam.
The real false positives are seldomly more than a few points over our
BOUNCE or ALERT
So, if I use:
BYPASSWHITELIST bypasswhitelisting 20 0 0 0
it will not whitelist any mails if the weight is 20 (our kill weight) or
more and the mail has any number of recipients or no recipients?
That is correct.
-Scott
---
Declude JunkMail:
I get more valid E-mail's faking the from to look like it's from one of
my users than I get in actual spam that is doing this. In a recent
test of 5,530 unique incoming messages, only 6 spammers tried to look
as if it was coming from my server, that's only 0.1%. It all failed as
well.
I
Scott:
X-Declude-Note: Domain lists.msnbc.com has no MX or A records.
Sure does:
lists.msnbc.com.
Non-authoritative answer:
lists.msnbc.com internet address = 207.46.169.42
Yet - Declude fails the MAILFROM test!
X-Declude: Version 1.76; D499f047e01827d13.SMD from lists.msnbc.com
Am I mistaken - or did the MAILFROM used to permit EITHER an MX OR an A
record?
Suddenly, I see LOTS of mail being held, because of mailfrom failures:
X-Declude: Version 1.76; D3f8a026a02001aec.SMD from mailer390.marist.edu
[148.100.80.47]
X-Declude: Triggered MAILFROM, IPNOTINMX [-3]
I am having a real problem with clients not getting attachments. Is there a
test I can do that will help with this?
Darryl Koster
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe,
Title: Message
Didn't I read here somewhere that whitelisting
one's own IP is a bad thing? Is that required in combination with the HELO
filter? Andthe HELOfilters work because my mail server should
never be connecting to itself . . correct?
G.Z.
- Original Message -
From:
Title: Message
MAILFROM 20 ENDSWITH wcnet.net
wouldn'tprevent my customers from sending mail to each other?
G.Z.
- Original Message -
From:
Colbeck,
Andrew
To: '[EMAIL PROTECTED]'
Sent: Friday, September 19, 2003 1:09
PM
Subject: RE: [Declude.JunkMail]
Didn't I read here somewhere that whitelisting one's own IP is a bad thing?
Whitelisting your IPs is fine, *if* untrusted mail won't be coming from
them. So you should not whitelist a backup mailserver (unless it does its
own spam control, and you are happy with it), but you can whitelist
Hi,
I have XSENDER OFF.
Instead I use:
XINHEADER Return-Path: %MAILFROM%
I don't have EnvFromStrict.
Best Regards
Andy Schmidt
HM Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
X-Declude-Note: Domain lists.msnbc.com has no MX or A records.
I've reproduced this one here. I'm going to do some research to see why
this is happening.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
I am having a real problem with clients not getting attachments. Is there a
test I can do that will help with this?
There are a lot of reasons for this, but usually it is not caused by
Declude. The first step is to check the log files, to see where the E-mail
was blocked, or whether it was
I have an attachment filter that adds score when something is received
attached but not inline. The problem with this is that it also helps
viruses get through spam blocking (I plan on improving this). The
filter is simple:
BODY-5CONTAINScontent-disposition: attachment
I have
on 9/19/03 1:55 PM, R. Scott Perry wrote:
o Adds a bypasswhitelisting test type that can be used in rare
cases when whitelist bypassing is necessary.
Used where and how?
Used only as a last resort. :)
Here's how we use it and why.
We're an ISP and we allow users to use the
Scott,
Does the new Declude poll every time to your box to see what is
forging and what is not or does it keep a cache? (Just thinking about
your bandwidth and also if.. g-d forbid... your network connection goes
down.)
-Josh
On Sep 19, 2003, at 8:21 AM, System Administrator wrote:
on
Hi Scott:
Here is the debug log and the full headers of an effected email. It clearly
shows that the mail fails your VeriScam test:
09/19/2003 15:20:15.287 Q56ec00f1016e71bc Test #17: MAILFROM [envfrom] - may
skip
09/19/2003 15:20:15.287 Q56ec00f1016e71bc Doing envfrom type test on
Just to follow-up in case it helps Andy in the event he is unfamiliar
with the setting. I used to get a lot of calls when Microsoft started
blocking all executable attachments by default with Outlook Express 6.
In Microsoft Outlook Express:
Tools Security Uncheck: Do not allow attachments
Does the new Declude poll every time to your box to see what is forging
and what is not or does it keep a cache?
It polls every time a virus is received.
(Just thinking about your bandwidth and also if.. g-d forbid... your
network connection goes down.)
However, if our server can't be reached,
Scott,
I never ever thought this was a problem with Declude. I assumed it was
something that I honestly had done on my end to cause this. I just want to
know how to fix it as I have a client who is acting like they are maybe 3,
no wait too old, 2.
Thanks Matt,
Darryl
-Original
- Original Message -
From: Matthew Bramble
I highly recommend not filtering the fake MAILFROM for your local domains.
Why not? I don't actually do this, rather I use SPAMDOMAIN instead. But I
don't see a problem doing it with MAILFROM in a filter file either.
Bill
---
[This E-mail
Bill,
It's because it is very rare that you see spam faking your address,
0.1% from a recent test, and much more common that false positives will
be created as was noted. I was able to monitor this behavior because
unfortunately the DYNAMIC filter catches but doesn't score intra-server
domain
I am trying to get to the manual.
Is the declude website down?
Kevin Bilbee
Network Administrator
Standard Abrasives, Inc.
[EMAIL PROTECTED]
(805) 520-5800 x7332
Changing the way industry works.
---
[This E-mail was scanned for viruses by Declude Virus
It's reachable from here...
Darrell
Kevin Bilbee writes:
I am trying to get to the manual.
Is the declude website down?
Kevin Bilbee
Network Administrator
Standard Abrasives, Inc.
[EMAIL PROTECTED]
(805) 520-5800 x7332
Changing the way industry works.
No problems here..
Jeff Kratka
*
TymeWyse Internet
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel/fax: (541) 839-6027 - [EMAIL PROTECTED]
*
-Original Message-
From: [EMAIL
We whitelist the IP address of any system we permit
to relay through our IMail server, and all of our customer either use SMTP Auth
or we whitelist their IP address space. So the only time we have see a
problem is with some mailing lists and e-card services, which we accommodate via
Bill,
It depends on your customer makup. My FP rate with a MAILFROM filter
would be close to 90% if not more because of several sites that are
configured to send form submissions as being an account from the same
domain. SPAMDOMAINS would be a better test because the Web sites and
domain
I actually missed a whole bunch of stuff that also would have FP'd on
this. Cox in many cases and Earthlink among others are blocking
outbound port 25, so customers using these services for access which
are mailing to other customers on my server would FP on both the
SPAMDOMAINS and MAILFROM
I have seen a COUNTRY test mentioned on the list. It references the
%countrychain% variable.
How is this test implemented? What does it do? How do I get the countrychain
variable to appear in the header (mine appears blank).
Thanks,
Scot
---
[This E-mail was scanned for viruses by Declude
50 matches
Mail list logo
