Following to the manual there is one action to add a line to the message
header: WARN
The HEADER-Action does not add it to the message header but to the head of
the body.
But the WARN-Action is limited as it does add a fixed line
X-RBL-Warning: (description)
What if I want to add a custom
As such, I am starting to see from addresses ending in
.rr.com coming from IPs that have Adelphia.net REVDNS records.
So
@rr.com .rr.
.rr.com .rr.
should become ?
Would it be an idea to ask for an enhanced spamdomains feature: Regex in the
second row?
Markus
---
This E-mail came
I've suggested it already years ago: would it be possible to have some
warning mechanism in order to detect long response times, timeouts or
connection problems (for whatever reason) not only in the debug loglevel?
Markus
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
...and give a large part of our revenue to
Commtouch?
Provide a feasible way to justify the additional costs for
our existing customers and service contracts!
THEN we could talk about Commtouch.
BTW: even if it's hard work to maintain a reliable spam
filter it's not an impossible thing.
one time cost?
http://www.declude.com/site/purchaseleg.htmltalks
about several thousand dollars per year without precising how getwayed domains
are handled.
Markus
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
chrisSent: Thursday, October 12, 2006 4:11 PMTo:
IMO you should never let a single test hold a messages.
The question is: what is a single test? Or Is invURIBL a single test?
invURIBL does multiple checks insinde and so it's practicaly a set of
URIBL-based tests that could add some points to the weighting system.
I would consider, to not block
Dave
I don't know your company and also if you do spam filtering only for your
own or if there are a lot of people behind your mailserver who should be
saved from spam, fraud, phishing co.
I consider sniffer as one of the solid pillars in a fine-tuned and reliable
declude weighting system.
If email failed HELOBOGUS or NOREVDNS (or other specified
tests) END otherwise compare the last 3 characters of the
HELO with the last 3 characters of the REVDNS and if not
match add say 1/5 or so of HOLD weight.
Hmm John, I consider it a good idea. As I can remember I suggested it
arround
Scott,
I can't remmeber exactly my suggestion (as said it was around two years ago)
but I've made a similar research as you in the logfiles in order to go sure
that the HH-SS / SH-SH ratio would be good enough to consider it a valuable
option for some points in the weighting system.
There are
This
pricing is just another way of saying "Go Away".
Suggestions?
Markus
---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
Is "etc" a little one byte special ASCII-char who will
disable any blocking mechanism in declude junkmail?
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MattSent:
Saturday, July 15, 2006 12:26 AMTo:
declude.junkmail@declude.comSubject: Re:
In the Virus-Manual they have listed beside %DATE% for use
in the eml-files also %EURDATE% and %ISODATE%
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran
JovanovicSent: Saturday, June 17, 2006 2:56 AMTo:
declude.junkmail@declude.comSubject:
ou don't have any actions
defined in your Global.cfg? Maybe that is the source of the bug.
I don't recall this ever happening with 2.x and before, so
maybe it's
a change of behavior in 3+.
Declude???
Matt
Markus Gufler wrote:
(reposting the same
(reposting the same message without attachments)
Hi
After reading this thread and have seen 3 spam messages in my inbox who has
final results-lines in the header with more then 200% of my hold weight I've
made some research: Exactly the same is happening here with Declude 3.1.0
and Imail 8.15
Hi
After reading this thread and have seen 3 spam messages in my inbox who has
final results-lines in the header with more then 200% of my hold weight I've
made some research: Exactly the same is happening here with Declude 3.1.0
and Imail 8.15 from 2006-06-04 20:00:00 GMT+1 on. I have the same
Sorry, I was offline
I have the following actions configured in both global.cfg
and $default$.junkmail
WEIGHT80SUBJECT [SPAM: %WEIGHT%]
WEIGHT150HOLD
And yes Matt you're right: There is definitively something
wrong when this message is threated as outgoing because comput.info is a local
Global.cfg
instead of a
JunkMail file, and I'm guessing that you don't have any actions
defined in your Global.cfg? Maybe that is the source of the bug.
I don't recall this ever happening with 2.x and before, so
maybe it's
a change of behavior in 3+.
Declude???
Matt
Markus
Glenn,
"no tests run" seems the wrong thread title to me. As I can
see on my system all tests are running fine only the final action for a certain
type of messages appearing in the last 26 hours are confusing decludes hardcoded
logic and there is no way for us to solve this by change
My favority is Superscan.
http://www.foundstone.com/
Ressources Free Tools Scanning Tools
The newest version is v4.
I still prefer v3 (scroll down in the
list)
it's free, 300kB, no install neededand working great.
ping, only, port scanning, ...
Markus
Von: [EMAIL
It's offering some new features and last but not least it a
noticeable faster then v2.
Markus
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Nick
HayerGesendet: Montag, 22. Mai 2006 14:52An:
Declude.JunkMail@declude.comBetreff: Re: [Declude.JunkMail] What
Does anyone know WhoisProtector?
Making a whois-query for euro-autodeals.com the whole response is
~~
Registrant:
WhoisProtector Inc.
Domain Name:euro-autodeals.com
Domain servers in listed order:
What is everyone else out there using?
Andy,
I've had similar problems with Sawmill v6.
v7 seems to be a complete rewrite and much more reliable and faster then the
previous version.
With a little bit of scripting I was also able to add new profiles
programatically from previous created
Personaly I wouldn't block or assign weights for
certain countries. (keep in mind that COUNTRY and COUNTRIES are not the
same)
But I've seen excellent results by assigning a relative
low wheigt for all IP-blacklists and add additional wheight only if the message
is not origininating from
Sandy I thought the same and I'm sure many here too. But I preffered
ignoring this spam message and withut commenting with the hope to prevent an
unnecessary load to a list who's job is to provide support for declude
products and nothing else.
Markus
-Original Message-
From: [EMAIL
What software / services do you guys use to watch your
servers for up/down status?
HostMonitor
http://www.ks-soft.net/hostmon.eng/index.htm
cheap and reliable
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail
So for no problem, but how we tell Declude or DecludeProc that he should
connect to the service instead of executing the exe?
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Panda Consulting S.A. Luis Alberto Arango
Sent: Wednesday,
From last week on I can see spam messages containing one single image. The
body is something like
img src=cid:5fb45cc53f5274d38075894147920f00
The attached message is an image showing a slightly rotated text message.
Interesting: It has a total message size of arround 68 kbytes and so it's
Title: Message
Hi Goran,
I write this because maybe Pete McNeil can clarify it
easily.
Does SNIFFER have something inside who can identify
CMDSPACE?
Only if it's not so it would be a good combo
filter.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
We've running W2k3 Server on a Dell PE1750 with 3GHz Dual-Xeon CPU and
SCSI-Raid system here.
Sometimes the proc folder is filling up with thousands of messages and
declude is processing it.
But it does process them way to slow.
While all 4 CPU-Usage graphs in the task manager has an average
Ummm... Did anybody else get a piece of spam this morning with subject
SPAMSPCE: that seems to have been relayed through Declude.com?
Yes.
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
I have worked with customers with similar Dual-Xeon CPU setup
and have seen processing of 1000+ emails per minute.
We have two of this machines here. It has exactly the same config from the
screw who hold the server in the rack up to each dot in the junkmail config
file (except the license
1. Set THREADS 200
Ok set to 200
2. Which virus scanner are you running ? and do you have
F-Prot and optionaly McAfee
PRESCAN ON in your virus.cfg
Yes it was already set to ON
3. Try turning hyperthreading off.
Hmm the server is around 40 km away. As I know HAT is enabled/disabled in
I would try the DNSOVERRIDE x.x.x.x switch in your
declude.cfg file. There is a post in the archive from
Declude - Bill I beleive that explains more.
Can't find any message from Bill
Added DNSOVERRIDE without any result
Markus
---
[This E-mail was scanned for viruses by Declude EVA
]
[mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
Sent: Friday, January 13, 2006 10:56 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Declude v3 CPU usage and
processing speed
I would try the DNSOVERRIDE x.x.x.x switch in your
declude.cfg file.
There is a post
But after Darells suggestion I noticed another difference
between both servers. SRV1 and SRV2 has configured two
different DNS servers for lookups (even without DNSOVERERIDE)
After disabling all DNS-based tests CPU usage seems going up
to an average of 90% but only for certain periods
Declude.cfg should be in your \Declude folder, is that where
it is located ?
Hmm strange.
It was there and also in the c:\program files\declude folder where it was
after the initial installation.
Now I've deleted and recreated the declude.cfg file in the declude folder
and restarted the
SNIFFER-TRAVELexternal047"C:\IMail\declude\sniffer\yourlicensecode.exe
yourverificationcode"850SNIFFER-INSURexternal048"C:\IMail\declude\sniffer\yourlicensecode.exe
yourverificationcode"850SNIFFER-AVexternal049"C:\IMail\declude\sniffer\yourlicensecode.exe
My conclusion for this
day:
At the mid of december I decided to switch to declude
v3.
After several tests we discovered that a simply comment
after the license code like
CODE abcdefg
#mail.domain.com
wouldn't work anymore with v3. This would result in a
"invalid license code" message
I've tried it out and it seems running fine. But for our situation I need
something that is able to verify trough an external application and on the
recipients pop3-server in realtime if the mailbox is valid. So we've tested
Xwall and it seems running fine with more then 100k Messages/day.
At the
.
It is weighted heavily, but it is not decisive by itself.
-Dave Doherty
Skywaves, Inc.
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Thursday, January 12, 2006 3:38 AM
Subject: RE: [Declude.JunkMail] Sandy's 5xx event sink
acks a PTR record.
For us, the PTR record check is just one of the tests we run.
It is weighted heavily, but it is not decisive by itself.
-Dave Doherty
Skywaves, Inc.
- Original Message -----
From: "Markus Gufler" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Thursday
Title: Message
Matt
for this case I recommend using
TESTSFAILEDEND
CONTAINSSNIFFER-TRAVELTESTSFAILEDEND
CONTAINSSNIFFER-INSURTESTSFAILEDEND
CONTAINSSNIFFER-AVTESTSFAILEDEND
CONTAINSSNIFFER-MEDIATESTSFAILEDEND
CONTAINSSNIFFER-SWARETESTSFAILEDEND
CONTAINSSNIFFER-SNAKETESTSFAILEDEND
Question: what files in v3 are read once durring service startup and what
files are read for each message.
For example what happens if I update certain text filter files but do not
restart the decludeproc ?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
is restarted.
David Franco-Rocha
Declude Technical / Engineering
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Thursday, January 05, 2006 7:30 AM
Subject: [Declude.JunkMail] V3 updated filter files
Question: what files in v3
Another question: What's happened with messages in the review-folder? Whas
they delivered and why are they stored in this folder?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just
Martin,
How do you update Declude Junkmail without updating declude eva?
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Evans Martin
Sent: Wednesday, December 28, 2005 2:53 PM
To: Declude.JunkMail@declude.com
Subject: RE:
web-based forum: I have to go there each day and spend some
minutes to find out what's going on. My 24 hours each day are short enough that
I will do that one, two or some more days but then I will left the forum until I
havea new problem. And for shure not to see if someone maybe has a
"abend" in German means "evening".
good Abend! :-)
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T
(Lists)Sent: Wednesday, December 21, 2005 10:23 PMTo:
Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail]
Decludeproc abend
Is
Try a text filter file like
BODY 20 BEGINSWITH img src=cid:
Do you have an example if this type of spam. Maybe you can post a
zip-archive with the entire message file (header + body)
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave
I've seen now what type of message you mean.
It was already discussed in the last two weeks under the cbl-thread. Seems
that the spammer this time use a very simple way to send the spam with the
black borders. The body contains nothing else then
img src=cid:[random-string]
The message is
Title: Message
look at the "CBL Fw:news" -thread soe days
ago.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sharyn
SchmidtSent: Thursday, December 15, 2005 6:07 PMTo:
Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Is anyone
sucessfully
I'm going to try
REVDNS END CONTAINS (timeout)
Can you send a message from an IP who will timeout for REVDNS?
Declude support?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just
Subject: Re: [Declude.JunkMail] REVDNS
REVDNS 10 IS (Timeout)
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Monday, December 12, 2005 1:42 AM
Subject: RE: [Declude.JunkMail] REVDNS
I think it may be (timeout). I know Scott
do not trigger on a REVDNS Timeout.
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Monday, December 12, 2005 9:14 AM
Subject: RE: [Declude.JunkMail] REVDNS
Thank you Scott,
Serge, why do you use such a filter? A SpamDomain
Sandy,
I've tested the previous version and it seem's working great. The next step
will be testing it with several thousands of valid recipients.
Would it be an idea to develope it in this way that different virt.
IIS-SMTP-Services can use 5xxSink with different prescan.txt and
rcptlist.txt
So
I think it may be (timeout). I know Scott
Fisher posted a filter the other day that had the exact text
on what it is when rev dns times out.
It was a message from Scott Fisher on the cbl-thread and as I can see he
posted a line
TESTSFAILED 50 CONTAINS REVDNS-TIMEOUT
So it would be
Maybe it's not realy important, but anyone know's Gtube, the EICAR-like Spam
test-mail?
http://spamassassin.apache.org/gtube/
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send
Do you have a list of valid recipients for this store and forward customer?
If yes search for Sanford Whiteman's posting this week with the subject
ANN: Availability of 5xxSink 0.5.00, IIS SMTP event sink for text-file
recipient validation
Markus
-Original Message-
From: [EMAIL
This seems a great thing. It should also allow me to run gatewaying services
to a restricted number of recipients, or in other words: offer relaying
packages for 10, 20, 30, ... users.
How much users are realistic vor 5xxSink?
Markus
---
[This E-mail was scanned for viruses by Declude EVA
What's even funnier is by the time I am ready to get in bed,
Europe is going to work.
yawning
mmmh, what? ... ...
Ah, hi guys, good morning from Europe!
We've around 12 inches of snow here over night. Where's the
snowshovel?
Maybe I will add BANEXT .snow to
I was just thinking the same thing, that strictly going by
file name would not be best.
Well at least it would be ressource friendly.
Some thoughts:
Count attached file names but
1)ignore extensions like gif, jpg, pdf, ...
or alternatively look only for known risky extensions like zip,
Another way that you could deal with this specific Microsoft
Office Outlook build is to create a filter that contains the
following:
HEADERS -8 CONTAINS Microsoft Office Outlook,
Build 11.0.5510
...but keep in mind that some Spammers write in the headers exactly this
Nice to know!
Now it's time to set up the new mailserver ;-)
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
David Franco-Rocha [ Declude ]
Sent: Friday, October 28, 2005 3:32 PM
To: Declude.JunkMail@declude.com
Subject:
I want to use combo filtering with testsfailed to further
punish emails that fail two or more of the reliable tests.
Travis,
I do a similar thing for a long time now and I'm very happy with the
following solution:
1.) create a new filter test COMBO-IP4R:
COMBO-IP4R filter
Hi Spamfighters,
This one I have a maybe little strange question. One of our customers (a
touristic office) has collected over years email-adresses of all their
customers. (I'v already checked: it was and is a clear opt-in checkbox on
the contact form)
Hovewer the number of email-adresses is a
...
66.148.217.251 domain.com
70.60.133.251 domain.com
will this mechanism rotate through both IPs or will it also
just use whichever it hits first when reading from the top of
the list down? Or is it just a bad idea in general to do
this and we will just have to change the IP
Thank you!
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David Barker
Sent: Wednesday, September 28, 2005 12:08 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Country Test Very odd Results
Hey Guys,
I just
We wrote two very quick custom utilites for a customer that
may be of use to you. All are provided as is free of charge.
SpamSize...
ipHarvest ...
Darrell,
This are simple but great tools!
Specially the ipharvest-tool can be used in a monitoring system to alert
automaticaly on
David thank ou for the link.
Gary,
The all_list.dat file is a database of net-blocks (IP-ranges) that are
assigned to certain countries.
Declude looks at the delivery chain of messages in the mail header and can
construct the country-chain by comparing the IP-Adresses in the mail-header
with the
I'm still on v1.82 but have a valid SA and my all_list.dat file is older
then 04/08/2005.
Where can I get the newest dat-file?
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Monday, September 19, 2005 5:29 PM
To:
Looking at the last 80.000 messages on our Mailserver SPFPASS has had a
positive result on 11%
Following the final weight after all spam tests 7 from this 11% was right.
The other 4% was a wrong result.
SPFFAIL will only catch around 1% of all processed messages. Nearly all of
the catched right
You will probably need to add the virtual host keys as
well, but you certainly will be able to fake it out using
the Registry alone. No IMail EXEs will be necessary to install.
Maybe not only virtal host keys but also one for each user mailbox.
Autowhite does a great job at my side
What happens if you nslookup from the imail/declude server to your
configured Nameservers and querry something?
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Don Brown
Sent: Wednesday, August 24, 2005 3:29 PM
To:
and threading is fun, you pretty much have everything in
place to communicate back and forth between processes.
allowing many instances of declude to talk to each other.
That's what I mean.
Maybe this will allow us also to have/create new functionality. For example
(I don't know if I'm the
Up to this point I have not
seen a false positive from a legit mail server.
Have others?
Yes.
Older version of Tobit Infocenter has failed CMDSPACE. I've send them some
informations about the effectiveness of the CMDSPACE test and as I know they
have changed their MTA in never releases.
I've running Imail 8.15 and the Declude 1.82 here and everything is running
fine.
Do you realy need Imail 8.2?
Declude as a multi-threaded service sound very promising.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Heimir Eidskrem
Any idea how to catch this?
h t t p : / / w w w . g o o g l e . l i / u r l ? q =
http%3A%2F%2Fwww%2Ebestflirt%2Ebiz%2Fcms%2F%3Fgo%3Dtpwid=ifniq=8
Both invURIBL and SNIFFER hasn't catched it.
Markus
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an
I'd report it as an open redirector to google. Then collect a
few samples and create a filter to attack it.
As I can see this link will work on all cTLD-google domains (google.li
google.it google.de google.fr ...) and also google.com
Maybe sniffer can do this bether then any normal text
Any dns experts on the list?
I'm not an expert but
...The server needs to do dns lookups for our clients,
That's not a problem as long as you allow outgoing DNS traffic on your
firewall (or in your case cisco router)
and needs to be available to other internet DNS servers for
Before rebooting my server I allways RENAME a dangerous file...
..maybe this will not work as long as the processes run and can't be stopped
in the task manager. But if possible I too rename the original malware file
and create a new one. (new empty textfile renamed to the previous filename)
Title: Message
Here's an example
~
@paypal.com
.paypal.citibank.com.ssmb.comfleet.com.bkb.comwellsfargo.com.norwest.com.ebay.com
.emailebay.com@ebay.com .ebay.com~
incomming emails has to
match mailfrom and revdns
The optional second column
is an
Excellent list, Matt.
Some of this I've allready discovered durring my
tests.
Hopefully people at smartertools can read
this.
At the moment I hope they will address at least the most
important things.A wrong sorted send folder is nothing against something
that will bring us admins
Chuck,
Here some numbers from my side:
100k messages in the last 7 days
50.5% identified as legit, 49.5% as spam (viruses was filtered out before)
The best IP4R-based tests was
CBL (21%, 0.37%FP), SPAMCOP (21%, 0.47%FP) and XBL-DYNA (19%, 0.27%FP)
So they catch less then 50% of incoming spam
In the last hours a I can see some strange messages (see attached samples)
send from different servers and obviously forged mailfrom adresses.
Each message has as Subject and as Body 1 and an attached but empty file
named 1.txt
The mailfrom-adress seems to be the first part of the recipients
Matt,
I'm not sure if this will help you. As I understand you and other people go
to use the alternative port 587 just because more and more ISP's are
blocking outgoing SMTP-traffic on port 25.
I must say that in my region here I know only one ISP doing this and we've
resolved the problem by
The ?B? in the encoded string tells you that it's a base64 decoded message.
Googling for decode base64 should help you.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser
Sent: Friday, July 08, 2005 4:55 PM
To:
Thanks for reporting this. I've forwarded it to Wolfgang as I have no access
to this server. Hopefully it's only a defacement.
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Heimir Eidskrem
Sent: Tuesday, June 14, 2005 6:16 AM
To:
It was a defacement and it's restored now.
Looks like PHPNuke and it's derivates has seriuos security problems.
Markus
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives
The control panel for dummies approach of Postini now lets
us defer the tweaks back to the user. Too much spam getting
through? Well, sir, please log in to your Message Center
(Postini lingo for web control panel) and crank up your settings.
That's what we do for our customers and that's
Quite some time ago, there was mention about an Admin Web
for Declude, is this available or does anyone have something to share?
Declude is so flexible and can do so much different things that it would be
nearly impossible to write a clickplay-frontend. There was already a
discussion. The
Also, Markus' optimization of checking CMDSPACE before
SUBJECT checking will not work in two cases:
I've discovered another rare one. It seems like certain MTA's does correct
commandspaces and so a forwarded messages from one of this MTA's will pass
the filter files as it hasn't failed
Anyone else getting hit with massive waves of German spam as
a byproduct of modified Sober code continuing from around 2
pm EDT today, or am I 'unique' in this?
Update:
I've noted that this type of messages always will fail CMDSPACE
Please take care that the links that are part of the
-
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Sunday, May 15, 2005 3:37 AM
Subject: RE: [Declude.JunkMail] German political spam
Anyone else getting hit with massive waves of German spam as
a byproduct of modified Sober code continuing from around
The direct link for spamassassins filter file is
http://www.filterregel.de.vu/rassistische_mails_2.cf
Markus
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
Correct. And along those lines, two thoughts come to mind.
1 Many of your users may see hundreds(maybe thousands) of
nondeliverable\unknown user bounces. 'Damage control Monday'
should be fun this week.
Strange but at the moment I can't see only a very low number of NDR's
Some
- http://www.invariantsystems.com
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, May 04, 2005 6:43 PM
Subject: RE: [Declude.JunkMail] AV After Junkmail
How many people are running this AVAFTERJM ON. Also, I am
How many people are running this AVAFTERJM ON. Also, I am
curious to see what your experience with this has been.
Besides being careful about returning messages to the queue
was there any other downsides?
I've had set this switch to ON for a long time until 2004 has begun the
still
Scott,
I'll go to try your tool. Looking at the filter file I can see a lot of
interesting declude like filter commands that looks very very interesting.
Maybe people at declude could give a look to this filter files...
In addition I want to add:
Maybe you can add the following replacements for
Title: Whitelist to a recipient
We have the same problem. We've solved our whitelisting for
certain users by creating a whitelist text filter file
ALLRECIPS-5000IS[EMAIL PROTECTED], [EMAIL PROTECTED]
Now certain messages having multiple recipients
wouldn't be whitelisted by the -5000
Title: Message
DEP can be configured under Control panel system
advanced performance
select the new third tab.
It's my new top for "idiotic placementsin a GUI
configuration"
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Tuesday, April
1 - 100 of 548 matches
Mail list logo