X-Spam-Tests-Failed: DSBL, NJABLPROXIES, FIVETEN-SRC, COMBO-COUNTRY-US
X-Country-Chain: ITALY-UNITED STATES-destination
The testfile for COMBO-COUNTRY-US contains only one single line:
COUNTRIES 0 STARTSWITH us
Now the question is, how can this Country-Chain fail this test?
answer directly from Declude Support,
please give us
some feedback here.
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Markus Gufler
Sent: Tuesday, March 29, 2005 3:20 AM
To: Declude.JunkMail@declude.com
Subject
This indicates a Quoted printable encoded string (?Q?)
=?iso-8859-1?B?
indicates a Base64 encoded string.
Many special characters often used in different languages (German, Italian,
Spanish, French, ...) can cause such an encoding.
Markus
-Original Message-
From: [EMAIL PROTECTED]
Using the action COPYFILE, the copied D file does not have
the Declude Headers.
Can this be changed?
This would be very usefull.
The COPYFILE action can be used to watch a small range below the hold weight
to watch what's going on there and maybe adapt something in the weighting
system. It
I know from reading the list that some of you have set up
your own automated systems that notify your users of held
messages and allow them to requeue them automatically.
I think you mean user based and not automated reviev and requeuing.
That's what I've set up in the past month's
1.)
I've lost now several hours trying the following filter
ALLRECIPS -50 IS [EMAIL PROTECTED]
I've tried also CONTAINS, STARTSWITH.
I've checked the filter line does not end with a space after the recipient
adress.
The filter file is linked correctly because the following line
BTW:
I plan to use this in our users web interface. The user can choose between 5
(or more) different spam protection levels. The default is maximum (level 1)
or what we consider the best setting in our weighting system.
Now if a users chooses level 2 this will add a line
ALLRECIPS -20 IS
By looking at the %BODY% results this was the only way that I
could really see the content. So you could add the
%ALLRECIPS% and fire it off to you which would show you
exactly what the variable contains.
That's the problem: %ALLRECIPS% says [EMAIL PROTECTED] while in the
filter file we
ALLRECIPS 480 IS ANNE [EMAIL PROTECTED]
To be honest I haven't understand completely when this format must be used
but as in my case all handled messages are relayed and so not local
mailboxes Imail/Declude can't know about ANNE.
So as I can see here listing two times the recipients address is
What about setting up a filterfile?
WHITELIST-TO
#
# not whitelisting messages with multiple recipients:
ALLRECIPS END CONTAINS ,
ALLRECIPS 0 IS [EMAIL PROTECTED]
...
Today I've seen a legit message from ebay's fraud protection departement
Received: from neutron.corp.ebay.com [216.113.168.141] by x
id A567EB3009E; Mon, 07 Mar 2005 08:40:23 +0100
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on sjc-lxs-02
X-Spam-Level:
As I understand whitelist files (specified in the default.junkmail-file)
does only work with MAILFROM addresses (one address or domain per line).
The global.cfg supports only up to 200 WHITELIST TO entries.
What if I want to create a textfile containing all recipients that has
choosen (trough a
For example, we use the following in the $default$.junkmail
to direct the abuse and postmaster accounts to a special
config, while the rest of the accounts in a non-filtered
domain go a junkmail config that has ignore actions on everything.
#example.com
REDIRECT [EMAIL PROTECTED]
In the current german computer magazine c't an article talks about phishing
with cyrillic char-sets.
It's possible to combine IDN-Domain names supported by Opera, Firefox and MS
Explorer (IE only with plugin) and cyrillic char-sets to show up an URL
absolutely like the original one.
More info's
Hi
I have to zip copy each day logfiles from the Imail-Server to a remote
FTP-Server. Anyone knows a tool who can do this all in one?
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
I shared a VBScript a few months ago that does the moving out
I've adapted it already to my needs. :-)
Instead of Zipping it with a tool I've choosen to save all archieved
logfiles in a compressed NTFS folder.
Now the logfiles should also be copied to a remote FTP-Server and so it must
be
Do you mean CMDSPACE? That one looks for a space in the SMTP
commands, such as RCPT TO:, that really shouldn't be there
(although some people may try to argue that the RFCs do allow
it). No legitimate mailserver that I am aware of has the
space there, although some mail clients (most
I personaly agree completely with Pete's arguments. I've asked over a year
ago the first time for custom hold folders. The benefit of keep and check
again later is only one offered by custom hold folders. Fortunately v2 now
has custom hold folders.
I've also mentioned months ago what Matt said:
WOW!
I've send this message over 46 hours ago. It's only me to
receive it on the list so late?
Received: from declude.com [63.246.13.90] by mail.zcom.it with
ESMTP (SMTPD32-8.13) id A0E9C6600B6; Fri, 11 Feb 2005 09:46:33
+0100Received: from mail.zcom.it [217.199.0.33] by mail.declude.com
It
might even be nice to do this on a per-IP basis instead of a
per-port basis, though that's not absolutely necessary.
Since this is a Web hosting segment and our bandwidth is
naturally limited going out, and very little intra-DMZ
traffic exists, something that is 10/100 is all that
http://www.f-prot.com/news/gen_news/050127_isp_email_blocking.html
Anyone knows more about this?
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to
FROMDOMAIN 50 IS %HELO%
Shouldn't this be so for legit messages?
I can see certain spam messages where the RECIPIENT-domain for the local
user is also part of the HELO string. Maybe it would be usefull to set up a
text filter like
STOPATFIRSTHIT
HELO10 CONTAINS
Please be advised that the administrators at SURBL will be
removing the zone files from the web site. This will affect
the folks that are using the script that downloads the zone
files and creates a Declude filter file.
Ok, I've set me a note to stop the automatic download before
Sorry for this OT posting, maybe reply me off list.
At the moment we have in use some manageable switches from HP (procurve 2512
and 2524)
Anyone knows other manageable Switches with SNMP-support? The Cisco/Linksys
SRW224 costs much less but unfortunately it has no SNMP support.
Thanks in
See attached txt-file with the content of the original spam message.
At least there is even the contact link...
Markus
http://783ytbne.com/nw/?a=ddpTJhNKedKGq=8zMTAxLWFhYW00MzI1NDc
I guess I should have been checking the SURBL test log for errors.
Since 09/07 there has been a conversation error, and then
today it finally connected but only has four entries, 1. 2. 3. 4.
Any one know what is going on?
Mon 01/17/2005 07:25 PM Update failed [conversion error] Tue
It is important to note that you should only have one DNS
server listed in the IMail SMTP settings (IMail has a known
sporadic issue if there are multiple DNS servers listed).
Really?
I've listed 3 DNS for over 4 years now without any problem. Is there any KB
article?
Markus
---
[This
Anyone else can see an abnormal high smtp traffic this minutes?
I haven't identified completely but something strnage is going one here. Lot
of NDR's
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
Anyone else can see an abnormal high smtp traffic this minutes?
I haven't identified completely but something strnage is
going one here. Lot of NDR's
False alarm.
Just another genius sending around promotional messages to 500 recipients
all listed in the to-field.
Certain other MTA's (I
Over a year ago I've asked several times to set up a separate mailing list
(I believe it was [EMAIL PROTECTED]) where ONLY urgent messages can
be sent to the subscribers.
Simple rules:
- no questions = existing lists
- no discussion = existing lists
- no opinion= existing lists
- only things
The urgent list you are referring to was for urgent virus
notices, of which since inception there was only one use.
I've considered this list not virus- or junkmail-specific. Maybe my mistake.
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
I'm pretty sure my ipr's are not up to date with the latest
recommendations.
Joe,
First of all, a happy new year! %)
If you want to update your ip4r entries you can give a look to the IP4R
section on http://www2.spamchk.com/public.html and pick the blacklists you
consider usefull for your
based on 10, 100 or 1000 messages?
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frederick
SamarelliSent: Tuesday, December 28, 2004 4:03 PMTo:
Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] URI
Blacklist External Program Beta Now
Message -
From: "Markus Gufler" [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, December 24, 2004 4:34 AM
Subject: RE: [Declude.JunkMail] SPF Success
As many Admin's who has the possibility to set up SPF records are ISPs with
their own DNS-Servers I just want to note tha
I've a question I can't answer by just testing it out on my MTA because I
don't know if other MTA's will do the same thing.
If I have 2 front end gateways servers
IP1: 123.123.123.1
IP2: 123.123.123.2
A mx1.isp.com 123.123.123.1
A mx2.isp.com 123.123.123.2
And set up
As many Admin's who has the possibility to set up SPF records are ISPs with
their own DNS-Servers I just want to note that you should ensure, that each
customer is realy sending out mails only trough your MTA. If not you will
punish also legit messages.
The problem is: How to know if the messages
: Markus Gufler [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, December 24, 2004 10:11 AM
Subject: [Declude.JunkMail] OT: MX priorities
I've a question I can't answer by just testing it out on my
MTA because I
don't know if other MTA's will do the same thing.
If I
First of allspam is anything
comming from nonexistant, or forged senders
having "hidden" content
But what you're
asking for is the difference between our human brain and stupid computers (Pete,
your comment please ;-)
Generaly Isimply try to keep our customers mailbox as
clean as
I'm close to finish a reporting tool that will send out a
daily notification to the local recipient if new messages was hold on the
mailserver with a final weight slightly above the hold weight (up to now we
review this messages regulary and can find an average of one false positive each
Never seen this problem but at this time I've running 3
external tests.
in your cfg I can see 12 different calls of external
programs
Add the call of declude.exe and maybe 2 av-engines and
multiply this number by the number of messages your server is processing each
day.
I assume it will
So 150,000 msgs x 15 exes = 225 ... due to prefiltered
viruses let's say 1,500,000 exe calls each day.
Or in other words: each processor has to run around 8 exes
each second, not considering peak and low-traffic times.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Hi all,
Due to the constat increasing number of needless virus warning messages from
dumb av-scanners not knowing what worms are forging I've tried to set up a
COMBO filter to catch this messages as spam. (Text filter files for Junkmail
Pro)
On (remove the space in the middle)
It looks like it scores pretty well...
http://www2.spamchk.com/public.html
Yes I can confirm this. (The results you can see on the link above are
results on my Mailserver)
I can highly recommend Messagesniffer because the rules are always up to
date (2 - 4 each day) and as you can see
Can you mark messages headers on your primary MX if they are not comming
from outside but from your local machines?
Something like: If local-machine (for example because SMTP-Auth'ed) then
write X-Note: lms.kent Local sender in the message header.
Now you can set up a declude rule to whitelist
Which log files are you referring to? If Imail syslog files,
best recommendation is to use Kiwi Syslogger instead of Imail
syslog. Then you can put them where ever you like.
Yes SMTP-logfiles but also Declude Junkmail, -Virus and SpamChk logfiles.
I expect filesizes between 100 and 250 MB
.
- Original Message -
From: Markus Gufler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 09, 2004 4:40 PM
Subject: [Declude.JunkMail] Moving logfiles out of spool
Anyone can send me his script (cmdline, unixtools, perl, ...)
that will move
logfiles out
For Declude files, just change the log location in the cfg file.
The idea behind the separate logfile partition is to move out the logfile
for one day and by doing this defragment it at the same time, but I will try
also to save all logfiles directly on the separate partition.
Markus
---
Anyone can send me his script (cmdline, unixtools, perl, ...) that will move
logfiles out of the spool folder to another partition on a daily or hourly
basis?
Thanks in advance
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
I've seen an initial line:
BODYEND NOTCONTAINS http:
in Kami's body filterfiles. It seems to be a good idea even if I'm not sure
if it will not let slip trough messages containing simple www. URLs.
If this would not create any problem it would be also very usefull to use it
in our
Pete McNeil wrote:
Be sure you're up on the
latest version of Sniffer if you use it (2.3.2) since this
one has a number of new de-obfuscation mechanisms in the
filter chain.
Just to confirm:
I've downloaded the sniffer-2-3.2.zip file from www.sortmonster.com
extracted the snfrv2r3.exe
I would rather not add six new tests to my config. Would you
recommend a single SURBL test? Which one seems to work better?
I've running it now on my servers and can report the first results after 24
hours. I'll let you know how much and how accurate all 6 tests will perform.
Markus
---
JunkMail supports bitmasked
responses.
Bill
- Original Message -
From:
Markus
Gufler
To: [EMAIL PROTECTED]
Sent: Tuesday, November 23, 2004 7:32
AM
Subject: RE: [Declude.JunkMail] SURBL
as RHSBL
I would rather not add six new
Is this the correct configruation line for doing this?
SURBLS-RHSBL rhsbl %MAILFROM%.sc.surbl.org 127.0.0.2 5 0
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just
Can't see any significal increase. (see attached relative variation)
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox
Sent: Thursday, November 18, 2004 11:07 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] 10-fold
-
From: Markus Gufler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, November 19, 2004 3:41 AM
Subject: RE: [Declude.JunkMail] 10-fold increase in spam today
Can't see any significal increase. (see attached relative variation)
Markus
-Original Message-
From: [EMAIL
Wow! ver 8.1 ... I must have missed
something :-)
As I know IPBYPASS will not prevent the message from beeing
scanned. It will only bypass this IP for DNS-based test
lookups.
Other tests will still score and add weights to the final
result.
Markus
From: [EMAIL PROTECTED]
Matt
If I understand right this filter file will whitelist all
messages as it was before the IMail HF 8.13.
By adding the following line (before the whitelist
line)
MAILFROMENDIS
will
whitelist only NDR's but not WebMail and other system generated
messages.
Correct?
Markus
MG 1.) Anyone has had the known Imail-NIC problems with this
Ethernet ports?
Yep.
And your solution? Installing another NIC card (3Com) beside the other four
existing ethernet ports?
Don't do that. Create 2 more partitions with the rest of your
69G. One for Imail program files and one
Wow! Practically no viruses from Europe?! Can't be true.
For my understanding the geolocation for spam and dictionary attacks in
middle europe is not very exact as several cities like Milano (Italy),
Frankfurt and Hamburg (Germany) are missing completely and I can't believe
they have better or
Yet another update to SPAMC32 that's useful when deployed as
a Declude 'weight' test type. See the release notes below
and download from the traditional /release folder.
As SpamChk is not anymore alone as external 'weight' test maybe also SPAMC32
users are interested in having 'weight+'
Not really.
There was a slight increase of around 5% for the last two
days.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darin
CoxSent: Friday, November 05, 2004 2:27 PMTo:
[EMAIL PROTECTED]Subject: [Declude.JunkMail] Huge
increase in spam in
1) Do other people want this functionality in external
apps such as Sniffer (please speak up if either for or
against being able to score multiple hits)?
2) Would Declude be willing to introduce the functionality?
Regarding SPAMCHK I can't see any benefit for bitmask return codes.
There are 3 different type of NDR's caused by joe
jobs.
All 3 are comming back not from spammy servers but from
legit servers bouncing spam messages with wrong recipient addresses. (so far
nothing new)
I've identified the following 3 types
a.) NDR with the part of the original spam
One of SpamChk's Link-tests is called
"IPLink".
You can simply assign a weight of x points if at least one
IP link is part of the mailbody.
www.spamchk.com
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave
DohertySent: Sunday, October 31, 2004
We have set Base64 to HOLD re: the Declude docs mentioning
that there is no advantage for legit messages to be sent
using BASE64 encoding in text or HTML sections.
I recommend:
1.) Never use a single test for a final action without a very good reason.
2.) Lower the weight of BASE64 down to
I have now set the BASE64 test to WARN instead of HOLD. Is
that what you meant by minimum
Not exactly.
As I can understand you're using single Declude Junkmail tests to do certain
concrete actions.
In my optionion it's the best way to use all single tests with the assigned
weight to
What makes everyone think that Declude won't work with Ipswitch ICS?
Nothing. I'm pretty sure that ICS has not very much new tecnology inside -
it's only the package and the price that differ.
Has anyone downloaded a version and tested?
If I get a chance I'll DL and test in Virtual PC.
Hi Barry,
So you're recommendation for the moment is to keep on IMail
until you're ready with something else?
Is this the right way for the following
situation:
Running IMail unlimited and Declude Junkmail Pro and Virus
Pro.
What if we've out an offer for two other such boxes?
Beside
this are good news :-)
thanks
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
SimpsonSent: Tuesday, October 26, 2004 8:02 PMTo:
[EMAIL PROTECTED]Subject: RE: RE: [Declude.JunkMail]
Declude and Ipswitch ICS
Marcus,
We recognized
There's been an almost hysterical reaction to the ICS announcement.
...
Yes I know that my server will not stop working a certain day only because
the SA expires.
But what if there will happen something like a new MS Update that I must
implement but will kill imail functionality. You know
Can you use RegEx in SpamChk?
At the moment the answer is no.
As I know Wolfgang has this on his todo list.
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an
Anyone know how to report the SPAMCHK test weight in the SMTP header?
You mean mail header ?
just use the WARN action. This should add a line like
X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: x.
to the mail header where x is the SpamChk-weight.
Markus
---
[This E-mail was
I'll see if we can do that.
Thank's for answering my request too...
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type
A customer is asking us if we can keep a copy of each incomming and outgoing
message for his mailboxes on our server.
I have no problem to set up declude.junkmail rules/actions so that incomming
messages are copied to a separate mailbox. But we use also WHITELIST AUTH
and so I can't find a
Why not use the Imail copyall function?
Thanks but I believe this will not work on a server hosting hundreds of
virtual domains and thousands of mailboxes if only one virtual domain should
be backed up.
At the moment I'm looking to find a solution with imail rules. (never used
them up to now
As I know declude.junkmail is able to decode base64 or quoted-printable
subject lines.
Would it be possible to write this decoded lines in the logfile?
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
You should be able to use Imail's copyall function in
conjunction with Imail rules
At the moment I'm watching how the solution will work.
As virtual hosts in Imail can't have outbound rules I've set a rule for the
only primary host looking if the mailfrom adress contains the customers
domain
I thinh you may be able to just set up a rule to look in the
header for the virtual domain you are looking for -- I think
this will get moth incoming and outgoing
Hmm, will this really work?
In Imail v8 I can se only the inbound rules tab for virtual hosts.
I've tested this before by
I think I did it as a rule on the copyall user's account...
Ah, now I understand. The idea is to activate the copy-all function and set
rules for the copyall mailbox so that messages for/from a certain domain
will be forwarded to another backup-mailbox and all other messages will be
deleted.
Hi all,
As I can see the new owners of Declude has some people able to develope
dynamic websites and there is already a customer protected area.
Now the suggestion:
As there are out many different maintainers of excelent filter files and
much more different versions and methods to get this
Kami's postings are more usefull then many others on this
list.
Markus
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dan
GeiserSent: Tuesday, October 05, 2004 2:26 PMTo:
[EMAIL PROTECTED]Subject: Re: [Declude.JunkMail]
Citibank - phishing- still live
Of Darin
CoxSent: Monday, October 04, 2004 4:32 PMTo:
[EMAIL PROTECTED]Subject: Re: [Declude.JunkMail]
annoying spammer
Good idea.
Darin.
- Original Message -
From: Markus Gufler
To: [EMAIL PROTECTED]
Sent: Monday, October 04, 2004 10:17 AM
Subject: RE
Chuck, and others,
Maybe you should consider splitting your spamdomain file to multiple files
with different weights
While messages from yahoo, msn and Co. could have many FP's as users are
connecting from everwhere you shouldn't see any message from other tipical
spamdomains (like citibank) not
Hmm as I can see there are a lot of differences between the phishing list
posted by Dan...
@ameritrade.com.ameritrade.com
@citi.com.citibank.com
@citibank.com.citibank.com
@ebay.com.ebay.com
@fleet.com.fleet.com
.gs.com
@paypal.com .paypal.com
@suntrust.com
Well, announcing such a feature would minimize the desired success:
Identify who's runnning multiple copies of imail with the same hostname and
only one declude license.
So I can only hope that the increased income will be turned over 1:1 to
finance several feature request. :-)
Markus
If you're happy with the weight settings of your current
weighting system (hold on 20 ?) you can simply change to a hold-on-100 system by
multipling all wheigts in your cfg file by factor 5 and change your WEIGHT20
test to WEIGHT100
Then save the cfg file and it's done.
Beside more
Everyone running Declude Updater as a scheduled task, can disable it as new
versions are not more published on www.declude.com/version.txt and it looks
like future releases wouldn't be available as simple .exe file.
regards
Markus
---
[This E-mail was scanned for viruses by Declude Virus
Something like this could be hacked together with a parsing
program that...well, not really on your COPY actions.
There's another one:
Imagine you could HOLD all messages between 90 and 110% of your HOLD weight
in a separate folder and there is a simple tool running as scheduled task
that is
In my further reading that's what I thought was the case but
wanted to confirm. At one time there appeared to be talk of
an enhancement to the HOLD feature to specify the place where
messages were held. Disk I/O takes a huge hit when we process
the /spool/spam folder every hour. It would
Hey...while I'm on a roll here. Declude docs don't
specifically say what is considered in IPBYPASS. That doesn't
scan the headers for multiple hops does it? I'm hoping it
just considers the IP that connected to the Imail box. That's
how I'm using it.
As I know you can specify a list of
good, looks like you're following changes in the ip4r list.
I need some information about this tests in order to find out the best ones.
The list on www.declude.com contains much more spam databases then I am
using at the moment. It would be interesting to know the lists that are
practicaly
I can't see such errors on my server (european date format, GMT+1)
Di 07.09.2004 6:02:01,50 Update successful [974 entries]
Di 07.09.2004 9:02:01,79 Update successful [974 entries]
Di 07.09.2004 12:02:01,78 Update successful [967 entries]
Di 07.09.2004 15:02:03,62 Update successful [968
I am testing sniffer right now and wonder if I need to run
all the other tests along side it.
I am trying to reduce my daily workload of analyzing the
spamtrap and hope that sniffer and surbl will do this.
Do I even need surbl?
Do you have so much workload on your mailserver that you
Hmm, I'm a bit mystified.
I'm too. Strange but now it seems to work fine.
I can't imagine why there was no results in my logfiles.
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
To Markus specifically:
I'm monitoring your queries, and they seem to be coming
through alright.
Are you still having connectivity problems? Are you getting
host not found responses, or nothing at all? I'm seeing valid
responses coming back through a packet sniffer.
For anyone
Have I missed something or why pub.senderdb.net doesn't return any answers
for ip4r-queries?
From 2004-09-01 on I can't see any results for SENDERDB.
On a tipical workday (Monday 2004-08-30) there was the following results,
based on 12407 processed messages (Spam: 6335 (51.1%) Legit: 6072
I recommend referencing this analysis which suggests MTLB is
probably not ready yet:
http://www2.spamchk.com/public.html
This seems to be consistent with comments on this list as well.
Maybe it works bether for mailservers processing primarily american
messages.
I don't know since
Markus, I expect you will be adding this test to your analysis?
For sure! :-)
Yes, that will be interesting. Disregard the neutral list,
they decided not to host that one since it was unclassified
IP addresses anyway.
Ok, I've added
SENDERDB-BL weight 10
Well, I have that too now but. that did not solve the
problem because the subject column in the top windows is
empty. Strange, as the subject line in the window below that
*does* show the subject. Anybody else have this problem too?
It's not a problem.
There is a switch in the config
Anyone else can see problems resolving .bz (belize maintained by
namesbeyond) -domains?
Dnsreport.com also cannot resolve any bz-domain
For example:
http://www.dnsreport.com/tools/dnsreport.ch?domain=stv.bz
Markus
---
[This E-mail was scanned for viruses by Declude Virus
101 - 200 of 548 matches
Mail list logo
