I don't know of a way to do this with Declude currently, however, this is a
test that I do run on my Postfix gateways. Here is a description of the
Postfix test:
reject_unknown_client
Reject the request when the client IP address has no PTR (address to name)
record in the DNS, or when the PTR
All so much hokum.
Not hokum to a commercial developer. Let's see: you've already (1)
greatly enhanced interoperability with third-party applications in
your new version and (2) greatly enhanced the performance of the
underlying platform, thus making the combination of
Title: Message
Scott:
Are there plans
for excluding attachments from being scanned by JM?
It is real
difficult not to have FP's if attachments are in the body of email. It
seems like attachments are scanned and naturally the types like Word, PDF, Excel
all will show characters that can
Although the Postfix test is a bit more stringent (rejecting if no PTR
exists - equivalent to the Declude JunkMail REVDNS test), I think testing
for matching forward and reverse records in a weighting system would be a
very good test. I would suggest that it probably be best to just match the
We run Sniffer, and we're testing Alligate (soon to be buying).
I'd like to set up a test that adds points if BOTH tests fail. An
Accelerator test, I guess.
Unfortunately, there isn't any way of doing that currently.
-Scott
---
Declude
Are there plans for excluding attachments from being scanned by JM?
This question comes fairly often (usually in other forms, though). The
answer is Yes, we do plan on adding full MIME support to an upcoming release.
It is real difficult not to have FP's if attachments are in the body of
In looking at the email with PDF attachment I saw the following:
Content-Type: application/pdf;
Is this typically the case?
It depends. If the mailer knows that a .PDF file should be of the MIME
type application/pdf, you will probably see a Content-Type:
application/pdf; header. But, it's
Title: Message
Hi;
We receive a lot
of newsletters using Dartmail.net.
Does anyone know
of SPAM sent from this company? We are thinking of the wild idea of
whitelisting their REVDNS.
X-Note: Sent from
Reverse DNS: mta2.primary.ddc.dartmail.net
([146.82.220.230]).
So far we have ran
a
How are queue management and statistical content filtering even remotely
related to each other? Name some other mail servers that you know combine
these processes.
How is it that you can speak so authoritatively about this subject? Unless
you tell me that you consulted with IPSwitch on this
I would like to begin using the NOLEGITCONTENT
test, but the mail archives are down :(. Can someone send me the lines I
need in the configs to get this going?
Thanks
Jason
I posted a few weeks back regarding a problem with FP's in scanning
attachments using a text filter we have setup; thanks to Scott's help,
that problem seemed to be isolated to a high-end character in one of the
BODY CONTAINS tests we had - that resolved just fine...
Now again, all of a sudden,
I would like to begin using the NOLEGITCONTENT test, but the mail archives
are down :(. Can someone send me the lines I need in the configs to get
this going?
You can use:
NOLEGITCONTENT nolegitcontent x x 0 -8
this would go in the global.cfg file (you don't need any other lines
Thanks Scott (and Bill)
We are holding on 20 right now (with very few FPs), so without divulging the
details of the test, is -8 too much or too little a weight? Or should I
just test test test to see what types of mail are failing/passing the test?
Thanks Gents!
Jason
- Original Message
For some reason the political spam coming across our server is mostly radical right.
I've seen
exactly one liberal message, and that was a subscription that accidentally got caught
in our spam
traps.
Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
Email: [EMAIL
In Global.cfg add a line like:
NOLEGITCONTENTnolegitcontentxx0-5
Then adjust the weight to your liking.
Remember, this test operates like the IPNOTINMX test in that it is meant to
reward (by deducting weight) messages that meet the test requirements rather
that penalize them like most of
How are queue management and statistical content filtering even
remotely related to each other?
Message filtering and delivery have ALWAYS been paired within the
IMail process flow. I don't think you've been polite enough to deserve
an explanation of the similarities in
I deleted that line in testing and messages with these types of
attachments immediately began failing another line -
BODY 20 CONTAINS full nudity
Have you checked the lines just before and just after that one? There is a
slight chance that the line numbering could be off for some reason.
Hello, All,
We are in the process of moving the users, aliases and host aliases of our
in-house domains from IMail over to Exchange 2000. We are still going to be
passing our incoming mail through our IMail server to take advantage of Spam
and Virus Filtering. I've been able to recreate almost
Bill is correct. DISABLE fixup to ENABLE ESMTP and SMTP Auth.
From the PIX manual:
fixup protocol smtp [port[-port]]
The fixup protocol smtp command enables the Mail Guard feature. This
restricts mail servers to receiving the seven minimal commands defined in
RFC 821, section 4.5.1 (HELO,
Does Whitelist BODY the secret code is 1234 work or does it have to be
anywhere?
TIA - Marc
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
Does Whitelist BODY the secret code is 1234 work or does it have to be
anywhere?
No, you would need to use WHITELIST ANYWHERE The secret code is 1234.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude
Scott has mentioned on this list many times in the past the process order
between IMail and Declude:
Here is the order (from Scott):
[1] IMail's Control Access file
[2] IMail's Kill List
[3] Declude Virus
[4] Declude Junkmail
[5] IMail rules
Looks like all global filter processing by IMail has
That would be setup (after creating the base domain naming convention in Exchange- the
default email address domain name).
It is configured in Exchange system manager,
Go to Recipients, Recipient Policies, edit the default policy, go to the second tab
marked: Email Addresses Policy.
Add the
How are queue management and statistical content filtering even
remotely related to each other?
Message filtering and delivery have ALWAYS been paired within the
IMail process flow. I don't think you've been polite enough to deserve
an explanation of the similarities in
Rolling Eyes
See my reply on Imail list.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe,
Crud...
But the WHITELIST only does a complete match, right? so if I had slug as
the whitelist word, the word sluggish in the headers or body wouldn't count.
Right?
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, June 27,
Gee, Sandy, are you throwing in the towel already? That's certainly not
like you, to be giving up so quickly and easily! ;-)
Ok, I know I wasn't all that polite (as you pointed out), but I thought we
were having a good spar anyway. Oh well, my bad...
Bill
- Original Message -
From:
Scott has mentioned on this list many times in
the past the process order between IMail and
Declude...
Yes, and you're not interpreting the order correctly.
IMail has always performed all content-based filtering after submission, during the
filtering/delivery stage once represented by
But the WHITELIST only does a complete match, right?
Correct. But:
so if I had slug as the whitelist word, the word sluggish in the headers
or body wouldn't count.
Right?
If you had WHITELIST BODY slug, then an E-mail with the word sluggish
would get caught. No Declude functions attempt to
Since yesterday I have been in contact with a very helpful mail admin. It
seems one of my users has an outside email address at bigfoot and was
forwarding all his email to our server from there. One opt-in list he is on
was getting bounced.
In the process of finding out that email sent directly
Stops the telemarketers (with some exceptions), debuted this morning:
http://donotcall.gov/
More junk stopping info:
http://www.obviously.com/junkmail/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing
I had a customer send me the headers of an email that did not get caught
held ) that should have.. At least I think it should have...
snip
X-MSMail-priority: Normal
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
[801f].
X-RBL-Warning: REVDNS: This E-mail was sent
Thanks, Stanley!
That's exactly the sort of advice that I was looking for!
It worked like a charm.
Take Care,
Dan
- Original Message -
From: Stanley Lyzak [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 27, 2003 2:52 PM
Subject: RE: [Declude.JunkMail] Way OT: IMail Host
There is some helpful info here as well...
http://www.ftc.gov/bcp/conline/edcams/donotcall/index.html
- Original Message -
From: Dan Patnode [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 27, 2003 3:49 PM
Subject: [Declude.JunkMail] OT: National Do Not Call Registry
Stops
Or is it a ploy to harvest more addresses?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Sheldon Koehler
Sent: Friday, June 27, 2003 1:25 PM
You seem to be talking all around the real issue, and that is that all
global (not individual) content filtering should be done prior to
invoking any other third-party apps, which is where it is most appropriately
done. Individual content filtering is user specific, and so it make sense
that this
Can anyone out there recommend a Windows based
email client that supports the redirect command ??
Thank you.
Jeff
Checked 3 lines and 3 lines below -
I failed to mentioned - and this will blow more minds - the 1st failure
line was line 120 , after I deleted that, the failure line immediately
became line 136.
I have removed all BODY filter tags out for now until I time to go back
and add a block 5 at a time
Friday, June 27, 2003 you wrote:
JP Can anyone out there recommend a Windows based email client
JP that supports the redirect command ??
the Bat!
http://www.ritlabs.com/the_bat/index.html
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
Title: Nachricht
Hi
spam-fighters,
What do you think
about a time-dependently hold weight?
Maybe this can be
helpfull on certain systems (where all users work in the same time zone) to
reduce FP's.
For further
explanation please see the PDF-file located at
Title: Nachricht
Go to sleep Markus. It has been too long
of a week to think.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler
More info and stats:
http://www.bankrate.com/brm/news/advice/20030627a1.asp
The Federal Trade Commission says more than 1,000 people per second are trying to
register either online or by phone.
In an ironic twist, a technology consulting firm discovered that spam filters,
specifically
Its been a horrible week, but I need the distraction...
I've considered this a few times, every time I prepare to suggest it I remember what
happened with my idea to test for long subjects, there just isn't enough uniformity.
My concern isn't so much uniformity of technical things like
When will the government listen to the will of the people and just
outlaw spam and tele-marketing (with severe enough penalties to deter)?
Ooops. I'm sorry. I had brain fart.
I wasn't thinking that the lobbyists for keeping spam and tele-marketing
around have deeper pockets than the poor
Scott:
Thanks for your comment... May be you can answer this question before we can
figure out through iterations.
In looking at the email with PDF attachment I saw the following:
Content-Type: application/pdf;
Is this typically the case? If so I think we can assign negative weight to
this as
Hi, Again,
Would anyone care to comment on my original posting? If my questions are
too simple or complex or some place in between or my message is too long or
the questions themselves just don't have an answer then please let me know
and I'll try and proceed with my current knowledge base.
46 matches
Mail list logo