Um, Bagle-AG infected computers were seen sending spam out 12 hours after
the virus was first detected in the wild.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Mike Nice
hi peter,
according to the manual it should work:
To whitelist an E-mail address, add a line WHITELIST FROM [EMAIL PROTECTED] to
the \IMail\Declude\global.cfg file (replacing [EMAIL PROTECTED] with the address
you wish to whitelist). You can also whitelist all mail from a specific domain
by
Can you use regular expressions in Declude filter definitions?
Thanks,
Evans Martin
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
Tks
Peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Guhl, Markus (LDS)
Sent: Monday, 19 July 2004 8:05 p.m.
To: [EMAIL PROTECTED]
Subject: AW: [Declude.JunkMail] My whitelist not working correctly
hi peter,
according to the manual it should
Hi
If i put a [ spam ] marking i subject line at a certain weight level in the global.cfg
how will this interrupt with the per domain
settings?
Which wil run first
Benny
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
If i put a [ spam ] marking i subject line at a certain weight level in
the global.cfg how will this interrupt with the per domain
settings?
Which wil run first
The global.cfg file is used for outgoing E-mail, whereas the per-domain
settings are used for incoming E-mail, so this would only be
Can you use regular expressions in Declude filter definitions?
No. We have been considering adding them, but the main drawback would be
the potential for making the filters much slower.
-Scott
---
Declude JunkMail: The advanced anti-spam
The global.cfg file is used for outgoing E-mail, whereas the
per-domain
settings are used for incoming E-mail, so this would only be
an issue if an
E-mail was sent to one of the per-domain domains *and* an external
user. In this case, [ spam ] would be added to the
subject, and any
I need help understanding the correct SPF text record for a customer domain
. I have read the archives, been to the pobox site and read and still not
absolutely certain. We allow some customers to SMTP relay from their
dedicated IP and also from their e-mail Contact Form via their web site - we
Neither runs first. The actions are handled after all the tests are
run. Declude JunkMail then goes through each recipient, and
handles the
actions for all the tests failed for each recipient.
If the first recipient is a local user, and the second one is
a remote
user, the local
domain.com is on local server running the tests
domain.com has also per domain settings that differs for the test running
for all the domains on the same server
In this case, E-mail to [EMAIL PROTECTED] (I'm assuming you don't own the
domain.com domain -- the RFCs request that people use
In this case, E-mail to [EMAIL PROTECTED] (I'm assuming you
don't own the
domain.com domain
:-) would loved to own that but no I am not
-- the RFCs request that people use example.com for
examples) will use the settings in the
\IMail\Declude\example.com\$default$.JunkMail file.
Ok
We have been watching the speculation on how and if we should provide a
Graphical User Interface for the management of our software and after an
internal discussion last week we would appreciate some feedback so that we
begin an evaluation.
If you could complete a very short (5 questions)
Is there any way to get rid of old Declude JunkMail headers?
In particular, the WEIGHT* headers which I'm using in my Imail rules to
separate
the spam from the rest of the mail.
If I get an email from (or that passed through) another Declude user, then I
sometimes find an old header that no
I have a myfilter test that has been working quite well but
is growing too large.
I want to break these down into body, subject and header
filters so it narrows down where to look (as opposed to logs).
Any ideas which other filter tests are
recognized by declude? I tried a
Its HEADERS
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message -
From: Chris Patterson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 19, 2004 12:05 PM
Subject: [Declude.JunkMail] Types of Filters
I have a myfilter test that has been
I have a myfilter test that has been working quite well but is growing too
large.
I want to break these down into body, subject and header filters so it
narrows down where to look (as opposed to logs).
Any ideas which other filter tests are recognized by declude? I tried a
HEADERCONTAINS
Can you use regular expressions in Declude filter definitions?
RegEx is not supported within Declude itself, but if you use our
SPAMC32 (see sig), you implicitly have access to the whole Perl RegEx
engine. It might be more labor than you've budgeted for, but it's very
useful for custom
When an email is attempted delivery and account does not exist, it
bounces... Can this be 'reverse checked' at delivery by Declude?
Wouldn't it make sense BEFORE an email is delivered, that the origin
or sender account be verified as existing? Maybe this would take a
while in the processes, but
That did it, thanks for all of the replies!!
Thanks,
Chris Patterson, CCNA
Network Engineer
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: Monday, July 19, 2004 12:45 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Types of Filters
I have a
When an email is attempted delivery and account does not exist, it
bounces... Can this be 'reverse checked' at delivery by Declude?
No -- because more and more people that have that ability (with other
programs) are reporting that it doesn't work as well as they would
like. And, some
Does Declude actually place messages, besides those that make it
through, in the folder/mailbox or does it deliver to iMail with a
suggestion (?) of which folder to place the message in?
Example:
SPAMCOPMAILBOX spam
TIA,
Rod
--
Roderick A. Anderson
Project Manager
Technology
Does Declude actually place messages, besides those that make it
through, in the folder/mailbox or does it deliver to iMail with a
suggestion (?) of which folder to place the message in?
Example:
SPAMCOPMAILBOX spam
With the MAILBOX action, Declude JunkMail tells IMail to deliver the
Does Declude actually place messages, besides those that make it
through, in the folder/mailbox or does it deliver to iMail with a
suggestion (?) of which folder to place the message in?
Declude readdresses messages to the subarea. It is up to IMail to
perform delivery, i.e.
Thanks Scott and Sanford.
(That should have been a smiley instead of a question mark after the
word suggestion. :-)
OK this is what I thought. Now if a user sets up forwarding,
should/will iMail forward all mail or only that destined for the Inbox.
That is, will mail that Declude says goes
It is possible that IMail could override this for some reason, but I
can't think of a case where it would.
Well, RULES.IMA is one big reason...:)
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems,
OK this is what I thought. Now if a user sets up forwarding,
should/will iMail forward all mail or only that destined for the Inbox.
That is, will mail that Declude says goes into the 'spam' mailbox be
forwarded instead of 'filed'? Is this a possible over-ride behavior?
In this case, it will go
Just a warning on this, make sure that you have that domain setup to be able
to create sub-folders. We set this up and then realized they were being
returned as they were bouncing since the folder did not exist.
Sincerely,
Grant Griffith
EI8HT LEGS Enhanced Web Management
A Division of ETC
Now if a user sets up forwarding, should/will iMail forward all mail
or only that destined for the Inbox.
FORWARD.IMA covers all mail.
mailbox.FWD forwards selectively.
Since this stuff is all IMail behavior (not related to Declude), you'd
learn a lot fromsometesting.
1) Now that AOL passes SPF, I'm getting more junk from them. So I lowered
SPFPass to -3 to offset AOL's normal failure of noabuse (1) and nopostmaster
(2).
2) We're starting to see real spammers passing SPF. So now I'm thinking of
dropping SPFPASS altogether, and using SPFFAIL to help identify
Once again thanks to all.
I wanted to make sure I was headed in the right direction making sure
the issue I need to address isn't with Declude. It is doing what we set
it up to do. Now I have to get iMail to not over-ride that.
Rod
--
Sanford Whiteman wrote:
Now if a user sets up
Has anybody else done this? What are you all seeing with SPF?
Most don't score SPFPASS. Suggest you follow suit and only work with
failures.
--Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
I believe the consensus has been that SPF Pass is not good to use in
negative weighting, but SPF Fail helps. If nothing else, we catch a good
bit of spam and viruses that forge our email addresses by using SPF. As it
gets more widely adopted, it will help more. There is still the drawback
for
I thought I would share this one with the list since it's been a while
and the problem that this targets is rather problematic in nature,
though not very threatening. This filter targets messages sent by
virus infected computers that are missing the attachment but define the
file. This results
- Original Message -
From: Brad Morgan [EMAIL PROTECTED]
Is there any way to get rid of old Declude JunkMail headers?
In particular, the WEIGHT* headers which I'm using in my Imail rules to
separate
the spam from the rest of the mail.
If I get an email from (or that passed
I am wondering what works better for other operators? To use 10 or 12
smaller txt filter files, or 2 or 3 larger ones?
It seems that more smaller ones are easier to manage using categories. But
what uses less CPU/Memory usage?
Which way is faster?
Thanks
Robert
---
[This E-mail was
Also along this line of questions, my main filters are mailfrom and helo
AND I also
am starting to collect a large number of files. Each filter file as approx.
1500 lines.
So my question is the same as asked previous (listed below) but also,
would it be better to simply use headers filter
I am trying to whitelist a domain
so it will not be scanned by Declude. I have used the WHITELIST TODOMAIN in the
global.cfg but the message is still being scored by declude. What
am I doing wrong?
Thank You,
Evans Martin
In my global.cfg
WHITELIST TODOMAIN fbcnashville.org
If I could pump in any list of address (not just locally hosted),
and also wildcard domains, and do it fully within IMail, I would
definitely be interested.
Guys, I forgot to check back in this thread until today. Stupid me.
Thanks for the feedback and I'll write back soon.
I think the vulnerability checks are catching 0/1 length files. I haven't seen one
lately. That said, your e-mail numbers well surpass mine, so I might just be luckier.
From my virus logs:
07/04/2004 08:13:21 Q024e0094005eb63a MIME file: message.zip [base64; Length=0
Checksum=1441]
07/04/2004
It's better to have two filters, one for MAILFROM and one HELO rather
than searching HEADERS for the same string. The trick is that when
matching MAILFROM or HELO, you are only matching one short string
instead of ~1K of text contained within the headers.
If you are looking to save on
Strange, I do see similar entries in my logs today, but I had a client
report two different zero length zip files that got through this
morning. It could be that their system stripped the attachments and
left them empty. It appears that F-Prot had issues with the new virus
that was producing
Title: Message
Hi
Evans,
In the
global.cfg, you can add "WHITELIST FROM
fbcnashville.org" and see if it works.
Since the
domain you are needing to Whitelist has the address in the FROM
and
REPLY-TO part
of the header. Below is a clip from Scott's
website.
Mike
TNWEB
43 matches
Mail list logo