[Declude.JunkMail] AOL fwding
FYI - I am investigating a problem in which messages to a local account, forwarded to AOL are not received - the thinking is that they are blocked as spam since they have a FROM [EMAIL PROTECTED] , but come from a non-hotmail server. Everything else straight to AOL seems to be working. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] relays.osiriusoft.com
FYI - Sprint has blocked our DNS server; we were using their server in a forwarder configuration ; reason too many lookups to relays.osirusoft.com . Has anyone set this up with Bind's IXFR as a secondary for the entire zone? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] relays.osiriusoft.com
FYI - Sprint has blocked our DNS server; we were using their server in a forwarder configuration ; reason too many lookups to relays.osirusoft.com . Has anyone set this up with Bind's IXFR as a secondary for the entire zone? If you are going to set up a DNS server, you don't have to worry about IXFR -- it can connect directly to relays.osirusoft.com, bypassing Sprint and their rate limiting. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL fwding
I am investigating a problem in which messages to a local account, forwarded to AOL are not received - the thinking is that they are blocked as spam since they have a FROM [EMAIL PROTECTED] , but come from a non-hotmail server. Everything else straight to AOL seems to be working. I haven't heard of AOL blocking outgoing E-mail, but it certainly is possible. Have you checked your IMail SMTP log files to see if there were any connection attempts for that E-mail? Have you tried entering the To: address in the Mail Test box at http://www.DNSreport.com to see if it reports any problems? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] An optional web interface for Declude JunkMail?
Guess it depends on the cost ? -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 16 Dec 2002 19:49:40 -0500 A lot of our customers seem to want a web interface to Declude JunkMail, mostly so that customers can turn their spam settings on or off. We haven't come up with something in the past, because it is very complicated without a hook into web messaging, and it doesn't look like Ipswitch is planning to add an interface to web messaging any time soon. However, we are at the point where we are considering a web interface. If we do it, it would probably need to be done as an addon to Declude JunkMail, mainly because the development and support costs would be fairly high. It would also have some drawbacks, being separate from web messaging. For example, it would require installing a separate service, using a different port than 80 or 8383 for web access (which may cause firewall problems), and having users enter their username/password a second time (if they are already using web messaging). Is this something that is important enough that it would be worthwhile? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] An optional web interface for Declude JunkMail?
Sandy, I am very interested in your beta code (understanding it's beta). Thank you for your knowledge and contribution. Keith [EMAIL PROTECTED] -Original Message- From: Sanford Whiteman [mailto:[EMAIL PROTECTED]] Sent: Wed 12/18/2002 9:00 PM To: Tom Cc: Subject: Re[2]: [Declude.JunkMail] An optional web interface for Declude JunkMail? Nobody seems to have acknowledged my message about REDIRECTing to PLAN.IMA for per-user actions, but I am using the method with great success to provide user self-management from *within* IMail Web Messaging. If I, no JavaScript guru, can do it, surely others could go this or similar routes and leave you free for developing Junkmail Ultra. :) I'm curious about this, would you send me a sample? I have, in defiance of the usual prohibitions, sent a screen shot of what I have running *within IMail*, since everyone but Tom seems to think this is a non-issue. I will send my beta code to anyone who's interested. -Sandy winmail.dat
Re: [Declude.JunkMail] relays.osiriusoft.com
I prefer the forwarder configuration since infrequently used domain names resolve much faster from a large cache. If I have 5 tests using relays.osirusoft.com, does it send 5 queries per E- mail?This seems to be the thing that triggered the block. Even if we go directly to relays.osirusoft.com or are able to get an entire secondary copy of the zone, this would seem to be a good optimization to reduce DNS server load. FYI - Sprint has blocked our DNS server; we were using their server in a forwarder configuration ; reason too many lookups to relays.osirusoft.com If you are going to set up a DNS server, you don't have to worry about IXFR -- it can connect directly to relays.osirusoft.com, bypassing Sprint and their rate limiting. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL fwding
To clarify, the email comes to a local account, which is forwarded to an E-mail address @aol.com . I see in the logs where AOL has accepted the message but the customer says it never gets to the AOL inbox. I will try to contact AOL and see what they say. I am investigating a problem in which messages to a local account, forwarded to AOL are not received - the thinking is that they are blocked as spam since they have a FROM [EMAIL PROTECTED] , but come from a non-hotmail server. Everything else straight to AOL seems to be working. I haven't heard of AOL blocking outgoing E-mail, but it certainly is possible. Have you checked your IMail SMTP log files to see if there were any connection attempts for that E-mail? Have you tried entering the To: address in the Mail Test box at http://www.DNSreport.com to see if it reports any problems? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] relays.osiriusoft.com
If I have 5 tests using relays.osirusoft.com, does it send 5 queries per E- mail? That is correct. However, if your DNS server operates efficiently, it *should* only send out 1 query. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL fwding
To clarify, the email comes to a local account, which is forwarded to an E-mail address @aol.com . I see in the logs where AOL has accepted the message but the customer says it never gets to the AOL inbox. I will try to contact AOL and see what they say. Ah, I see. I'm guessing that AOL must see something about the forwarded message (perhaps extra Received: headers) and uses that as part of its secret calculation for determining when to silently drop E-mail. If AOL does say anything about this, I would be very interested to know what they say, as I believe they do not acknowledge the secret spam filtering (as opposed to the standard spam filtering, where they will bounce the E-mails). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] relays.osiriusoft.com
Bind 8 at least, does not group requests for the same host name resolution. I don't know about V9 (which doesn't run reliably on Win32). My only option to minimize hits on an external server will be direct resolution which slows down some other sites, or being able to become a secondary for relays.osirusoft.com. If I have 5 tests using relays.osirusoft.com, does it send 5 queries per E- mail? That is correct. However, if your DNS server operates efficiently, it *should* only send out 1 query. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] REDIRECT in $default$.junkmail
Scott, Is the REDIRECT statement processes per domain as well or only on the global $default$.junkmail file? I have redirects for several addresses in our primary domain, but I need to have a different set of actions for all of our hosting accounts, so I have per domain set up for our primary and want to be sure where the REDIRECT statements will come from. Thanks, Chuck Frolick ArgoNet, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] REDIRECT in $default$.junkmail
Is the REDIRECT statement processes per domain as well or only on the global $default$.junkmail file? It will work in per-user or per-domain files as well. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL fwding
If AOL does say anything about this, I would be very interested to know what they say, as I believe they do not acknowledge the secret spam filtering (as opposed to the standard spam filtering, where they will bounce the E-mails). We had a similar issue where AOL black-holed one particular mail server IP on us. Relaying through a different server on the same netblock worked fine, so they were clearly blocking that specific IP for some unknown reason. I contacted them repeatedly regarding the issue and a couple weeks later they simply said it was fixed. No explanation why they blocked the IP or any other details to go on. - Mike Griffin Handy Networks, LLC --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] relays.osiriusoft.com
My only option to minimize hits on an external server will be direct resolution which slows down some other sites, or being able to become a secondary for relays.osirusoft.com. Your own server should NOT be noticably slower unless it is not configured correctly. Without a forwarder to use, lookups could be slightly slower at first, but once you use it a bit, it will build a decent lookup cache of it's own, then it should be faster than using any external site or forwarder. From Scott's site, it appears that the osirusoft.com sites have a TTL of 43200, so once you do a lookup, all subsequent lookups for that same IP should be served from your local cache (at least for the next 43200 seconds). If you are stuck on win32 platform, you'll need a fairly decent machine to make up for the GUI, but a VERY inexpensive, high performance DNS resolver can be built with FreeBSD/BIND on VERY modest hardware (steal your kids p233, stuff some more RAM in it and go). Our fastest DNS server is a 400Mhz PII, slowest is a 200. We are running 16 IP4 based tests on each email right now. We handle approx 20,000 messages/day. Declude is pointed at a FreeBSD4.7/BIND8 P400 Machine for doing it's DNS test lookups. This machine's average processor use is like 4%. It's hardly breaking a sweat. Unless you are generating some SERIOUS DNS traffic, IMO doing zone transfers is unnecessary extra work. - Tony --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] relays.osiriusoft.com
If you get the right software Win32 DNS doesn't need a lot of machine either. I run win2k on a dual p150 and a ppro200. Both machines only have 128MB RAM, I run Simple DNS Plus by jhsoft.com, no problems, that's with running a small ISP and hosting over 200 domains in DNS. Plus the software is very affordable, $79 for 25 zones, $149 for unlimited. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tony Gray - Network Administrator Sent: Thursday, December 19, 2002 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] relays.osiriusoft.com My only option to minimize hits on an external server will be direct resolution which slows down some other sites, or being able to become a secondary for relays.osirusoft.com. Your own server should NOT be noticably slower unless it is not configured correctly. Without a forwarder to use, lookups could be slightly slower at first, but once you use it a bit, it will build a decent lookup cache of it's own, then it should be faster than using any external site or forwarder. From Scott's site, it appears that the osirusoft.com sites have a TTL of 43200, so once you do a lookup, all subsequent lookups for that same IP should be served from your local cache (at least for the next 43200 seconds). If you are stuck on win32 platform, you'll need a fairly decent machine to make up for the GUI, but a VERY inexpensive, high performance DNS resolver can be built with FreeBSD/BIND on VERY modest hardware (steal your kids p233, stuff some more RAM in it and go). Our fastest DNS server is a 400Mhz PII, slowest is a 200. We are running 16 IP4 based tests on each email right now. We handle approx 20,000 messages/day. Declude is pointed at a FreeBSD4.7/BIND8 P400 Machine for doing it's DNS test lookups. This machine's average processor use is like 4%. It's hardly breaking a sweat. Unless you are generating some SERIOUS DNS traffic, IMO doing zone transfers is unnecessary extra work. - Tony --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL fwding
If AOL does say anything about this, I would be very interested to know what they say, as I believe they do not acknowledge the secret spam filtering (as opposed to the standard spam filtering, where they will bounce the E-mails). Please, with the amount of junk I get in my AOHell mailbox, and the amount of junk I get FROM AOHell through our server, they don't do a very good job of Spam control. But I'd be interested to know myself if AOL says anything. Keep us posted. Paul --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Hex Code URL's...
Title: Message Hi; I am seeing more and more URL's that are encoded, like: http:[EMAIL PROTECTED]/%72%65%64%6C%69%67%68%74%65%6D%61%69%6C%2F%69%6D%61%67%65%73%2F%30% I am yet to see anyone with a legitimate eMail use such an approach for sending their links. Is there a legitimate reason to do this? It seems like this could be an easy test to have in JM for the body. It is almost like a 100% guarantee that if used this is a spam.. Regards, Kami
RE: [Declude.JunkMail] Hex Code URL's...
This is a trick to make the user think that they're going to a link on yahoo. Actually this is redirecting them to IP address: 0xD5.0xEF.0x8F.0x9A or 213.239.143.154 and then encode the path. I can't see any reason to do this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan Sent: Thursday, December 19, 2002 12:29 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hex Code URL's... Hi; I am seeing more and more URL's that are encoded, like: http:[EMAIL PROTECTED]/%72%65%64%6C%69%67%68%74%65%6D% 61%69%6C%2F%69%6D%61%67%65%73%2F%30% I am yet to see anyone with a legitimate eMail use such an approach for sending their links. Is there a legitimate reason to do this? It seems like this could be an easy test to have in JM for the body. It is almost like a 100% guarantee that if used this is a spam.. Regards, Kami --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL fwding
Please, with the amount of junk I get in my AOHell mailbox, and the amount of junk I get FROM AOHell through our server, they don't do a very good job of Spam control. Sending and receiving are 2 different actions. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hex Code URL's...
This is a trick to make the user think that they're going to a link on yahoo. Actually this is redirecting them to IP address: 0xD5.0xEF.0x8F.0x9A or 213.239.143.154 and then encode the path. Or even worse, it could be coded to access other parts of your computer, such as Code Red virus. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hex Code URL's...
We've done some research on this and experimented with some rules. More rule templates are coming, but as it turns out - filtering this is harder than you might expect - depending upon your system's requirements. Many supposedly legitimate mail/news systems encode large segments of URLs or even entire urls after some processing root in order to track user activity. Many of our first attempts to filter based on this kind of encoding have since been rejected due to false positive requests. One such rule even blocked messages from the IMail list due to an encoded %40 in the tag line. One trick that seems to reduce the false positive rate is to define the root of the URL carefully and to ensure that the pattern match is at the root of the URL... so, for example, look for the href= or href= at the top of the url to avoid the kind of legitimate encoding that might come later. Hope this helps, _M PS: We do have a number of rules coding for patters like this and they are very successful - not as successful as we thought they would be, but still pretty good! Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith | Sent: Thursday, December 19, 2002 12:32 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Hex Code URL's... | | | This is a trick to make the user think that they're going to | a link on yahoo. Actually this is redirecting them to IP address: | | 0xD5.0xEF.0x8F.0x9A | | or 213.239.143.154 and then encode the path. | | I can't see any reason to do this. | | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan | Sent: Thursday, December 19, 2002 12:29 PM | To: [EMAIL PROTECTED] | Subject: [Declude.JunkMail] Hex Code URL's... | | | Hi; | I am seeing more and more URL's that are encoded, like: | http:[EMAIL PROTECTED]/%72%65%64%6C%69%67%68%74%65%6D% 61%69%6C%2F%69%6D%61%67%65%73%2F%30% I am yet to see anyone with a legitimate eMail use such an approach for sending their links. Is there a legitimate reason to do this? It seems like this could be an easy test to have in JM for the body. It is almost like a 100% guarantee that if used this is a spam.. Regards, Kami --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hex Code URL's...
I might add to this thread that it is fairly common to see Yahoo Redirects in spam content these days. There are many forms... We also see redirects through excite, msn, and some unsuspecting corporate sites - usually referenced by IP. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of John | Tolmachoff | Sent: Thursday, December 19, 2002 12:57 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Hex Code URL's... | | | This is a trick to make the user think that they're going | to a link on | yahoo. Actually this is redirecting them to IP address: | | 0xD5.0xEF.0x8F.0x9A | | or 213.239.143.154 and then encode the path. | | Or even worse, it could be coded to access other parts of | your computer, such as Code Red virus. | | John Tolmachoff MCSE, CSSA | IT Manager, Network Engineer | RelianceSoft, Inc. | Fullerton, CA 92835 | www.reliancesoft.com | | | | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hex Code URL's...
Theoretically, there should never be a @ symbol in the URL unless it contains authentication. I can't think of that happening too often. The problem is searching for http://%@% where % is the wildcard. I don't think this is possible with the current filters. Scott? Maybe just placing a weight test to search for @ or %40 would help, but as _M just pointed out there are some that will be trapped. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Madscientist Sent: Thursday, December 19, 2002 1:18 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hex Code URL's... We've done some research on this and experimented with some rules. More rule templates are coming, but as it turns out - filtering this is harder than you might expect - depending upon your system's requirements. Many supposedly legitimate mail/news systems encode large segments of URLs or even entire urls after some processing root in order to track user activity. Many of our first attempts to filter based on this kind of encoding have since been rejected due to false positive requests. One such rule even blocked messages from the IMail list due to an encoded %40 in the tag line. One trick that seems to reduce the false positive rate is to define the root of the URL carefully and to ensure that the pattern match is at the root of the URL... so, for example, look for the href= or href= at the top of the url to avoid the kind of legitimate encoding that might come later. Hope this helps, _M PS: We do have a number of rules coding for patters like this and they are very successful - not as successful as we thought they would be, but still pretty good! Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hex Code URL's...
The problem is searching for http://%@% where % is the wildcard. I don't think this is possible with the current filters. No, that wouldn't be possible with the current filters (although the IMail filters might handle it). We will likely add two tests; one that looks for encoded characters within the domain of a URL (IE it would catch http://www.declud%65.com; but not http://www.declude.com/sp%61m;), and another that looks for an @ within the URL. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hex Code URL's...
Another good way to differentiate the encoded characters is to trap on encoding characters that _should_ be normal ascii letters or numbers. In theory, the only characters that should be encoded would be outside this range so it's a good bet that encoding normal characters is an obfuscation attempt. This will definitely need to be a weighted test though. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Thursday, December 19, 2002 1:32 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Hex Code URL's... | | | | The problem is searching for http://%@% where % is the wildcard. I | don't think this is possible with the current filters. | | No, that wouldn't be possible with the current filters | (although the IMail | filters might handle it). | | We will likely add two tests; one that looks for encoded | characters within | the domain of a URL (IE it would catch | http://www.declud%65.com; but not | http://www.declude.com/sp%61m;), and another that looks for an @ within the URL. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] An optional web interface for Declude JunkMail?
I would like to give it a look as well. We have been working on an interface for quite some time. I would be happy to review your code then see where we can plug in some of what we have built. Thanks for the offer. And just for the disclaimer... I understand that the code is BETA and not guaranteed to do anything. :) rusty [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sanford Whiteman Sent: Wednesday, December 18, 2002 9:00 PM To: Tom Subject: Re[2]: [Declude.JunkMail] An optional web interface for Declude JunkMail? Nobody seems to have acknowledged my message about REDIRECTing to PLAN.IMA for per-user actions, but I am using the method with great success to provide user self-management from *within* IMail Web Messaging. If I, no JavaScript guru, can do it, surely others could go this or similar routes and leave you free for developing Junkmail Ultra. :) I'm curious about this, would you send me a sample? I have, in defiance of the usual prohibitions, sent a screen shot of what I have running *within IMail*, since everyone but Tom seems to think this is a non-issue. I will send my beta code to anyone who's interested. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hex Code URL's...
Another good way to differentiate the encoded characters is to trap on encoding characters that _should_ be normal ASCII letters or numbers. In theory, the only characters that should be encoded would be outside this range so it's a good bet that encoding normal characters is an obfuscation attempt. This will definitely need to be a weighted test though. Wouldn't that also take a good amount of resources, since the string would have to be decoded twice, one for logical and one for hex? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AOL problem or mine?
Has anyone been having trouble with sending to AOL? I have a lot of users calling because messages to AOL.COM or CS.COM keep getting returned after 3 attempts. It has just started in the last few days. We aren't on AOL's blacklist. I posted this on the Imail list but so far nothing has helped. I seem to get an answer I understand better here usually anyway. Dustin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help
Does ANYBODY have a number on this list for SortMonster..I have a major problem and have been emailing them all week with NO response...If I dont get to some one there soon I will be doing a charge back for the $300 they charged me for their softwaretheir support is nothing compared to Declude's ( which is the best I have ever seen).. Sorry if this is inappropriate on this list but I am desperate Richard Farris [EMAIL PROTECTED] 1.800.548.3877 - Original Message - From: Madscientist [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 12:20 PM Subject: RE: [Declude.JunkMail] Hex Code URL's... I might add to this thread that it is fairly common to see Yahoo Redirects in spam content these days. There are many forms... We also see redirects through excite, msn, and some unsuspecting corporate sites - usually referenced by IP. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of John | Tolmachoff | Sent: Thursday, December 19, 2002 12:57 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] Hex Code URL's... | | | This is a trick to make the user think that they're going | to a link on | yahoo. Actually this is redirecting them to IP address: | | 0xD5.0xEF.0x8F.0x9A | | or 213.239.143.154 and then encode the path. | | Or even worse, it could be coded to access other parts of | your computer, such as Code Red virus. | | John Tolmachoff MCSE, CSSA | IT Manager, Network Engineer | RelianceSoft, Inc. | Fullerton, CA 92835 | www.reliancesoft.com | | | | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 11/01/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL problem or mine?
This is being discussed on the CF-Talk list as well. Started up yesterday, I believe. Someone on that list got hold of an AOL admin (as if there really are any) and posted this: | I called AOL and their tech advised me to make RDNS entries | for every domain then wait 24 hours and try again --- Matt Robertson, MSB Designs, Inc. http://mysecretbase.com - Retail http://foohbar.org - ColdFusion Tools --- -- Original Message -- From: Dustin Freeman [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Thu, 19 Dec 2002 14:43:33 -0500 Has anyone been having trouble with sending to AOL? I have a lot of users calling because messages to AOL.COM or CS.COM keep getting returned after 3 attempts. It has just started in the last few days. We aren't on AOL's blacklist. I posted this on the Imail list but so far nothing has helped. I seem to get an answer I understand better here usually anyway. Dustin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL problem or mine?
This is being discussed on the CF-Talk list as well. Started up yesterday, I believe. Someone on that list got hold of an AOL admin (as if there really are any) and posted this: | I called AOL and their tech advised me to make RDNS entries | for every domain then wait 24 hours and try again FWIW, that may just be generic advice from AOL, and not specific to the problem they are having. For at least a year or two, AOL has used the lack of a reverse DNS entry to penalize E-mail as part of their secret (undocumented) anti-spam system. The lack of a reverse DNS entry by itself won't cause an E-mail to be deleted by AOL, but it is used as part of their anti-spam formula (along with the publicly documented system at http://postmaster.info.aol.com , which bounces E-mail rather than deleting it). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help
Does ANYBODY have a number on this list for SortMonster..I have a major problem and have been emailing them all week with NO response...If I dont get to some one there soon I will be doing a charge back for the $300 they charged me for their softwaretheir support is nothing compared to Declude's ( which is the best I have ever seen).. Sorry if this is inappropriate on this list but I am desperate FWIW, their support is very good from what I have seen. Have you checked your log file to make sure that the E-mail is actually getting to them, and that their responses aren't getting deleted? We occasionally have problems with our customers where either the E-mail doesn't make it to us, or E-mail being sent in response gets deleted (typically due to an IMail filter). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL problem or mine?
Hi, yes, got complaints yesterday as well (one of our mailing lists) - seems to be back to normal, though. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dustin Freeman Sent: Thursday, December 19, 2002 02:44 PM To: '[EMAIL PROTECTED]' Subject: [Declude.JunkMail] AOL problem or mine? Has anyone been having trouble with sending to AOL? I have a lot of users calling because messages to AOL.COM or CS.COM keep getting returned after 3 attempts. It has just started in the last few days. We aren't on AOL's blacklist. I posted this on the Imail list but so far nothing has helped. I seem to get an answer I understand better here usually anyway. Dustin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL problem or mine?
I understand that AOL just implemented a new spam filter and are having a lot of issues like this.. At your service, Richard Farris [EMAIL PROTECTED] 1.800.548.3877 - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 2:17 PM Subject: RE: [Declude.JunkMail] AOL problem or mine? Hi, yes, got complaints yesterday as well (one of our mailing lists) - seems to be back to normal, though. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dustin Freeman Sent: Thursday, December 19, 2002 02:44 PM To: '[EMAIL PROTECTED]' Subject: [Declude.JunkMail] AOL problem or mine? Has anyone been having trouble with sending to AOL? I have a lot of users calling because messages to AOL.COM or CS.COM keep getting returned after 3 attempts. It has just started in the last few days. We aren't on AOL's blacklist. I posted this on the Imail list but so far nothing has helped. I seem to get an answer I understand better here usually anyway. Dustin --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 11/01/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL problem or mine?
Our reverse DNS is fine,(checked it on dnsstuff.com) I went to postmaster.info.aol.com and nothing there helped. We are not getting the message from AOL, it appears that it comes from our server after trying to send the message 3 times and failing each time. I haven't had a chance to check the smtp log. Our server has had a noticeable increase in load the last few days as a result of all the attempts and replies I'd suspect. I'll wait till tomorrow and see if the problem still exists. If anyone has any updates from AOL let me know on or off list. Dustin -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 19, 2002 3:03 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] AOL problem or mine? This is being discussed on the CF-Talk list as well. Started up yesterday, I believe. Someone on that list got hold of an AOL admin (as if there really are any) and posted this: | I called AOL and their tech advised me to make RDNS entries | for every domain then wait 24 hours and try again FWIW, that may just be generic advice from AOL, and not specific to the problem they are having. For at least a year or two, AOL has used the lack of a reverse DNS entry to penalize E-mail as part of their secret (undocumented) anti-spam system. The lack of a reverse DNS entry by itself won't cause an E-mail to be deleted by AOL, but it is used as part of their anti-spam formula (along with the publicly documented system at http://postmaster.info.aol.com , which bounces E-mail rather than deleting it). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help
Thank you for allowing me to use this list to get the problem resolved. Pete was very helpful and I knew in my heart for some reason they were not getting my emails because before last Thursday they were very responsive...I told this to Scott...this is a lot off my mind for the Christmas Holiday... Thanks for helping...MERRY CHRISTMAS Richard Farris [EMAIL PROTECTED] 1.800.548.3877 - Original Message - From: Madscientist [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 19, 2002 4:21 PM Subject: RE: [Declude.JunkMail] Help There was a bad rule in the system that was blocking his email to us. We called him immediately when we saw these notes on the declude list and have solved the problem. The rule is now blocked so that this can't happen again. We will be posting Panic procedures on our site to solve the contact problem in future. In case anyone does need to get our phone number you can find it on the MicroNeil web site at www.microneil.com. We will also be posting it in the panic procedures on the SortMonster site. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief Sortmonster (www.sortmonster.com) VOX: 703-406-2016 FAX: 703-406-2017 | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Thursday, December 19, 2002 3:04 PM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Help | | | | Does ANYBODY have a number on this list for SortMonster..I | have a major | problem and have been emailing them all week with NO response...If I | dont get to some one there soon I will be doing a charge | back for the | $300 they charged me for their softwaretheir support is nothing | compared to Declude's ( which is the best I have ever seen).. | | Sorry if this is inappropriate on this list but I am desperate | | FWIW, their support is very good from what I have seen. Have | you checked | your log file to make sure that the E-mail is actually | getting to them, and | that their responses aren't getting deleted? We occasionally | have problems | with our customers where either the E-mail doesn't make it to | us, or E-mail | being sent in response gets deleted (typically due to an | IMail filter). | -Scott | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 11/01/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] relays.osiriusoft.com
relays.osiriusoft.com is not a regular DNS query. They are scanned for each email to see whether the source email exists in the DNS. (Scott/Len/Sanford - bail me out here if I'm not understanding this right) :-) Declude does a seperate DNS lookup for each IP4r test for each email it is set to check. So if you do 12 different ip4r type tests, 12 DNS queries are done for each email. Declude either uses the DNS server you hand code in global.cfg, or it uses the one defined in Imail's SMTP tab. Declude does NOT cache any results from these lookups, but the DNS server that Declude references DOES cache these lookups - just like any other DNS lookup - up to it's TTL. Most DNS servers will cache both positive (I found an answer) and negative (no answer was found at the DNS server) results. If your DNS server is local - and your declude is busy - your local DNS server will have a rich cache of recent lookups it's already done. relays.osirusoft.com's default TTL is 2 DAYS. That means unless you set a lower TTL in your resolver, if you recieve 1000 emails from a certain spammer IP within that two day period, your server will answer 999 of the queries from it's local cache. Declude does not cache, but if a good percentage of Decludes lookups only involve your 100/1000 LAN (and not external lookups over the Internet) - performance will greatly improve. Of course individual results may vary just based on what type of network you have (corporate vs. ISP for example), how many users, etc. etc. - Tony --- [This E-mail was scanned for viruses by http://www.intouchmi.com] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist per user
Is it possible to set-up a whitelist per user. I have it running per user but there are a couple of people that haven't received mail from friends so I have whitelisted in the global.cfg. I would rather whitelist for the particular user. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL problem or mine?
Our reverse DNS is fine,(checked it on dnsstuff.com) I went to postmaster.info.aol.com and nothing there helped. We are not getting the message from AOL, it appears that it comes from our server after trying to send the message 3 times and failing each time. It sounds like AOL is having some problems on their end. I would recommend setting IMail to try E-mail more than 3 times, though (unless perhaps you have a long delay between each attempt), as many transient failures can take more than 3 tries before they are fixed (such as in this case). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist per user
Is it possible to set-up a whitelist per user. I have it running per user but there are a couple of people that haven't received mail from friends so I have whitelisted in the Global.cfg. I would rather whitelist for the particular user. We have a program that we created that is in the final beta test stage that will help in this kind of situation. It checks the from address and to address and if it finds both matches in the from.txt and to.txt files, it fails which you could then add a negative fail weight to white list the message. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] relays.osiriusoft.com
Declude does a seperate DNS lookup for each IP4r test for each email it is set to check. So if you do 12 different ip4r type tests, 12 DNS queries are done for each email. Declude either uses the DNS server you hand code in global.cfg, or it uses the one defined in Imail's SMTP tab. Correct. Declude does NOT cache any results from these lookups, but the DNS server that Declude references DOES cache these lookups - just like any other DNS lookup - up to it's TTL. Most DNS servers will cache both positive (I found an answer) and negative (no answer was found at the DNS server) results. Correct. The one catch here is when a single E-mail results in two or more identical queries (for example, with the OSSRC, OSFORM, OSRELAY, etc. tests). In this case, Declude JunkMail makes 3 identical queries (in this case, all would be 1.0.0.127.relays.osirusoft.com, if the IP was 127.0.0.1), which the DNS server may end out 3 times (even though it only needs to be sent out once). The next release of Declude JunkMail will only send out 1 query in this case, which will cut down on DNS traffic slightly. If your DNS server is local - and your declude is busy - your local DNS server will have a rich cache of recent lookups it's already done. relays.osirusoft.com's default TTL is 2 DAYS. That means unless you set a lower TTL in your resolver, if you recieve 1000 emails from a certain spammer IP within that two day period, your server will answer 999 of the queries from it's local cache. Declude does not cache, but if a good percentage of Decludes lookups only involve your 100/1000 LAN (and not external lookups over the Internet) - performance will greatly improve. Correct. And a very good explanation, by the way! -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whitelist per user
Is it possible to set-up a whitelist per user. I have it running per user but there are a couple of people that haven't received mail from friends so I have whitelisted in the global.cfg. I would rather whitelist for the particular user. There should be per-user whitelisting in the next beta. In the meantime, you may want to try John's program with the to/from matching. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist per user
John, Is it possible to try this out? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff Sent: Thursday, December 19, 2002 4:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Whitelist per user Is it possible to set-up a whitelist per user. I have it running per user but there are a couple of people that haven't received mail from friends so I have whitelisted in the Global.cfg. I would rather whitelist for the particular user. We have a program that we created that is in the final beta test stage that will help in this kind of situation. It checks the from address and to address and if it finds both matches in the from.txt and to.txt files, it fails which you could then add a negative fail weight to white list the message. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist per user
Is it possible to try this out? Yes, I will get it zipped and to you in the morning. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
