Oh... dumb me... thanks Scott...
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 11, 2003 5:39 PM
Subject: Re: [Declude.JunkMail] Question about filter test
>
> >Below is a log section that I'm curious about. The weight on MYFIL
Below is a log section that I'm curious about. The weight on MYFILTER is
-88, but when it lists the failure of the test is puts (14) next to the
test. Doesn't that mean declude thinks it has a weight of 14 when it was
actually -88 ? I'm running the latest interim release of 1.70. (just got
it
Thanks Scott. We'll just have to program around their problems here, they
obviously aren't interested in fixing anything there.
K
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
> Sent: Friday, July 11, 2003 3:35 PM
> To: [EMAIL PROTECT
Below is a log section that I'm curious about. The
weight on MYFILTER is -88, but when it lists the failure of the test is puts
(14) next to the test. Doesn't that mean declude thinks it has a weight of 14
when it was actually -88 ? I'm running the latest interim release of 1.70. (just
got i
Glenn,
I look up the HELO strings in the LOG*.TXT files. Most of the time you can
match on "IS" for the IP address, instead of CONTAINS, but it does depend on
the string. Some of the ones trying to relay thru us recently is
"http://monoin.com";, another is www.xyz34.uk.co.sg. So, it depends on w
Sorry, I didn't mean to imply that whitelisting my IP had anything to do
with the HELO. And, yes, we do block spoofing at the router. At least one or
two people in the past, however, have seemed to have problems with spam
attacks that were resolved by removing their own IP's from whitelists.
There
OK thanks...will just use mine and very specific addresses...
One other question:
When adding a line to the domain list, what/when is the correct method of
adding a "." before a domain, for example:
HELO 20 CONTAINS .gstassoc.com
The from addresses usually do not show additional aliases, but w
- Original Message -
From: "Karen D. Oland" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 11, 2003 12:28 PM
Subject: RE: [Declude.JunkMail] Lost One Account - Help Please
> I've seen connects that used our IP address as their HELO/EHLO strings.
> Same for using our domai
Can someone take a look at the headers on this email and tell me why it
failed badheaders?
From this header:
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
[c040020e].
we see that the code is "c040020e" (that code is shared by SPAMHEADERS and
BADHEADERS). The BADHEADE
Aarrgh. I meant to say, that includes OUR very valid mail server in that
range.
What Glenn should do is block servers pretending to be HIS domain (so, he
should use HIS ip address in the HELO line), not any type of range. Range
blocking would be more appropriate for blocking blocks of numbers use
I've seen connects that used our IP address as their HELO/EHLO strings.
Same for using our domain name (none were able to deliver their mail, most
were relay attempts).
Interesting list. I may add it, after reviewing some of the mailfrom
characters (I see more and more "bad" mailfroms, most so the
I just hope you don't include either of the below (since that range includes
are very valid email server and probably a few more).
Use the single address of your own server (since the problem is people
pretending to be YOU, not ME (I hope)).
Karen
> -Original Message-
> From: Glenn Brook
Can someone take a look at the headers on this email and tell me why it
failed badheaders? I'd like to hold on that test (since it is supposed to
be such a small % of FP), but the first (and today only) message that failed
the test after starting the hold is from CBS Marketwatch. They have several
When I checked last month I was doing about 1 in 20,000 (.005%), but this takes some
fairly sophisticated tuning.
Dan
On Friday, July 11, 2003 9:18, Douglas Brantley <[EMAIL PROTECTED]> wrote:
>
> New to list...
>
> We are considering purchasing Declude Junkmail.
>
> I am con
www.eservicesforyou.com/products/autowhite.html
Sorry, I promise I will get to updating the site soon. However, client work
comes first. ;-)>
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Dec
Oops, remove the minus "-" from all of these (that's what happens when you
copy and paste from the wrong line).
Bill
- Original Message -
From: "Bill Landry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 11, 2003 11:23 AM
Subject: Re: [Declude.JunkMail] Lost One Account -
- Original Message -
From: "Karen D. Oland" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 11, 2003 9:12 AM
Subject: RE: [Declude.JunkMail] Lost One Account - Help Please
> Make sure you DO NOT whitelist your own domain, ip address, the postmaster
I agree with everything
Sorry for the OT post. Just curious is anyone else has started to get SMS spam
on their cell phones. We have been getting them for the last 2 days on Nextel
and ATT. About 30 so far. All the SMS messages start with the word NIGERIA.
This is a dismal prospect if we can now expect regular SMS messag
I recently noticed a piece of spam which had made it to my inbox had used my
own mail server's IP address as it's HELO.
So I did a little digging in my recent IMail sysMMDD.txt logs and found that
the mail server was getting at least a 150 of these every day and that none
of them (of course) were
> I am concerned about false positives the time
> required to deal with them.
>
> Of those of currently runing Declude Junkmail,
> what is your rate of false postives and how
> do you best manage the false postives?
For BEST results, get the PRO version.
Everyone waging this spam fight is concern
A couple of questionswhen testing for an IP address, if I want to
filter a block of address what is the correct way to write this:
HELO 20 CONTAINS 216.111.26.
OR CAN
HELO 15 CONTAINS 216.111.26.0/24
You would need to use "HELO 20 CONTAINS 216.111.26." (for the filters,
Declude JunkMail n
Thanks ... good advice
A couple of questionswhen testing for an IP address, if I want to
filter a block of address what is the correct way to write this:
HELO 20 CONTAINS 216.111.26.
OR CAN
HELO 15 CONTAINS 216.111.26.0/24
Also is there a size limit with declude for the .txt files use
Hi db:
If you are concerned about false positives I strongly strongly suggest you
look at this product as an add-on to Declude.
-- AutoWhiteList - http://www.eservicesforyou.com
Sorry it seems like no link is available on the site to the product.
This product assigns negative weight to people y
Just a little FYI...
I subscribe to some of Chris Pirillo's Lockergnome newsletters and Today's
Windows Daily newsletter has a blurb about www.dnsstuff.com. See it at
http://www.lockergnome.com/issues/daily/20030710.html about halfway down the
page.
Regards,
Dan Horne
--
Quote
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas Brantley
Sent: Friday, July 11, 2003 12:18 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] False Positives
New to list...
We are considering purchasing Declude Junkmail.
> Is it possible to remove virus scanning from one user?
We do not give users that option here and only 1 person has ever asked. I
simply told them it was for network security. They are still a customer!
My original reason for installing Declude Virus was I woke up one Monday
morning and had like
My suggestion is to set a high delete weight and lower hold weight. Then,
use SpamReview a couple of times per day to review the held messages, and
then make adjustments to filters and other tests as needed.
Then, in a week or two, you can start adjusting the actions on weights.
John Tolmachoff M
I've asked this before but, forgot (also the archives have forgot too
:)
Is it possible to remove virus scanning from one user?
With Declude Virus Pro, you can use the virus_domains.txt and
virus_users.txt files to do this (you would need "DEFAULT ON" in the
virus_domains.txt file, and "[EMAIL
We originally used IMAIL's rules. They simply quit working when the text
file gets "too big" -- an arbitrary, undocumented size (and tech support had
no suggestions or work-arounds, just "too bad"). We did try multiple files,
but had to keep adding new files each week. In declude, we break up fi
New to list...
We are considering purchasing Declude Junkmail.
I am concerned about false positives the time
required to deal with them.
Of those of currently runing Declude Junkmail,
what is your rate of false postives and how
do you best
Make sure you DO NOT whitelist your own domain, ip address, the postmaster
or abuse email addresses. Most of our "ignore" results for spam came when
one or more of these was whitelisted (especially postmaster or abuse -- real
mails never seem to have problems going there, but any spam that cc's th
> >Is there a test in Declude Junkmail to check (VERIFY) that the sender
exists?
> >
> >i.e. Using the SMTP VRFY command to check the validity of the sender. If
> >the address is not valid, toss the mail!
>
> This is one that we are considering adding.
>
> It isn't foolproof, though -- it will of
Hi,
I've asked this before but, forgot (also the archives have forgot too
:)
Is it possible to remove virus scanning from one user?
Regards,
Malcolm
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mai
Is there a test in Declude Junkmail to check (VERIFY) that the sender exists?
i.e. Using the SMTP VRFY command to check the validity of the sender. If
the address is not valid, toss the mail!
This is one that we are considering adding.
It isn't foolproof, though -- it will often say an address
Title: Message
Your basic theory is sound, however it is not quite that cut-and-dry in
practice. The majority of the rules we code into Message Sniffer are based on
the premise of "attacking the redirection"... that is, filter on where "they"
want us to go. This makes these rules very effecti
Another easy thing you can do is use Imail Domain Processing Rules - to
delete all mail from a certain domain.
We use this feature by checking the From or the Sender.
Some junkmail comes from different sources but has a link in the body that's
the same we check for Body Contains (the link) to catc
Title: Message
I've been blocking based on content for a few
years.
The open relays/proxies/hacked servers/spam
friendly networks just keep moving ips. Much more logical but resurce intensive
to block on content.
The message is the real problem not the
messenger.
And it is much more di
Title: Message
Is there a test in
Declude Junkmail to check (VERIFY) that the sender exists?
i.e. Using the SMTP
VRFY command to check the validity of the sender. If the address is not valid,
toss the mail!
Jon
Lapp
Computer
Systems Specialist
Northstar
Computer Forms, Inc.
716.763.55
Declude users who add Message Sniffer can add custom rules to their rule
base with pattern matching that approaches regex capability - and the
engine is extremely efficient.
_M
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
>Sent: Frid
Title: Message
Hi;
I am just
brainstorming.. Pro.. con?
We know one thing
about spam.. someone is trying to sell something.. so in every spam there has to
be a way for the spammer to be contacted through:
1: Web site
visit (URL or IP),
2:
email
3: Phone
number
In general I have
>>Does that mean that services are crashing? E-mails not being
>>delivered? Very slow performance?
>>
>>What type of server is it? How many E-mails/day are being scanned? Do you
>>have an on-access virus scanner running (which is known to seriously hinder
>>performance)?
> You had a snippet abo
> Is it possible to use Unix style regular expressions in JunkMail to
> search for words, ...
We're working on this.
One of the next SpamChk-releases should be able to process
reg.expressions.
However I agree with Scott's solicitude about the CPU usage.
For this we have already implemented or w
You had a snippet about not having a Reverse DNS entry, is that what you are referring
to ?
-- Original Message --
From: "R. Scott Perry" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Tue, 08 Jul 2003 16:33:51 -0400
>
>>Anybody running Imail with
R. Scott Perry wrote:
Is it possible to use Unix style regular expressions in JunkMail to
search for words, ie like m/teens/i in Perl (which would match "teens"
and "TEENS")?
No, that is not possible. We have been considering adding regexp
support, but one of the problems is that it can be ver
At my ISP I have a few mailboxes that are forewarded to me. Unfortunately
this domain (xs4all.nl) is verry popular with spammers as xs4all has tried
several times legally to have spammers procecuted. Hurray but :-( because of
the spam. They have allready installed spam filters so not a lot is comi
If you use "LOGLEVEL MID", the log file will show which configuration
file is used.
I turned on the mid level and here is one of the entries that failed,
looks like it is coming tthrough my domain, my domain is the only one that
is using the blacklist filter:
Sorry, my mistake. It should hav
Is it possible to use Unix style regular expressions in JunkMail to search
for words, ie like m/teens/i in Perl (which would match "teens" and "TEENS")?
No, that is not possible. We have been considering adding regexp support,
but one of the problems is that it can be very CPU intensive.
Andreas Folvell wrote:
Is it possible to use Unix style regular expressions in JunkMail to
search for words, ie like m/teens/i in Perl (which would match "teens"
and "TEENS")?
What I really mean is:
Is it possible to use a regular expression in a filter, like
BODY 10 MATCH_CASE_INSENSITIVE teens
Is it possible to use Unix style regular expressions in JunkMail to
search for words, ie like m/teens/i in Perl (which would match "teens"
and "TEENS")?
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the
Hi,
I just have three spreadsheets (one for each type: Spam, Positives and Not
sure) and enter the information manually. I won't do this till the end of
time, but I'm trying to find a good weighting to avoid false positives and
hold spam.
Kevin's solution seems to be more professional, hope I hav
How is this report being generated?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
interactiveaustria
Sent: Friday, July 11, 2003 12:24 AM
To: [EMAIL PROTECTED]
Subject: AW: [Declude.JunkMail] re: Spam Statistics
Hi,
got some overall statistics since I ru
A software I wrote in C# that is scheduled to email me the stats nightly for
the previous day. It also sends me weekly stats.
My software also analyzes the hold queue and sends an emial out if a user
has any held email they can then click a link in the email to requeue the
message. when they reque
Hi,
got some overall statistics since I run Declude Junkmail Light (i.e.
07-02-2003 - not too long...) I did not count mail that passed all tests,
and I could not count mail, that does not go to me except if the total
weight is 15 or more. I decided if a mail is Spam or not.
Mails received: 412
S
Hi,
At my ISP I have a few mailboxes that are forewarded to me. Unfortunately
this domain (xs4all.nl) is verry popular with spammers as xs4all has tried
several times legally to have spammers procecuted. Hurray but :-( because of
the spam. They have allready installed spam filters so not a lot is
54 matches
Mail list logo
