Also see:
http://pinkbell.net/
Best Regards,
Phillip B. Holmes
Media Resolutions Inc.
Macromedia Alliance Partner
http://www.mediares.com
[EMAIL PROTECTED]
1-888-395-4678 |Ext. 101
972-889-0201 |Ext. 101
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
I thought the essence of the argument against this is the fact that
such testing doesn't happen one at a time, but instead in unison with
one another. So if 20 queries are sent out and the first 10 that come
back to put the score high enough to fail, there isn't really that much
overhead in wa
> Sandy, can you repost the login information for the Spamanager demo account
> you setup? I stumbled across it in the archives a few weeks back, but the
> archives replaced the username email address with [EMAIL PROTECTED]
http://webmail.cypressintegrated.com:8383
Username: demo
Password: blue
I brought this up last
week. Anyone see the benefit beside me? The idea of being able to
stop testing once a given Weight has been reached seems to have multiple
benefits to me. My numbers indicate that about 45% of my spam would
benefit from stopping testing at 4X my Hold Weight.
Scott,
Since we house mulitple domains (using spam filtering) and this filter test is
used in the Global file it seems it would fail every other domain email (i.e. 1000
weight) that we house on the same box?! Is there a way to only define it for use in
the default config file for that d
Greg,
we have been using SpamCheck for about 1 1/2 months now and have had No
problems with it.
Pros
1. Easy to Install
2. Support has been good
3. Highly flexible
4. Catches a lot of spam that passes DNS and RFC tests
5. Allows you to give emails + or - weights
6. Cost $0
Cons
1. Config fi
I reduced the scores of those test's. Messages that fail BAHDEADERS
seem to often fail HELOBOGUS in my experience. It would be good to know
the error code returned by the BADHEADERS test because this shouldn't be
failed by most mailing applications (even automated ones). If you look
in your
Matt - Yes. I worked for SBC for 10 years.
Keith-
Plug in sbc pink contracts.
http://groups.google.com/groups?q=sbc+pink+contracts&ie=UTF-8&oe=UTF-8&hl=en
Best Regards,
Phillip B. Holmes
Media Resolutions Inc.
Macromedia Alliance Partner
http://www.mediares.com
[EMAIL PROTECTED]
1-888-395-4678
We only white list after emailing the user and the mail admin. It is in
their best interest to fix the RDNS and HELO bogus issues.
Attached is the email I send to them.
Why should I slow the processing of email on our server for a few ignorant
admins. I also send an automated email to all users o
Hello,
We get a lot of false postives from sites that fail two of three simple
tests such as REVDNS, HELOBOGUS and BADHEADERS which combined have just
enough weight (10 to12 ), to get tagged as spam. I have been whitelisting
as I learn about them, which seems to be approx one to three entries
I spoke to soon. If I use the weighting method, it hurts my
ability to use the Weight system to guard them against Spam. Your thoughts...
Ah, I see.
In that case, you can have the same filter, but instead of having it
defined as "MYFILTER filter C:\IMail\Declude\myfilter.txt x -1000
If a test is in the global.cfg and listed in BOTH the
declude\$default$.JunkMail file
and in the declude\domain\$default$.JunkMail file as well, will the test be
run twice?
No, it will not. With per-user and per-domain settings, the tests will
only be run once.
Scott,
I spoke to soon. If I use the weighting method, it hurts my ability to use
the Weight system to guard them against Spam. Your thoughts...
Keith
-Original Message-
From: Keith Johnson
Sent: Tue 9/2/2003 1:27 PM
To: [EMAIL PROTECTED]
Well, maybe that is why we are having problems. We are working with the
WHITELISTFILE option, not the global WHITELIST option. Perhaps we are
working under the wrong assumptions but we rather expected that the syntax
in the WHITELISTFILE would be the same as that for the WHITELIST option.
The WHIT
Sorry about the incomplete nature of the question.
If a test is in the global.cfg and listed in BOTH the
declude\$default$.JunkMail file
and in the declude\domain\$default$.JunkMail file as well, will the test be
run twice?
I am just wondering if that would have an effect on the processor time.
D
Scott:
Well, maybe that is why we are having problems. We are working with the
WHITELISTFILE option, not the global WHITELIST option. Perhaps we are
working under the wrong assumptions but we rather expected that the syntax
in the WHITELISTFILE would be the same as that for the WHITELIST option.
If a test is listed in the Global.cfg file and in the domain file will the
process be run twice?
If a test definition appears once in the global.cfg file, it will only be
run once. If it appears two or more times in the global.cfg file, it may
or may not be run more than once, depending on the
If a test is listed in the Global.cfg file and in the domain file will the
process be run twice?
Thanks,
Doug
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [
Sandy, can you repost the login information for the Spamanager demo account
you setup? I stumbled across it in the archives a few weeks back, but the
archives replaced the username email address with [EMAIL PROTECTED]
Thanks,
John Weiner
---
[This E-mail was scanned for viruses by Declude Viru
Keith wrote:
>I plugged pink contracts into Google and here's the first link that
came up...
Well, doesn't that just suck? Hopefully the 2001 date on that post is
indicative of a changed landscape, otherwise they're pretty much *all*
in league with the devil.
No.
They're not coming back.
Read the mail archives.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> James R. Skivers
> Sent: Tuesday, September 02, 2003 12:25 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] OSRELAY
>
>
> Does anybody
It would appear that when using the FROM function in the per user
whitelistfile, we cannot use the straight E-mail address, but must copy the
FROM information out of the header of a received E-mail. That would mean
that unless a user has actually already received an e-mail from someone,
he/she mig
Scott:
It would appear that when using the FROM function in the per user
whitelistfile, we cannot use the straight E-mail address, but must copy the
FROM information out of the header of a received E-mail. That would mean
that unless a user has actually already received an e-mail from someone,
he/
Greg,
It looks like you have a good list of tests. You may want to
evaluate the scores for some of your tests. We also use Weight 100 and we
give Spamcop a Much higher score. In addition the tests we had for
oriusoft.com we scored pretty high 35 - 50 so when we added replacements we
Thanks Scott.
I'll chase the problem a bit more.
With respect to the manual: yes, I am aware that the archives are a great
help, but they are occasionally down and, in at least one case, the
declude.junkmail archive has a major hole in it taking out several days
worth of messages and can therefor
I plugged pink contracts into Google and here's the first link that came up...
http://mail.spamcon.org/pipermail/suespammers/2001-February/000837.html
Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
Email: [EMAIL PROTECTED]
CONFIDENTIALITY NOTICE: This email message
We are having a bit of a problem with the per user whitelist and would like
to confirm the format for setting up the file in the user's user.junkmail
file. Is this the correct format?
WHITELISTFILE E:\IMail\Declude\domain.com\user-whitelist.txt
That will work fine.
Also, is there any ch
Scott,
What is your opinion of Spamchk? How well does it work with Declude and have
you seen any issues with using?
Greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Tuesday, September 02, 2003 1:17 PM
To: [EMAIL PROTECTED]
Subject: R
Scott,
SWEET, that is a great idea, I'll give it a go, you are the man.
Keith Johnson
>CONTAINS *would* work in this way. For example:
>
> HEADERS -1000 CONTAINS [EMAIL PROTECTED]
> HEADERS -1000 CONTAINS [EMAIL PROTECTED]
> ...
>
>
>In this case, an E-mail
Phillip wrote:
> Two words: pink contracts
9 syllables: what the heck are you talking about?
I've had nightmares setting up PacBell/SBC DSL that would fill a book,
but that was incompetent tech installation and support. Once the
service is up its always been just great; for years running.
And b
CONTAINS *would* work in this way. For example:
HEADERS -1000 CONTAINS [EMAIL PROTECTED]
HEADERS -1000 CONTAINS [EMAIL PROTECTED]
...
In this case, an E-mail with "[EMAIL PROTECTED]" in the headers
would always receive a weight less than 0. You can then create a "W
It just seems like that recently the spam we've been getting is clean. Which
makes it hard for declude to block it when it passes all of the rules.
That's because companies that feel that they are legitimate E-mailers (ones
that technically *do* have your permission to send the mail!) are the one
I have not replaced any of the asirusfot.com tests but have added a few
others.
Here is my current configuration
DSBLip4r list.dsbl.org * 30
0
MONKEYFORMMAIL ip4rformmail.relays.monkeys.com * 30 0
MONKEYPROX
Scott:
We are having a bit of a problem with the per user whitelist and would like
to confirm the format for setting up the file in the user's user.junkmail
file. Is this the correct format?
WHITELISTFILE E:\IMail\Declude\domain.com\user-whitelist.txt
Also, is there any chance of seein
Keith,
What about at the client end? Could he not filter at his mail server to
refuse mail for non-local users?
It sounds like you need a "to" version of MAILFROM -- then you could delete
all those that failed the test. Perhaps a domain rule that tests for each
of his vlalid user names and adds
Does anybody know if *.osirusoft.com is back up yet? Anybody have a
solid alternative configuration to be used in the mean time?
James R. Skivers
Network Administrator
Web One Inc.
[EMAIL PROTECTED]
http://astra1.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.
Delete the nobody alias. Then, only valid email in his domain will be
accepted. Delete all old employees not on the list of valid names you just
received from the domain.
> -Original Message-
> From: Keith Johnson
> The problem with using the CONTAINS is that I would have to have
>
Greg,
"I doubt it's a setup issue because I'm using the same setup that I've used
for a year now. "
This probably goes without saying but you have removed the osirusoft.com
tests and replaced them with something appropriate?
I have email accounts that I monitor that get Huge amounts of spam. We
Karen,
My bad, I failed to mention this is a Store and Forward
domain...
Keith
-Original Message-
From: Karen D. Oland [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 02, 2003 12:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Need aid on Declude Header rule
Dele
Greg,
Did you add any replacements for OSIRUSOFT? Or just comment them out?
Karen
> -Original Message-
> From: Greg Foulks
> Correct I have not added/removed any gateways or backup
> mailservers, changed
> any IP's for DNS or changed a DNS responsibility.
>
---
[This E-mail scanned f
Scott,
The problem with using the CONTAINS is that I would have to have
a list of the ex-employees and the only list he can put together is the
good employees. Thus if I used the CONTAINS I would be hitting good
employee email. Any other suggestions, thanks for your time.
Keith
>What y
Scott,
Correct I have not added/removed any gateways or backup mailservers, changed
any IP's for DNS or changed a DNS responsibility.
What I'm seeing in spam lately is that it looks more legit than in the past.
Usually a piece of spam will fail at least one of our tests. like a RFC
problem, a bad
I have a customer who only wants to get email to a list of valid
employees, no one else (i.e. ex-employees). However, the list of
ex-employees is too long for him to come up with, thus he gave me the
list of valids. I looked, but I don't think Declude has a HEADER tag
called DOESNOT CONTAIN, doe
I doubt it's a setup issue because I'm using the same setup that I've used
for a year now. Also I am not the only one receiving more spam.. All of my
users are as well...
So in the past year, you haven't added/removed any gateways or backup
mailservers, haven't changed IPs for DNS servers, haven'
Greg,
After checking my ipblacklist, I have the entire Class C blocked due to
multiple spammers. The entry is:
64.119.218.0/24 Assorted SPAM
George
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Greg Foulks
> Sent: Tuesday, September 02, 2003 1
The following ipblacklist entry with a high enough weight to reject will
kill their stuff:
64.119.218.192/27 advertisingbymail.com
George
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Greg Foulks
> Sent: Tuesday, September 02, 2003 10:16 A
I have a customer who only wants to get email to a list of valid
employees, no one else (i.e. ex-employees). However, the list of
ex-employees is too long for him to come up with, thus he gave me the
list of valids. I looked, but I don't think Declude has a HEADER tag
called DOESNOT CONTAIN, does
http://www.wired.com/news/culture/0,1284,60224,00.html
Jason Wolfe
Lead Developer
Netcomm, Inc.
http://www.netcomm.com
(859) 224-4124
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, j
Scott,
I doubt it's a setup issue because I'm using the same setup that I've used
for a year now. Also I am not the only one receiving more spam.. All of my
users are as well...
Anyway here is a piece of spam recently received (I've already blacklisted
the sender) but it seems as soon as I blackli
They're not getting past everything - we show a rejection rate of greater
than 75% almost consistently... not to say that the problem isn't getting
worse though.
http://www.sortmonster.com/MessageSniffer/Performance/FlowRates.jsp
We have seen a significant and apparently consistent rise in the ra
Is it just me or have spammers found other ways to get past scanners? I've
been getting slammed lately with more and more spam that is getting past
declude without a single hit.
The two most common reasons for this are [1] A setup issue (a
gateway/backup that Declude doesn't know about, bad DNS s
think of sobig.f. it generates a large amount of virus mails. some of my
customers think that i spam them with virusnotifications!
mfg
i.a.
gez. guhl
***
lds nrw
dez. 235
tel.: 0211 9449 2578
fax.: 0211 9449 8344
mailto:[EMAIL PROTECTED]
**
I had a
funny thing happen over the weekend, I had more items in spool/virus than in
spool/spam at one point. I'm speechless.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Todd - Smart
MailSent: Tuesday, 02 September 2003 8:33 AMTo:
[EMAIL PROT
Title: RE: [Declude.JunkMail] More and more email getting past Declude
They’ve cleaned up their acts. I am seeing a lot of stuff come straight through with a single hit. It ALMOST seems like if mail fails a few tests, it’s legit !
Karl Drugge
-Original Message
Two words: pink contracts
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Todd
> - Smart Mail
> Sent: Tuesday, September 02, 2003 7:17 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] SORBS-SPAM
>
>
> >and since SBC is obviously not a
Is it just me or have spammers found other ways to get past scanners? I've
been getting slammed lately with more and more spam that is getting past
declude without a single hit.
Greg Foulks
NewFound Technologies, Inc.
[EMAIL PROTECTED]
http://www.nfti.com
614.318.5036
<>
No, we
recv'd roughly the usual amount. I'm waiting for them to take a longer
holiday in prison preferably.
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Todd - Smart
MailSent: Tuesday, September 02, 2003 7:33 AMTo:
[EMAIL PROTECTED]
Spam we caught yesterday was down by about 30% -
40%. Anyone else notice this?
Todd Hunter
Progressive Systems
I want to have the name of the Test in the Subject of the mails so I can see
which test it failed. (something like "[SPAM - ORDB]" in the subject).
I know I can see it in the Header, but to tell the users how they can find
it is hard.
And I do not want to modify all tests, something "dynamic" woul
>and since SBC is obviously not an ethical
> alternative,
Whets using SBC as a provider got to do with ethics?
Todd
- Original Message -
From: "Phillip B. Holmes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 01, 2003 8:47 PM
Subject: RE: [Declude.JunkMail] SORBS-
Thanks for the answers, that clears up a lot of questions.
Despite the lack of universal support, a most-common denominator
approach could make many happy, instead of having nothing at all. I can
see why that approach doesn't necessarily work for you.
I'm going to look into a separate digest n
Absolutely agreed.
pbh
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Matthew Bramble
> Sent: Monday, September 01, 2003 9:11 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] SORBS-SPAM
>
>
> Don't get me wrong, I will use .6 (
Don't get me wrong, I will use .6 (and will configure it probably
tonight since I finished some other testing), but I will score it fairly
low because anything that tags something like Cox is problematic. Same
goes for FIVETEN, they are tagging Yahoo/SBC.
It's good to know when a particular li
Mathew,
Correction there..
.8 is no longer used and is basically empty.
.6 has a higher # of false positives than the rest. Not many, but if you
want to play it safe, do not use .6.
And that is correct:
Cox = Cox Cable
It is my home connection and since SBC is obviously not an ethical
alternati
Hello,
I want to have the name of the Test in the Subject of the mails so I can see
which test it failed. (something like "[SPAM - ORDB]" in the subject).
I know I can see it in the Header, but to tell the users how they can find
it is hard.
And I do not want to modify all tests, something "dynami
Keith wrote:
>Would you post your configuration that works for you? and anyone else
>that's willing to do so? I'd like to see some examples of successful
>configurations to learn from.
Here's mine. Weights 0-12 are OK, weights 13-19 get bounced and 20+
gets deleted. Neither bounces nor deletes
.8 is one of those F-U blacklists that punishes every user on a system
because a network administrator saw fit to complain. I would think that
most of these organizations are bandwidth providers with some sort of
firewall that got tripped by the testing. Spammers don't rely on open
relays in
67 matches
Mail list logo