What happens when the whitelist entries are maxed out?
How do I overcome the 200 line limit?
Jonas Fornander - System Administrator
Netwood Communications,LLC - www.netwood.net
Find out why we're better - 310-442-1530
---
[This E-mail was scanned for viruses by Declude Virus
The ideal solution, however, would be to fix any problems
with the web
servers. If the E-mail they send can get blocked by Declude
JunkMail, it
can get blocked on other mailservers as well. So fixing the
problem rather
than using whitelisting is a better solution (although not as
What happens when the whitelist entries are maxed out?
How do I overcome the 200 line limit?
The best thing to do is understand why you need so many whitelist
entries. It may be that a simple change would fix the problem (for
example, it may be that a test such as the NOPOSTMASTER test is
The ideal solution, however, would be to fix any problems
with the web servers. If the E-mail they send can get blocked by Declude
JunkMail, it can get blocked on other mailservers as well. So fixing the
problem rather than using whitelisting is a better solution (although
not as easy).
If these type of emails cannot be detected by the NONEnglish test, what can
I do differently to catch these?
The problem here is that Declude looks at the Subject: header to determine
the content of the E-mail, but a subject in English was used.
If these type of emails cannot be detected by the NONEnglish test, what can
I do differently to catch these?
Here is the log snips for the first email attachment:
11/01/2003 08:24:14 Qb3eb3063005a8ef5 Triggered CONTAINS filter SPAMWORDS on
Win [weight-0; windows-1251?B?xOv/IOHz9ePg6/L].
I was just about to upgrade my global.cfg for the first time in a long time.
All of the dns based tests in the new global.cfg are up and operational?
Thanks
Timothy C. Bohen
CMSInter.Net LLC / Crystal MicroSystems LLC
===
web : www.cmsinter.net
email:
I was just about to upgrade my global.cfg for the first time in a long time.
All of the dns based tests in the new global.cfg are up and operational?
Yes, they are. We try to make sure to update the global.cfg file at
http://www.declude.com/junkmail/manual.htm whenever any spam tests die, or
Hello,
Yes, they are. We try to make sure to update the global.cfg file at
http://www.declude.com/junkmail/manual.htm whenever any spam
how can I use subjectchars/subjectspaces/COMMENTS Test?
Alex
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
Good morning, I just started using Outlook 2003 and I am now
failing the Spamheader test with code Code: 420e. The E-mail failed the SPAMHEADERS
test.
This E-mail is missing a Message-ID: header. Although it is legal not to have
one, the RFCs say that E-mails SHOULD have this (which,
Good morning, I just started using Outlook 2003 and I am now failing the
Spamheader test with code Code: 420e. The E-mail failed the
SPAMHEADERS test.
This is due to a bug in Outlook 2003 -- I'm not aware of a Microsoft fix
for it yet.
Some one on another list posted this, and does not sound right at all;
Sorry it is the X-OriginalArrivalTime which is non-standard and is
causing the rejection and by definition is usually the same time as the
received time. This header is usually associated with SPAM especially
via hotmail
We use both Declude (1.76beta) and Sniffer and both work great.
However, we are are in the process of trying to run several Sniffer
tests and take action on individual return codes rather than nonzero.
It is my understanding that Declude will only call the Sniffer test once
although numerous
Some one on another list posted this, and does not sound right at all;
Sorry it is the X-OriginalArrivalTime which is non-standard and is
causing the rejection and by definition is usually the same time as the
received time. This header is usually associated with SPAM especially
via hotmail
We use both Declude (1.76beta) and Sniffer and both work great.
However, we are are in the process of trying to run several Sniffer
tests and take action on individual return codes rather than nonzero.
It is my understanding that Declude will only call the Sniffer test once
although numerous
how can I use subjectchars/subjectspaces/COMMENTS Test?
You can use lines such as these in your global.cfg file:
COMMENTScommentsx x 7 0
SUBJECTCHARSsubjectcharsx x 0 0
SUBJECTSPACES subjectspaces x x
This has been asked and it was being thought about.
What is the possibility of not including the WEIGHT and WEIGHTRANGE tests in
the %TESTFAILED% variable, therefore only showing the actual tests that
failed?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was
Does anyone recognize the vendor of the spam software that adds the headers
as shown in the attached txt document?
And yes, that is the exact what is added to the headers. As such, it is
being caught with Outlook 'Blank Folding' Vulnerability and is a pain the
butt because the sender will not
Hello List,
My Imail Server (8.03 HF1) experiences an intermittent
oddity. Occaisionally, the mail server stops sending mail to remote MX hosts.
Here's what I know.
1. What's Up Gold reports the SMTP service as up.. Imail Admin
2. Users can send and receive email from the server via SMTP.
This has been asked and it was being thought about.
What is the possibility of not including the WEIGHT and WEIGHTRANGE tests in
the %TESTFAILED% variable, therefore only showing the actual tests that
failed?
It's something we are considering. However, we want to do it in such a way
that any
You know, I was just wondering if that was possible myself last night.
It would be nice to have.
Another nice to have thing would be the score that a particular test
gives either in the TESTFAILED output, or better yet in the WARN
output. This would remove the need for some ANTI filters in
Don't know, but maybe this X-Header could provide a clue: X-Scanned-By:
VirSpamCOP 2.38
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 03, 2003 11:07 AM
Subject: [Declude.JunkMail] Broken Spam software
Does anyone
John, the software is definitely SpamAssassin, but I've no idea which
version or platform.
Andrew 8)
-Original Message-
From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 11:08 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Broken Spam software
Mine is 11.5608.5606
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support
Sent: Monday, November 03, 2003 3:14 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] 420e with Outlook 2003
Is anyone else compensating for this with a
Is anyone else compensating for this with a filter?
HEADERS -3 CONTAINS X-Mailer: Microsoft Office Outlook, Build 11.0
Has anyone else seen any different builds? The build below should be the
release build.
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Darrell
something like UNREPORTEDTESTS WEIGHT10 WEIGHT20 NOLEGITCONTENT
IPNOTINMX
That would be great. Because currently email that fails the WHITELIST is
treated as SPAM when my Outlook client is looking at the X-Declude header -
just the opposite of what Whitelisting is trying to accomplish.
I have
I need to update my list, and will post later on.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support
Sent: Monday, November 03, 2003 12:14 PM
To: [EMAIL
It's a novel idea, and I have been thinking about how to best integrate
other ANTI-filters for such things, but there is always a danger of
crediting back points for something that isn't verifiably going to fail
such a test. Worse yet, this one X-Mailer header will no doubt be
copied by
John,
Looks like amavisd-new to me.
Thanks,
Mark Novak
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
(Lists)
Sent: Monday, November 03, 2003 1:08 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Broken Spam software
Does anyone
It's a novel idea, and I have been thinking about how to best integrate
other ANTI-filters for such things, but there is always a danger of
crediting back points for something that isn't verifiably going to fail
such a test. Worse yet, this one X-Mailer header will no doubt be
copied by
That would also work for NOLEGITCONTENT and IPNOTINMX.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Monday, November 03, 2003 12:35 PM
To: [EMAIL
Just upgrading Declude after a fair amount of time. The docs say that the
white list file should go into $default$.junkmail. Just wanted to confirm
it goes there and not global.cfg.
That is correct. The WHITELISTFILE option is designed for incoming mail
only, and only applies to the
Just upgrading Declude after a fair amount of time. The docs say that the white list
file should go into $default$.junkmail. Just wanted to confirm it goes there and not
global.cfg.
The autowhitelist feature is a godsend. Finally a way to allow clients to manage
their own whitelists without
Is there a downside to whitelist auth? Seems like its purpose is to ensure mail that originates from my server gets delivered to recipients on that same server.
The only one that I can think of is the potential that one of your
clients starts spamming from their AUTH'd account and gets your
(Matthew, this is not to take away from your files at all. Thanks for all
your work.)
It couldn't possibly be taken that way since I benefit just like
everyone else using the filters, from knowing any and all false
positives that others see. I'm no longer capturing specifically for
this
Right now I'm only scanning on the first hop, but I have a few users
that have forwarding from other accounts which don't do as well with the
filtering because the DNS based tests won't produce hits.
I'm wondering what other's experiences are with scanning on multiple
hops. How many hops are
Build I have is: 11.5608.5606 (release build)
Scott
Monday, November 3, 2003, 1:13:32 PM, you wrote:
DLAnalyzer Is anyone else compensating for this with a filter?
DLAnalyzer HEADERS -3 CONTAINS X-Mailer: Microsoft Office Outlook, Build 11.0
DLAnalyzer Has anyone else seen any
I have 2 large body filters, Keybody and URL.
One is close to 1700 lines and the other is close to 3300 lines
respectfully.
I know that as the amount of e-mails processed grows, these 2 filters alone
will contribute to the load and slow things down.
Is there a more efficient way to check the
Possibly an older version of Spamassassin or Amavisd-New or a combination of
both, but I am currently running both (Amavisd-New version:
amavisd-new-20030616-p4B; Spamassassin version: 2.60) and here is a what the
headers look like that these versions add:
=
X-Virus-Scanned: by
Thanks.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Monday, November 03, 2003 3:39 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Broken
(off list)
John,
After throwing in some of Kami's extensive filters, I found that I could
finally get a single Declude process up to 50% utilization. Clearly
this isn't good, though it took 800 KB of filters to do that.
While I haven't tried Sniffer out yet, but I think that would probably
Oops, maybe that wasn't off-list afterall :)
LOL
Matt
John Tolmachoff (Lists) wrote:
I have 2 large body filters, Keybody and URL.
One is close to 1700 lines and the other is close to 3300 lines
respectfully.
I know that as the amount of e-mails processed grows, these 2 filters alone
will
YMMV...
I have:
HOP 0
HOPHIGH 2
Because I do want to do checks on the hop before the one sending to my mail
server. That was a big selling feature of Declude for me.
Some of the tests though are entirely about the client, and result in a
false positive every time a normal client
Sniffer is, in part, a body filter.
It is currently matching more than 15000 heuristics in under 90ms typ
(300ms load time) on our p2-450 NT test bed. You can include your own
rulebase if you wish.
Hope this helps,
_M
|-Original Message-
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL
John,
I've been experiencing the same issue. One 100k body filter bogged my dual
proc p3 800 down to a halt today.
Anyone out there seeing this / have a recommendation?
Best Regards,
Phillip B. Holmes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Also, if you check www.spamcop.com, you will see that they now offer a spam
filtering client add-in for several e-mail clients. That's why I was
thinking that the X-Scanned-By: VirSpamCOP 2.38 might indicate that the
recipient was possibly using the spamcop spam filtering plug-in.
Bill
-
Oops, maybe that wasn't off-list afterall :)
I hate it when that happens ;)
John, we use Sniffer for that very reason. It was well worth the money
instead of me spending all the time needed to do body check rules. And this
is the stuff that changes the most.
Sheldon
Sheldon Koehler,
Pete, I may want to discuss this more, as I am helping some one whose Imail
server is loaded. Today's JM log is over 350MB in MID with a couple hours to
go yet to give you an idea of the load.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL
Hi All,
I've been attempting to put some finishing tweaks to our JunkMail
configuration. While testing the settings I've made so far and attempting
to discover why certain Spam still gets through, I've noticed several which
have Header information similar to the following which seems to be a
I'll be happy to work with you any way I can. I know that the sniffer
rulebase is highly tuneable - so we can even get most of the benefit on
underpowered equipment if need be.
Let me know if you have any questions - there are lots of ways to customize.
Thanks,
_M
At 08:05 PM 11/3/2003, you
50 matches
Mail list logo