Re: [Declude.JunkMail] How to use URL file from Imail with Declude ??
All IMail tests are run before Declude and can therefore be tracked by JunkMail, with the single exception of the IMail Statistical Filtering test, which is run by IMail after the message is received back from Declude and just before the final delivery of the message to the recipient. Bill - Original Message - From: Alejandro Valenzuela [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 27, 2003 12:39 PM Subject: RE: [Declude.JunkMail] How to use URL file from Imail with Declude ?? Ok, on the first option, how it would work ?? Because the manual says that Declude JunkMail run earlier that Imail filters... So even if I add the Imail header, Declude will not detect it. Or there is a way to change that scanning order ?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, November 27, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] How to use URL file from Imail with Declude ?? 2 things you can do with filters. (Only available in JunkMail Pro.) 1. Have Imail add a header for the URL list and then filter on that header and add weight. 2. Create a URLFILTER filter file in Declude from the Imail URL list. You can do this by using Excel. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Alejandro Valenzuela Sent: Thursday, November 27, 2003 11:04 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] How to use URL file from Imail with Declude ?? I update the URL file in Imail by sending all not recognized SPAM to a mailbox then running the spam_sedeer utility Now, can Declude filter E-mail based on that file ?? I am new to Declude, just testing it for two days now It seems good but have some emails that are not caught with Declude, and they are caught with email URL Filter. Any help would be appreciated.. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Subject and body is B
Ditto for me, not a single message ever caught by this test. Bill - Original Message - From: Kami Razvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 27, 2003 1:14 PM Subject: RE: [Declude.JunkMail] Subject and body is B Hi; I suggested body blank but frankly it has never been hit. I think it is because an email body is NEVER blank.. It always has some code.. I remember exchanging a blank email with Scott that was not detected with ISBLANK and that was his comment. Perhaps the test is run by doing a Length count of characters in the body and if they send a blank HTML email the body is never blank. Interesting that John has seen good result.. I don't remember seeing any.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, November 27, 2003 3:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Subject and body is B Yes, the BODY ISBLANK has done well for me. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, November 27, 2003 12:11 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Subject and body is B Hmm, nope, but I have also seen broken headers like you provided, but never with so much misplaced stuff in the header; from what Scott has previously mentioned, I would guess that the way your sample message is broken is that somewhere in the hops a mailserver put in an extraneous CR/LF. The usual broken message I see has a complete and well-formed header, but no body at all. These messages are always sent from dsl/cable connections that are open relays, never a mail server. Perhaps Kami has seen this behaviour; I think it was he that suggested the BODY ISBLANK filter test. Andrew 8) -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Thursday, November 27, 2003 11:14 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Subject and body is B On a related note, I see rushes where the spam has no body and the same header appears from multiple open relays all at the same time; I think it's broken spamware. You mean like this: (That is the entire D file.) -- - Received: from DAYTON [24.117.148.25] by mail.domain.net with ESMTP (SMTPD32-8.04) id A9B350E0146; Thu, 27 Nov 2003 00:20:51 -0500 htmltitleI will not defame New Orleans --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] EASYNET tests going away December 1
if we comment out a test in global.cfg and leave its action in default.junkmail will there be any problems ? errors, performance issues, ... No, there will be no problems in doing that, as far as Declude is concerned. However, it may cause confusion later, if you see the test listed and are wondering why no action is being taken. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Version / Internmediate Policy
All this conversation about betas/releases, etc. Scott, you have the patience of a saint at times. Do what you think is best. You can never keep everyone happy all the time. Andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, November 27, 2003 8:43 PM Subject: Re: [Declude.JunkMail] Version / Internmediate Policy Yep, has happened to me a few times during beta testing. I'm investigating some issue, invest time to dig through logs, report the problem - just to be told oh, that was fixed in interim release xx. Duh! Thank's for warning me. Remember, though, that it was the same way back with just betas and released versions -- after a beta came out, if you reported a bug that we already knew about and had fixed, our answer would be Oh, we know about that, the next beta will take care of it. That would be worse -- you lose the same as you do with interim releases (investing time to analyze and report the problem), but also don't get a fix right away. Yes, it would be nice if we had a list of bug fixes for this very purpose (Known bugs). That is something we will look into. If it is done, though, it will most likely just be These are the bugs that are fixed in the latest interim release, without specifying which interim release fixed it, and the list could be updated less frequently than the interim releases come out. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IPBYPASS limitations
Hi Scott Second the manual we can have up to 20 IPBYPASS entries. At the moment I'm already over this limit: IPBYPASS194.242.192.2 # local providers IPBYPASS194.242.192.3 IPBYPASS194.242.196.14 IPBYPASS213.21.176.244 IPBYPASS213.21.176.246 IPBYPASS195.254.224.4 IPBYPASS193.70.192.33 # Virgilio IPBYPASS193.70.192.38 IPBYPASS193.70.192.46 IPBYPASS193.70.192.51 IPBYPASS193.70.192.52 IPBYPASS193.70.192.62 IPBYPASS193.70.192.127 IPBYPASS212.216.176.58 # Tin IPBYPASS212.216.176.185 IPBYPASS212.216.176.187 IPBYPASS212.216.176.206 IPBYPASS212.216.176.221 IPBYPASS212.216.176.222 IPBYPASS212.216.176.223 IPBYPASS212.216.176.224 The first block are MTAs from other local ISPs where we have setup numerous mail forwardings. So we can search for open relays also on this forwarded messages. The seconds and third block are groups of MTAs of two large italian ISPs. All this IPs are listed now for over 3 months in more or less IP blacklists. The problem is, that we receive much more legit messages from this IPs as spam. (usually over 95% is legit). More then 75% of our FPs are FPs because they triggered this IP blacklist tests. Until yesterday I've tried to counterweight this points with an IP filterlist that gives some negative points. The problem is that numerous IP blacklist providers are adding and removing part of this IP ranges daily/weekly. So it's nearly impossible to define an accurate counterweight for the IP filter file. If I substract too much this will let pass more spam messages. Otherwise I will have much more FPs. The problem can be solved by adding this IPs to thy IPBYPASS list, because so all this IPs are ignored and we can try to catch spams with the remaining tests. Would it by possible to specify IPBYPASS-ranges or to use an external IP file? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude does not see email
I'm running IMail v8.02 on Windows 2000 Server SP4 etc, and am now running declude.exe 1.76i28; today I saw an HTML style spam come through with no declude headers. The log did have one line for this message: 11/27/2003 15:23:41 Q875e044a00daa57c Could not lock D:\IMail\spool\Q875e044a00daa57c.SMD; timed out (j=2). This will occur if either the D*.SMD file disappears when Declude is starting, or if a program is locking it for more than 30 seconds. This could happen, for example, if you are running an on-access virus scanner that deletes the D*.SMD file. But that can't be the case here, because the E-mail was delivered. More likely is that something locked the file for some reason. My query for Scott is: as of interim 28, declude.exe now always logs something if the message couldn't be handled, correct? So perhaps there is a grammar or pattern in the log we can use to find these error messages? No. The latest interim release just logs to C:\Declude.log for every E-mail that is processed. It does not record any information about processing the E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IPBYPASS limitations
Actually, you mean that you are at the limit, and several of your entries aren't being used. Can't understand...? You said At the moment I'm already over this limit -- because you have 21 IPBYPASS entries. My comment was that because you have more than 20 entries, some of them will not be used by Declude JunkMail. It will only use 20 of them. IPBYPASS isn't used for IPs that are listed in blacklists -- that's what whitelisting is for. But if I whitelist an IP or IP-range wouldn't this whitelist the message generally and avoid that other spam-tests are able to catch the spam? Correct. One other option might be to use HOPHIGH 1, which will scan an extra hop for all E-mail. Then, the negative weighting for their IP will help the E-mail, but if the next IP is bad, then the E-mail will be more likely to get caught. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] EASYNET tests going away December 1
Hi, Yesterday's results of my EasyNet replacement candidates: TEST # FAILED Percentage AHBLDOMAINS710.95% AHBLPROXIES...7359.82% AHBLSOURCES...3514.69% (reliable, so far) NJABLDUL..2743.66% (many duplicates with SORBS-DUL) NJABLPROXIES1,085...14.49% NJABLRELAYS...1181.58% NJABLSOURCES..2653.54% (reliable, so far) SORBS-DUL...2,664...35.58% SORBS-HTTP7379.84% (proxies) SORBS-MISC.801.07% (proxies) SORBS-SOCKS...873...11.66% (proxies) SORBS-SMTP..50.07% SORBS-ZOMBIE...300.40% A) Do NOT use SORBS-SPAM. As they point out on their web site, it has been infested with the mail servers of most major providers by the simple fact that virus-infected customer systems have been sending arbitrary emails, implicating the mail sever of the provider. I tested it for two days and kept lowering the weight until I realized that it was not at all helpful in trying to distinguish spam from legitimate mail. B) I have been holding and/or deleting ANYTHING proxy for many weeks now and so far never had any customer complaints about lost emails. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] holding not deleting
Hi, I have one customer that has a virtual domain. Even though this [EMAIL PROTECTED] is receiving email that exceeds my DELETE threshold, the messagages are only being HELD. Any idea why this is happening? I don't have any special rules setup for this customer under Declude that I can find. Thanks, andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] EASYNET tests going away December 1
AHBLDOMAINS710.95% AHBLPROXIES...7359.82% AHBLSOURCES...3514.69% (reliable, so far) NJABLDUL..2743.66% (many duplicates with SORBS-DUL) NJABLPROXIES1,085...14.49% NJABLRELAYS...1181.58% NJABLSOURCES..2653.54% (reliable, so far) For clarification, can you please post what you exact configuration is for those, in other words what return codes? Example, what exactly is AHBLDOMAINS as there is no test in the sample Global.cfg file and on the AHBL site, there is no code name that. http://www.ahbl.org/responsecodes.php John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] holding not deleting
Logs and headers. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Friday, November 28, 2003 8:26 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] holding not deleting Hi, I have one customer that has a virtual domain. Even though this [EMAIL PROTECTED] is receiving email that exceeds my DELETE threshold, the messagages are only being HELD. Any idea why this is happening? I don't have any special rules setup for this customer under Declude that I can find. Thanks, andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] EASYNET tests going away December 1
NJABLRELAYS ip4rdnsbl.njabl.org 127.0.0.2 4 0 NJABLDULip4rdnsbl.njabl.org 127.0.0.3 4 0 NJABLSOURCES ip4r dnsbl.njabl.org 127.0.0.4 7 0 NJABLMULTI ip4rdnsbl.njabl.org 127.0.0.5 5 0 NJABLFORMMAIL ip4r dnsbl.njabl.org 127.0.0.8 8 0 NJABLPROXIES ip4r dnsbl.njabl.org 127.0.0.9 8 0 AHBLRELAYS ip4rdnsbl.ahbl.org 127.0.0.2 5 0 AHBLPROXIES ip4rdnsbl.ahbl.org 127.0.0.3 8 0 AHBLSOURCES ip4rdnsbl.ahbl.org 127.0.0.4 7 0 AHBLPSSLip4rdnsbl.ahbl.org 127.0.0.5 5 0 AHBLFORMMAIL ip4r dnsbl.ahbl.org 127.0.0.6 8 0 AHBLENDUSER ip4rdnsbl.ahbl.org 127.0.0.9 5 0 AHBLEXEMPT ip4rexemptions.ahbl.org * -8 0 SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 8 0 SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 8 0 SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 8 0 SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 5 0 #SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 3 0 SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 8 0 SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 6 0 SORBS-ZOMBIE ip4r dnsbl.sorbs.net 127.0.0.9 6 0 SORBS-DUL ip4rdnsbl.sorbs.net 127.0.0.10 5 0 AHBLDOMAINS rhsbl rhsbl.ahbl.org * 5 0 SORBS-BADCONF rhsbl rhsbl.sorbs.net 127.0.0.11 5 0 SORBS-NOMAILrhsbl rhsbl.sorbs.net 127.0.0.12 7 0 Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, November 28, 2003 11:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] EASYNET tests going away December 1 AHBLDOMAINS710.95% AHBLPROXIES...7359.82% AHBLSOURCES...3514.69% (reliable, so far) NJABLDUL..2743.66% (many duplicates with SORBS-DUL) NJABLPROXIES1,085...14.49% NJABLRELAYS...1181.58% NJABLSOURCES..2653.54% (reliable, so far) For clarification, can you please post what you exact configuration is for those, in other words what return codes? Example, what exactly is AHBLDOMAINS as there is no test in the sample Global.cfg file and on the AHBL site, there is no code name that. http://www.ahbl.org/responsecodes.php John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] EASYNET tests going away December 1
I think this might be on http://www.ahbl.org/using.php in the rhsbl section. I have been trying AHBL-DOMAINSrhsbl rhsbl.ahbl.org * 5 0 for a couple of days, but I don't have any stats to share today. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Friday, 28 November 2003 11:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] EASYNET tests going away December 1 AHBLDOMAINS710.95% AHBLPROXIES...7359.82% AHBLSOURCES...3514.69% (reliable, so far) NJABLDUL..2743.66% (many duplicates with SORBS-DUL) NJABLPROXIES1,085...14.49% NJABLRELAYS...1181.58% NJABLSOURCES..2653.54% (reliable, so far) For clarification, can you please post what you exact configuration is for those, in other words what return codes? Example, what exactly is AHBLDOMAINS as there is no test in the sample Global.cfg file and on the AHBL site, there is no code name that. http://www.ahbl.org/responsecodes.php John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] EASYNET tests going away December 1
Andy, What weight to you hold and delete on? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 8:43 AM Subject: RE: [Declude.JunkMail] EASYNET tests going away December 1 NJABLRELAYS ip4r dnsbl.njabl.org 127.0.0.2 4 0 NJABLDUL ip4r dnsbl.njabl.org 127.0.0.3 4 0 NJABLSOURCES ip4r dnsbl.njabl.org 127.0.0.4 7 0 NJABLMULTI ip4r dnsbl.njabl.org 127.0.0.5 5 0 NJABLFORMMAIL ip4r dnsbl.njabl.org 127.0.0.8 8 0 NJABLPROXIES ip4r dnsbl.njabl.org 127.0.0.9 8 0 AHBLRELAYS ip4r dnsbl.ahbl.org 127.0.0.2 5 0 AHBLPROXIES ip4r dnsbl.ahbl.org 127.0.0.3 8 0 AHBLSOURCES ip4r dnsbl.ahbl.org 127.0.0.4 7 0 AHBLPSSL ip4r dnsbl.ahbl.org 127.0.0.5 5 0 AHBLFORMMAIL ip4r dnsbl.ahbl.org 127.0.0.6 8 0 AHBLENDUSER ip4r dnsbl.ahbl.org 127.0.0.9 5 0 AHBLEXEMPT ip4r exemptions.ahbl.org * -8 0 SORBS-HTTP ip4r dnsbl.sorbs.net 127.0.0.2 8 0 SORBS-SOCKS ip4r dnsbl.sorbs.net 127.0.0.3 8 0 SORBS-MISC ip4r dnsbl.sorbs.net 127.0.0.4 8 0 SORBS-SMTP ip4r dnsbl.sorbs.net 127.0.0.5 5 0 #SORBS-SPAM ip4r dnsbl.sorbs.net 127.0.0.6 3 0 SORBS-WEB ip4r dnsbl.sorbs.net 127.0.0.7 8 0 SORBS-BLOCK ip4r dnsbl.sorbs.net 127.0.0.8 6 0 SORBS-ZOMBIE ip4r dnsbl.sorbs.net 127.0.0.9 6 0 SORBS-DUL ip4r dnsbl.sorbs.net 127.0.0.10 5 0 AHBLDOMAINS rhsbl rhsbl.ahbl.org * 5 0 SORBS-BADCONF rhsbl rhsbl.sorbs.net 127.0.0.11 5 0 SORBS-NOMAIL rhsbl rhsbl.sorbs.net 127.0.0.12 7 0 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] External Plus
Hi, I am new to this news group but have been using Declude Junkmail for some time. I am running Server 2003 with Imail v8.x and declude v1.75. I am having trouble with an externalplus test that I wrote. It works fine except when someone uses the Imail Web based mail server. With the web based mail program, I get a one line entry in my decXXX.log file for a message that fails the externalplus test. Here is an example. 11/28/2003 11:33:04 Q36a680c0e9c WAMCHECK:10 . Total weight = 10 Here is a normal failed wamcheck entry: 11/28/2003 11:38:53 Q8828e4b500feaa4d Msg failed WAMCHECK (Message failed WAMCHECK: 100.). Action=HOLD. Does anyone know a what is happening or a solution to this problem? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
I have one customer that has a virtual domain. Even though this [EMAIL PROTECTED] is receiving email that exceeds my DELETE threshold, the messagages are only being HELD. Any idea why this is happening? I don't have any special rules setup for this customer under Declude that I can find. The log file entries are very helpful here -- they show what test(s) the E-mail failed, and what actions were taken for each one. If you see something you do not understand -- for example, the WEIGHT20 test using HOLD instead of DELETE -- you can change the LOGLEVEL LOW line in the \IMail\Declude\global.cfg file to LOGLEVEL HIGH temporarily. Declude JunkMail will then record which config file it uses to determine the actions to take. For example, this can happen if you have a gateway domain, in which case the \IMail\Declude\global.cfg file will be used (since IMail treats the E-mail as outgoing mail, since it isn't stored on the local server), but you may expect the $default$.JunkMail file to be used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Subject and body is B
Everyone pats John on his back and assure him they have all gone through similar experiences :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, November 28, 2003 7:34 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Subject and body is B HANGING HEAD IN SHAME After reviewing 4 days worth of logs, it appears BODY ISBLANK has not caught any message. I had assumed it had as I was no longer seeing messages with a blank body. They must have either stopped or been caught by other tests and deleted or just passed. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude log files
I have a program that reads and archives iMail log files to a SQL server. I'd like to add the capability to archive Declude log files in a meaningful manner. I'm studying the log files (LOGLEVEL set to MID), and I've noticed something I don't understand. For example (lines edited for brevity): 11/28/2003 11:56:50 Q7e4a069f00606ad1 SPAMCOP:7 SORBS-SPAM:8 MAILPOLICE-BULK:10 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SPAMCOP ... Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SORBS-SPAM Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed MAILPOLICE-BULK... Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed AHBLDNSBL Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT10 Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT20 Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 R1 Message OK 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SPAMCOP Action=DELETE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SORBS-SPAM Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed MAILPOLICE-BULK Action=WARN. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed AHBLDNSBL ... Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT10 Action=HOLD. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT20 Action=DELETE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED] 11/28/2003 11:56:50 Q7e4a069f00606ad1 Subject: A holiday gift anyone would love - digital camera 11/28/2003 11:56:50 Q7e4a069f00606ad1 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 64.88.151.68 ID: This entry appears to be processing file Q7e4a069f00606ad1. However, it looks like the file was process twice, and that it passed on the first run. I'm especially curious about why the first time out, WEIGHT20's action is IGNORE, but on the second it's action is (correctly) set to DELETE. Might I have something mis-configured? -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude log files
This entry appears to be processing file Q7e4a069f00606ad1. However, it looks like the file was process twice, and that it passed on the first run. I'm especially curious about why the first time out, WEIGHT20's action is IGNORE, but on the second it's action is (correctly) set to DELETE. Might I have something mis-configured? That is because there were two recipients, whose settings were different. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] External Plus
I am new to this news group but have been using Declude Junkmail for some time. I am running Server 2003 with Imail v8.x and declude v1.75. I am having trouble with an externalplus test that I wrote. It works fine except when someone uses the Imail Web based mail server. With the web based mail program, I get a one line entry in my decXXX.log file for a message that fails the externalplus test. Here is an example. 11/28/2003 11:33:04 Q36a680c0e9c WAMCHECK:10 . Total weight = 10 Here is a normal failed wamcheck entry: 11/28/2003 11:38:53 Q8828e4b500feaa4d Msg failed WAMCHECK (Message failed WAMCHECK: 100.). Action=HOLD. Does anyone know a what is happening or a solution to this problem? Are you saying that when E-mail is sent with web messaging, only the Total weight line above appears in the log file, but not the Msg failed line (but that for other E-mails, both appear)? I believe the Msg failed line should always appear for tests that are triggered, if the weight for the test is not equal to 0. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
Hi, I'm holding on 7, deleting on 14 (I didn't change the labels on the tests, they still say WEIGHT10 for HOLD and WEIGHT20 for DELETE). Here, the weight is 18 and should delete, but does not. I see in Spam review that it has exceeded the DELETE threshold also, but it is not being deleted. This is only happening for this *one* customer who has a virtual domain. Thanks, ANdy Here is what spam review reports: X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?69.6.42.52 X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) X-RBL-Warning: Total weight: 11 Log file entry 11/28/2003 12:52:24 Q8b540ec MYFILTER:11 . Total weight = 11 11/28/2003 12:52:24 Q8b540ec Msg failed IPNOTINMX (). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed MYFILTER (Message failed MYFILTER test (17)). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. 11/28/2003 12:52:24 Q8b540ec Subject: Learn a new Language in 10 days 11/28/2003 12:52:24 Q8b540ec From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] 2nd example Log file 11/28/2003 12:47:40 Q8a3b11e MYFILTER:10 . Total weight = 10 11/28/2003 12:47:40 Q8a3b11e Msg failed IPNOTINMX (). Action=WARN. 11/28/2003 12:47:40 Q8a3b11e Msg failed MYFILTER (Message failed MYFILTER test (6)). Action=WARN. 11/28/2003 12:47:40 Q8a3b11e Msg failed WEIGHT10 (Weight of 10 reaches or exceeds the limit of 7.). Action=HOLD. 11/28/2003 12:47:40 Q8a3b11e Subject: Easy Mortgage Shopping, Apply Free, Any Credit Accepted 11/28/2003 12:47:40 Q8a3b11e From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 208.7.129.160 ID: A05A8049D Spam review X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL9187 X-RBL-Warning: WEIGHT10: Weight of 14 reaches or exceeds the limit of 10. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (6) X-RBL-Warning: Total weight: 10 - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 11:37 AM Subject: RE: [Declude.JunkMail] holding not deleting Logs and headers. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Friday, November 28, 2003 8:26 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] holding not deleting Hi, I have one customer that has a virtual domain. Even though this [EMAIL PROTECTED] is receiving email that exceeds my DELETE threshold, the messagages are only being HELD. Any idea why this is happening? I don't have any special rules setup for this customer under Declude that I can find. Thanks, andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
I'm holding on 7, deleting on 14 (I didn't change the labels on the tests, they still say WEIGHT10 for HOLD and WEIGHT20 for DELETE). Are you sure? X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. This line in the headers means that Declude JunkMail used the WARN action for the WEIGHT10 test. But: Log file entry 11/28/2003 12:52:24 Q8b540ec MYFILTER:11 . Total weight = 11 11/28/2003 12:52:24 Q8b540ec Msg failed IPNOTINMX (). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed MYFILTER (Message failed MYFILTER test (17)). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. 11/28/2003 12:52:24 Q8b540ec Subject: Learn a new Language in 10 days 11/28/2003 12:52:24 Q8b540ec From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] This shows that it used the HOLD action. Are you *positive* that these log file entries correspond with that E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] EASYNET tests going away December 1
Hi, I report subject at 8. I bounce at 10. I delete at 20. I also delete MAILFROM, PERCENT and all -proxies Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sheldon Koehler Sent: Friday, November 28, 2003 12:29 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] EASYNET tests going away December 1 Andy, What weight to you hold and delete on? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 8:43 AM Subject: RE: [Declude.JunkMail] EASYNET tests going away December 1 NJABLRELAYS ip4r dnsbl.njabl.org 127.0.0.2 4 0 NJABLDUL ip4r dnsbl.njabl.org 127.0.0.3 4 0 NJABLSOURCES ip4r dnsbl.njabl.org 127.0.0.4 7 0 NJABLMULTI ip4r dnsbl.njabl.org 127.0.0.5 5 0 NJABLFORMMAIL ip4r dnsbl.njabl.org 127.0.0.8 8 0 NJABLPROXIES ip4r dnsbl.njabl.org 127.0.0.9 8 0 AHBLRELAYS ip4r dnsbl.ahbl.org 127.0.0.2 5 0 AHBLPROXIES ip4r dnsbl.ahbl.org 127.0.0.3 8 0 AHBLSOURCES ip4r dnsbl.ahbl.org 127.0.0.4 7 0 AHBLPSSL ip4r dnsbl.ahbl.org 127.0.0.5 5 0 AHBLFORMMAIL ip4r dnsbl.ahbl.org 127.0.0.6 8 0 AHBLENDUSER ip4r dnsbl.ahbl.org 127.0.0.9 5 0 AHBLEXEMPT ip4r exemptions.ahbl.org * -8 0 SORBS-HTTP ip4r dnsbl.sorbs.net 127.0.0.2 8 0 SORBS-SOCKS ip4r dnsbl.sorbs.net 127.0.0.3 8 0 SORBS-MISC ip4r dnsbl.sorbs.net 127.0.0.4 8 0 SORBS-SMTP ip4r dnsbl.sorbs.net 127.0.0.5 5 0 #SORBS-SPAM ip4r dnsbl.sorbs.net 127.0.0.6 3 0 SORBS-WEB ip4r dnsbl.sorbs.net 127.0.0.7 8 0 SORBS-BLOCK ip4r dnsbl.sorbs.net 127.0.0.8 6 0 SORBS-ZOMBIE ip4r dnsbl.sorbs.net 127.0.0.9 6 0 SORBS-DUL ip4r dnsbl.sorbs.net 127.0.0.10 5 0 AHBLDOMAINS rhsbl rhsbl.ahbl.org * 5 0 SORBS-BADCONF rhsbl rhsbl.sorbs.net 127.0.0.11 5 0 SORBS-NOMAIL rhsbl rhsbl.sorbs.net 127.0.0.12 7 0 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Subject and body is B
Everyone pats John on his back and assure him they have all gone through similar experiences :) Oh, I feel so much better now, thanks. Actually, I found another one this morning. Turns out though it is a badly broken header to where the body (html) ends up seen in the header. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude log files
R. Scott Perry wrote: This entry appears to be processing file Q7e4a069f00606ad1. However, it looks like the file was process twice, and that it passed on the first run. I'm especially curious about why the first time out, WEIGHT20's action is IGNORE, but on the second it's action is (correctly) set to DELETE. Might I have something mis-configured? That is because there were two recipients, whose settings were different. Now I know I must have something set up wrong. We're using Declude JunkMail lite, and to my knowledge there is only one set of configuration files (global.cfg and $default$.junkmail). The message is question (as far as I can tell) was addressed to only one recipient, though I was doing some debugging using iMail's copy-to feature to send copied of e-mails to a filecopy type address. -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude log files
Now I know I must have something set up wrong. We're using Declude JunkMail lite, and to my knowledge there is only one set of configuration files (global.cfg and $default$.junkmail). The message is question (as far as I can tell) was addressed to only one recipient, though I was doing some debugging using iMail's copy-to feature to send copied of e-mails to a filecopy type address. When the Copyall account is enabled, it adds an extra recipient to the E-mail. So the actions for the copyall account and the actual recipient will be used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] External Plus
What you see below is the only entry in the log file. Here is a log entry for a message that normally fails the external plus: 11/28/2003 01:01:05 Qf2af9e4c010ec80f NOABUSE:2 nIPNOTINMX:-3 SNIFFER2:10 WAMCHECK:10 . Total weight = 19 11/28/2003 01:01:05 Qf2af9e4c010ec80f Msg failed NOABUSE (Not supporting [EMAIL PROTECTED]). Action=IGNORE. 11/28/2003 01:01:05 Qf2af9e4c010ec80f Msg failed SNIFFER2 (Message failed SNIFFER2: 63.). Action=IGNORE. 11/28/2003 01:01:05 Qf2af9e4c010ec80f Msg failed WAMCHECK (Message failed WAMCHECK: 100.). Action=IGNORE. 11/28/2003 01:01:05 Qf2af9e4c010ec80f Msg failed WEIGHT10 (Weight of 19 reaches or exceeds the limit of 10.). Action=HOLD. 11/28/2003 01:01:05 Qf2af9e4c010ec80f Msg failed WEIGHT15 (Weight of 19 reaches or exceeds the limit of 15.). Action=IGNORE. 11/28/2003 01:01:05 Qf2af9e4c010ec80f Subject: One Day Only: After Thanksgiving Event! 11/28/2003 01:01:05 Qf2af9e4c010ec80f From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 199.181.77.19 ID: But if a message is whitelisted, it seems to work okay in web messaging: 11/28/2003 09:14:17 Q2eb30ba0ccc WAMCHECK:10 . Total weight = 10 11/28/2003 09:14:17 Q2eb30ba0ccc E-mail whitelisted - automatically passing all spam tests [Whitelisting E-mail per externalplus program] Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, November 28, 2003 12:27 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] External Plus I am new to this news group but have been using Declude Junkmail for some time. I am running Server 2003 with Imail v8.x and declude v1.75. I am having trouble with an externalplus test that I wrote. It works fine except when someone uses the Imail Web based mail server. With the web based mail program, I get a one line entry in my decXXX.log file for a message that fails the externalplus test. Here is an example. 11/28/2003 11:33:04 Q36a680c0e9c WAMCHECK:10 . Total weight = 10 Here is a normal failed wamcheck entry: 11/28/2003 11:38:53 Q8828e4b500feaa4d Msg failed WAMCHECK (Message failed WAMCHECK: 100.). Action=HOLD. Does anyone know a what is happening or a solution to this problem? Are you saying that when E-mail is sent with web messaging, only the Total weight line above appears in the log file, but not the Msg failed line (but that for other E-mails, both appear)? I believe the Msg failed line should always appear for tests that are triggered, if the weight for the test is not equal to 0. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
Yes, they correspond. I checked the name, Q8b540ec.SMD, etc. Same in both spam review and the log file. That's how I found the specific log file entry. This is only happening for this one email address: [EMAIL PROTECTED] Thanks, Andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 1:46 PM Subject: Re: [Declude.JunkMail] holding not deleting I'm holding on 7, deleting on 14 (I didn't change the labels on the tests, they still say WEIGHT10 for HOLD and WEIGHT20 for DELETE). Are you sure? X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. This line in the headers means that Declude JunkMail used the WARN action for the WEIGHT10 test. But: Log file entry 11/28/2003 12:52:24 Q8b540ec MYFILTER:11 . Total weight = 11 11/28/2003 12:52:24 Q8b540ec Msg failed IPNOTINMX (). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed MYFILTER (Message failed MYFILTER test (17)). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. 11/28/2003 12:52:24 Q8b540ec Subject: Learn a new Language in 10 days 11/28/2003 12:52:24 Q8b540ec From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] This shows that it used the HOLD action. Are you *positive* that these log file entries correspond with that E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
In $junkmail$.junkmail I have WEIGHT10HOLD WEIGHT20DELETE All of the other tests are WARN. In Global.cfg all tests are WARN. Is that correct? Still, the issue seems to be confined to this one [EMAIL PROTECTED] Thanks, Andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 1:46 PM Subject: Re: [Declude.JunkMail] holding not deleting I'm holding on 7, deleting on 14 (I didn't change the labels on the tests, they still say WEIGHT10 for HOLD and WEIGHT20 for DELETE). Are you sure? X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. This line in the headers means that Declude JunkMail used the WARN action for the WEIGHT10 test. But: Log file entry 11/28/2003 12:52:24 Q8b540ec MYFILTER:11 . Total weight = 11 11/28/2003 12:52:24 Q8b540ec Msg failed IPNOTINMX (). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed MYFILTER (Message failed MYFILTER test (17)). Action=WARN. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. 11/28/2003 12:52:24 Q8b540ec Subject: Learn a new Language in 10 days 11/28/2003 12:52:24 Q8b540ec From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] This shows that it used the HOLD action. Are you *positive* that these log file entries correspond with that E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] holding not deleting
Here is what spam review reports: X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?69.6.42.52 X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) X-RBL-Warning: Total weight: 11 Is this what you are looking at, the 17 here: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) That is the line number in the MYFILTER test that caused it to be caught, not the weight. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
Yes, they correspond. I checked the name, Q8b540ec.SMD, etc. Same in both spam review and the log file. That's how I found the specific log file entry. What version of Declude are you running (\IMail\Declude -diag from a command prompt will show you)? I've never heard of any cases where Declude JunkMail logged that it would use the HOLD action (and did), but also used the WARN action. Also: X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. note that the log file shows the weight as 11, but the E-mail headers shows the weight as 18. But wait, there is more: X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: Total weight: 11 Now, we see two different weights. Could the E-mail be going through 2 different mailservers running Declude? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. Something really weird is going on here. The E-mail header shows the WEIGHT10 test as catch mail with a weight of 10 or higher, but the log file shows it as catching mail with a weight of 7 or higher. The WEIGHT10 test can do one or the other, but not both. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
I'm looking at Weight of 18 reaches or exceeds the limit of 10. It it is 18, it also exceeds 14, the limit I delete at Thanks, andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 2:29 PM Subject: RE: [Declude.JunkMail] holding not deleting Here is what spam review reports: X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?69.6.42.52 X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) X-RBL-Warning: Total weight: 11 Is this what you are looking at, the 17 here: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) That is the line number in the MYFILTER test that caused it to be caught, not the weight. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Announce: Message Sniffer Peer-Server Wide Beta
Anyone testing the Message Sniffer add-in to Declude should consider testing with the new wide-beta version V2-2b. You can download this version from our news/updates page at: http://www.sortmonster.com/MessageSniffer/NewsUpdates.html The top news item describes the program in more detail. What is probably most relevant about this new version is that the peer-server technology significantly reduces resource use under high system loads. This development addresses recent discussions about the high cost of body filters. Message Sniffer's advanced pattern matching engine makes body filters practical - but recent growth in the size of the rulebase file (more than 27000 active rules) has caused problems on some system. If you have tried Message Sniffer in the past and been concerned about the additional CPU, I/O, and RAM use then you should be pleased with the new version. We are consistently achieving the following results with this new version: 90K+ Msgs/Mo. Win NT4, P2/450Mhz, 256M ram, Mirrored 4GB IDE HD. Imail 6x, Declude, McAfee Rule Strength Threshold 0.1 (See Live Statistics on our site). Average CPU = 40% Prior to V2-2b, our Rule Strength Threshold was 0.7 and our average CPU was 70%. (Reduced Rule Strength Threshold = many more active rules) Under load, the first message processed by a cluster of active Message Sniffer instances will take a combined 700-1100ms (on this system). Subsequent messages processed by the same group typically take a combined 60ms or less. (Based on recent log data). How it works: Briefly, when a single instance is active the program operates very much as the current version of Message Sniffer. However, when the system becomes heavily loaded and multiple instances are active, the peer-server technology causes the active instances to cluster into client-server groups. The server instance loads the rulebase and handles the expensive tasks while the client instances quietly wait for their messages to be scanned. The result is much higher throughput without a signficant increase in system resource use. Hope this helps, Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster, www.SortMonster.com VOX: 703-406-2016 FAX: 703-406-2017 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
1.76i6 I'm only running one email server. Do you want me to send me my config files ( I do have a support contract). Thank, Andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 2:37 PM Subject: Re: [Declude.JunkMail] holding not deleting Yes, they correspond. I checked the name, Q8b540ec.SMD, etc. Same in both spam review and the log file. That's how I found the specific log file entry. What version of Declude are you running (\IMail\Declude -diag from a command prompt will show you)? I've never heard of any cases where Declude JunkMail logged that it would use the HOLD action (and did), but also used the WARN action. Also: X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. note that the log file shows the weight as 11, but the E-mail headers shows the weight as 18. But wait, there is more: X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: Total weight: 11 Now, we see two different weights. Could the E-mail be going through 2 different mailservers running Declude? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] holding not deleting
Andy, what is your global.cfg line that produces the total in the header? It doesn't look line mine, and SpamReview has a very specific requirement to report the correct value, e.g. XOUTHEADER X-Note: Total spam weight of this E-mail is %WEIGHT%. (my implementation of IMail is as a gateway, so everything is OUT. You may be using XINHEADER.) Also, how about taking apart the rest of the log and your config files and adding up the math manually? Andrew 8) -Original Message- From: andyb [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2003 11:51 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] holding not deleting I'm looking at Weight of 18 reaches or exceeds the limit of 10. It it is 18, it also exceeds 14, the limit I delete at Thanks, andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 2:29 PM Subject: RE: [Declude.JunkMail] holding not deleting Here is what spam review reports: X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?69.6.42.52 X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) X-RBL-Warning: Total weight: 11 Is this what you are looking at, the 17 here: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) That is the line number in the MYFILTER test that caused it to be caught, not the weight. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
I have the weight10 set to HOLD at 7 weight20 test set to DELETE at 14 weight10 and weight20 are just labels, that's all - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 2:39 PM Subject: Re: [Declude.JunkMail] holding not deleting X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. 11/28/2003 12:52:24 Q8b540ec Msg failed WEIGHT10 (Weight of 11 reaches or exceeds the limit of 7.). Action=HOLD. Something really weird is going on here. The E-mail header shows the WEIGHT10 test as catch mail with a weight of 10 or higher, but the log file shows it as catching mail with a weight of 7 or higher. The WEIGHT10 test can do one or the other, but not both. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
I have the weight10 set to HOLD at 7 weight20 test set to DELETE at 14 weight10 and weight20 are just labels, that's all I would urge you to rename them to WEIGHT7 and WEIGHT14, as they will likely cause confusion down the line. But it still doesn't explain: X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. this line. If the WEIGHT10 test is set up as WEIGHT10 weight x x 7 0, you should see ... limit of 7 in the line above. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
Hi, I sent the config files ot [EMAIL PROTECTED] Thanks, andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 3:03 PM Subject: Re: [Declude.JunkMail] holding not deleting 1.76i6 I'm only running one email server. Do you want me to send me my config files ( I do have a support contract). If you could send the config files, that would be helpful. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] holding not deleting
Here is the config file section: XINHEADER X-RBL-Warning: Total weight: %WEIGHT% XOUTHEADER X-RBL-Warning: Total weight: %WEIGHT% XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT%. XINHEADER X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XINHEADER X-Spam-Tests-Failed: %TESTSFAILED% [%WEIGHT%] XOUTHEADER X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XSENDER ON XSPOOLNAME OFF XOUTHEADER Organization: Thumpernet XOUTHEADER X-Note: Please report abuse to [EMAIL PROTECTED] #IPBYPASS 127.0.0.1 -- Original Message -- From: Colbeck, Andrew [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 28 Nov 2003 12:01:30 -0800 Andy, what is your global.cfg line that produces the total in the header? It doesn't look line mine, and SpamReview has a very specific requirement to report the correct value, e.g. XOUTHEADER X-Note: Total spam weight of this E-mail is %WEIGHT%. (my implementation of IMail is as a gateway, so everything is OUT. You may be using XINHEADER.) Also, how about taking apart the rest of the log and your config files and adding up the math manually? Andrew 8) -Original Message- From: andyb [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2003 11:51 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] holding not deleting I'm looking at Weight of 18 reaches or exceeds the limit of 10. It it is 18, it also exceeds 14, the limit I delete at Thanks, andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 2:29 PM Subject: RE: [Declude.JunkMail] holding not deleting Here is what spam review reports: X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?69.6.42.52 X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) X-RBL-Warning: Total weight: 11 Is this what you are looking at, the 17 here: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) That is the line number in the MYFILTER test that caused it to be caught, not the weight. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
I sent the config files ot [EMAIL PROTECTED] The only thing that makes sense here is that the E-mail is going through another server running Declude JunkMail. Otherwise: X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: Total weight: 11 The WEIGHT10 test would have the wrong total weight of the E-mail, and the wrong weight for the test. The chances of some type of bug in Declude JunkMail changing the trigger weight of the test from 7 to 10 -- the default value -- is extremely small. The chances of that happening *and* Declude JunkMail corrupting the actual weight from 11 to 18 and then back to 11 is nearly non-existent. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] holding not deleting
Can you post the full header for that message? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Friday, November 28, 2003 12:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] holding not deleting Here is the config file section: XINHEADER X-RBL-Warning: Total weight: %WEIGHT% XOUTHEADERX-RBL-Warning: Total weight: %WEIGHT% XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT%. XINHEADER X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XINHEADER X-Spam-Tests-Failed: %TESTSFAILED% [%WEIGHT%] XOUTHEADERX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XSENDER ON XSPOOLNAMEOFF XOUTHEADEROrganization: Thumpernet XOUTHEADERX-Note: Please report abuse to [EMAIL PROTECTED] #IPBYPASS 127.0.0.1 -- Original Message -- From: Colbeck, Andrew [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 28 Nov 2003 12:01:30 -0800 Andy, what is your global.cfg line that produces the total in the header? It doesn't look line mine, and SpamReview has a very specific requirement to report the correct value, e.g. XOUTHEADER X-Note: Total spam weight of this E-mail is %WEIGHT%. (my implementation of IMail is as a gateway, so everything is OUT. You may be using XINHEADER.) Also, how about taking apart the rest of the log and your config files and adding up the math manually? Andrew 8) -Original Message- From: andyb [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2003 11:51 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] holding not deleting I'm looking at Weight of 18 reaches or exceeds the limit of 10. It it is 18, it also exceeds 14, the limit I delete at Thanks, andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 2:29 PM Subject: RE: [Declude.JunkMail] holding not deleting Here is what spam review reports: X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?69.6.42.52 X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL - http://blackholes.easynet.nl/errors.html X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL6636 X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) X-RBL-Warning: Total weight: 11 Is this what you are looking at, the 17 here: X-RBL-Warning: MYFILTER: Message failed MYFILTER test (17) That is the line number in the MYFILTER test that caused it to be caught, not the weight. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IPBYPASS limitations
You said At the moment I'm already over this limit -- because you have 21 IPBYPASS entries. My comment was that because you have more than 20 entries, some of them will not be used by Declude JunkMail. It will only use 20 of them. And if I discover other MTAs in this two IP blocks I would need much more then 21 entries... Remember, though, that those MTAs aren't your mailservers. The IPBYPASS option was created for IPs of your own gateway/backup mailservers. The HOPHIGH option was designed for scanning IPs on multiple hops. What you are doing here goes beyond the scope of what Declude JunkMail features were designed to do. Declude is very flexible, but does have limitations. We aren't yet aware of anyone with a total of 20 or more backup/gateway mailservers. :) But if I whitelist an IP or IP-range wouldn't this whitelist the message generally and avoid that other spam-tests are able to catch the spam? Correct. It's tecnical so difficult to change this IPBYPASS handling from fixed 20 to something else? It is not very difficult. But it is difficult (costly, to be more precise, in terms of making very careful changes to the code and determining performance changes) to change it to an unlimited number of entries. So we need to decide how important such a change is, the maximum value we can see our customers using in the near future, and the effect of any extra memory allocation. What happens here is that if we say OK, this is a good use of the IPBYPASS feature, there are going to be people who use it like whitelisting, and want to enter hundreds or thousands of IPs. One other option might be to use HOPHIGH 1, which will scan an extra hop for all E-mail. Then, the negative weighting for their IP will help the E-mail, but if the next IP is bad, then the E-mail will be more likely to get caught. I use already a hophigh=1 Then if you do not use the IPBYPASS option, and an E-mail comes from one of those IPs, Declude JunkMail will still scan the next hop (which is what you are getting with IPBYPASS). So I am not sure what IPBYPASS is accomplishing here. In this case, with HOPHIGH 1, it will scan an extra hop -- but that probably will not accomplish much. That would only have an effect if the ISP gets an E-mail from a good IP, which got the E-mail from a bad IP. That should be quite rare. It's simple to whitelist all messages from this IPs but an intelligent solution that allows to bypass entire IP ranges would by much better. Perhaps a filter that checks the reverse DNS entry, such as REVDNS -10 CONTAINS .example.com? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Anyone knowing this service
http://www.unsubscribenow.org/ Are they a serius company `? Benny --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Anyone knowing this service
It seems to me like spammers setup a service where we have to pay them in order not get spammed ?! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ISPHuset Nordic Sent: Saturday, November 29, 2003 2:48 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Anyone knowing this service http://www.unsubscribenow.org/ Are they a serius company `? Benny --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
Ok, But there is only one email server...I think the weird thing is that of the 20 virtual domains and 500 or so email boxes, this is only happening for this *one* email address Did you see anything else wrong in my config files? Thanks, andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 3:32 PM Subject: Re: [Declude.JunkMail] holding not deleting I sent the config files ot [EMAIL PROTECTED] The only thing that makes sense here is that the E-mail is going through another server running Declude JunkMail. Otherwise: X-RBL-Warning: WEIGHT10: Weight of 18 reaches or exceeds the limit of 10. X-RBL-Warning: Total weight: 11 The WEIGHT10 test would have the wrong total weight of the E-mail, and the wrong weight for the test. The chances of some type of bug in Declude JunkMail changing the trigger weight of the test from 7 to 10 -- the default value -- is extremely small. The chances of that happening *and* Declude JunkMail corrupting the actual weight from 11 to 18 and then back to 11 is nearly non-existent. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] %TESTSFAILED%
Would anyone care to post an example so I can see the math? I still don't get how to use IPNOTINMX properly. Thanks, andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 1:24 AM Subject: RE: [Declude.JunkMail] %TESTSFAILED% In the case of IPNOTINMX and NOLEGITCONTENT, it works just the opposite. If the messages fails, no weight is added or subtracted. If the test passes, the negative weight is subtracted. Therefore, if one of those tests is listed under %TESTSFAILED%, it means nothing was done. Likewise, the actions for those tests should be INGNORE or LOG only, as again if the tests failed means nothing. Only if the messages passes the test is weight subtracted. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of serge Sent: Thursday, November 27, 2003 7:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] %TESTSFAILED% Scott I do not think it is a good idea to hide tests like ipnotinmx, because we wont know their weight contribution we need a hidetest when weight =0, but that will show the negative value when passed test something like %weightnot0test% variable with all tests that contributed to the total weight (negative, positive, passed, or failed) this will show ipnotinmx and nonlegitcontent type tests whey they pass Hope you understand what i'm trying to say - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:01 PM Subject: Re: [Declude.JunkMail] %TESTSFAILED% Any progress/word on when certain tests can be excluded from this variable? This will be in the next release. :) The next release will allow for an option HIDETESTS in the global.cfg file (the default setting will be HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT), which will prevent those tests from showing up in the X-Spam-Tests-Failed: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SpamDomains
Why didn't this message fail spamdomains? Received: from bzq-218-101-218.red.bezeqint.net [81.218.101.218] by mail.localdomain.moc (SMTPD32-8.04) id A88A13960090; Fri, 28 Nov 2003 14:56:58 -0500 Received: from [51.180.2.49] by bzq-218-101-218.red.bezeqint.net id 5JCQ8r8Lw22M; Fri, 28 Nov 2003 23:57:03 +0400 Message-ID: [EMAIL PROTECTED] From: Alden Parham [EMAIL PROTECTED] Reply-To: Alden Parham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 20 Free amateur Pics - Hot xgnvnb Date: Fri, 28 Nov 03 23:57:03 GMT X-Mailer: Microsoft Outlook, Build 10.0.2616 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=EF.F4.__.45 X-Priority: 3 X-MSMail-Priority: Normal X-RBL-Warning: SORBS-DUL: Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=81.218.101.218 X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8014000f]. X-RBL-Warning: WHITEFILTER1: Message failed WHITEFILTER1 test (line 67, weight -5) X-RBL-Warning: SPAMCHECK: Message failed SPAMCHECK: 4. X-Declude-Sender: [EMAIL PROTECTED] [81.218.101.218] X-Declude-Spoolname: Da88a13960090f6a9.SMD X-RBL-Warning: Total weight: 30 X-RBL-Warning: TESTS FAILED: SORBS-DUL, NOABUSE, NOPOSTMASTER, BADHEADERS, WHITEFILTER1, SPAMCHECK, SPAMDOMAINS X-Note: This E-mail was sent from bzq-218-101-218.red.bezeqint.net ([81.218.101.218]). From the spamdomains.txt file: amazon.com ameritech.net yahoo.com aol.com netscape.net @att. .att. attbi.com bellatlantic.netverizon.net bellsouth.net charter.net china.com comcast.net compuserve. .aol.com concentric. .cnchost.com cox.net @cs.com .aol.com earthlink. email.itwebmessenger.it excite.com excitenetwork.com geocities.com .yahoo. @go.com .go.com gte.net verizon.net hotmail.com msn.com juno.comuntd.com lycos.com lycos.atspray.net mac.com apple.com mailcity.comlycos.com mindspring. earthlink. msn.com hotmail.com netscape.netaol.com netzero.com untd.com prodigy.net qwest. .uswest. rocketmail.com yahoo. .rr.com sbc.com sympatico.cabellnexxia.net t-online.de t-online.com usa.net mx.net verizon.net .bellatlantic. wanadoo.fr @yahoo. .yahoo. zzn.com mailcentro.com @aol.ca @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com @australiamail.com outblaze.com @berlin.com outblaze.com @bikerider.com outblaze.com @catlover.com outblaze.com @cheerful.com outblaze.com @chemist.comoutblaze.com @clerk.com outblaze.com @cliffhanger.comoutblaze.com @columnist.com outblaze.com @comic.com outblaze.com @consultant.com outblaze.com @counsellor.com outblaze.com @cutey.com outblaze.com @deliveryman.comoutblaze.com @diplomats.com outblaze.com @doctor.com outblaze.com @doglover.com outblaze.com @dr.com outblaze.com @dublin.com outblaze.com @earthling.net outblaze.com @email.com outblaze.com @engineer.com outblaze.com @europe.com outblaze.com @execs.com outblaze.com @financier.com outblaze.com @gardener.com outblaze.com @geologist.com outblaze.com @graphic-designer.com outblaze.com @hairdresser.netoutblaze.com @hot-shot.com outblaze.com @iname.com outblaze.com @inorbit.comoutblaze.com @insurer.comoutblaze.com @japan.com outblaze.com @journalist.com outblaze.com @lawyer.com outblaze.com @legislator.com outblaze.com @lobbyist.com outblaze.com @london.com outblaze.com @loveable.com outblaze.com @mad.scientist.com outblaze.com @madrid.com outblaze.com @mail.com outblaze.com @mindless.com outblaze.com @minister.com outblaze.com @moscowmail.com outblaze.com @munich.com outblaze.com @musician.org outblaze.com @myself.com outblaze.com @nycmail.comoutblaze.com @optician.com outblaze.com @paris.com outblaze.com @pediatrician.com outblaze.com @playful.comoutblaze.com @poetic.com outblaze.com @popstar.comoutblaze.com @post.com outblaze.com @presidency.com outblaze.com @priest.com outblaze.com @programmer.net outblaze.com @publicist.com outblaze.com @realtyagent.comoutblaze.com @registerednurses.com outblaze.com @repairman.com outblaze.com @representative.com outblaze.com @rescueteam.com outblaze.com @rome.com outblaze.com @saintly.comoutblaze.com @samerica.com outblaze.com @sanfranmail.comoutblaze.com @scientist.com outblaze.com @seductive.com outblaze.com @singapore.com outblaze.com @sociologist.comoutblaze.com @soon.com outblaze.com
RE: [Declude.JunkMail] %TESTSFAILED%
From the JunkMail Manual: This test should NOT be used to detect spam! It will be triggered when an E-mail is sent from an IP address that is not in its MX record. Although this test will catch a lot of spam (perhaps 80%), it will also catch a lot of legitimate mail (as quite a few larger mailers will send their mail through a different mailserver than they use to receive mail). What this test is good for is helping reduce false positives. By default, Declude JunkMail will subtract several points from the weighting system when an E-mail does not fail this test (which is very different from the way a spam test normally works). John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of andyb Sent: Friday, November 28, 2003 5:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] %TESTSFAILED% Would anyone care to post an example so I can see the math? I still don't get how to use IPNOTINMX properly. Thanks, andy - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 1:24 AM Subject: RE: [Declude.JunkMail] %TESTSFAILED% In the case of IPNOTINMX and NOLEGITCONTENT, it works just the opposite. If the messages fails, no weight is added or subtracted. If the test passes, the negative weight is subtracted. Therefore, if one of those tests is listed under %TESTSFAILED%, it means nothing was done. Likewise, the actions for those tests should be INGNORE or LOG only, as again if the tests failed means nothing. Only if the messages passes the test is weight subtracted. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of serge Sent: Thursday, November 27, 2003 7:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] %TESTSFAILED% Scott I do not think it is a good idea to hide tests like ipnotinmx, because we wont know their weight contribution we need a hidetest when weight =0, but that will show the negative value when passed test something like %weightnot0test% variable with all tests that contributed to the total weight (negative, positive, passed, or failed) this will show ipnotinmx and nonlegitcontent type tests whey they pass Hope you understand what i'm trying to say - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:01 PM Subject: Re: [Declude.JunkMail] %TESTSFAILED% Any progress/word on when certain tests can be excluded from this variable? This will be in the next release. :) The next release will allow for an option HIDETESTS in the global.cfg file (the default setting will be HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT), which will prevent those tests from showing up in the X-Spam-Tests-Failed: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] holding not deleting
The only thing that makes sense here is that the E-mail is going through another server running Declude JunkMail. Otherwise: But there is only one email server... But if I send you an E-mail, you may see references to a WEIGHT10 test here, as well as your WEIGHT10 test. Remember that Declude can (and often is) running on two or more mailservers that handle a single E-mail. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist Auth ??
What this options does ?? WHITELIST AUTH Can't find it on the manual.. Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] How to white list some ISP ips ??
What would be the option to whitelist this domain ?? It comes from the IP of the conection.. Nothing to do with the real sender.. The header is.. X-Note: This E-mail was sent from dup-148-233-101-61.prodigy.net.mx I tried WHITELIST REVDNS .prodigy.net.mx Didn't work.. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filtering on Imail spam tests
Hi, Very sorry if this has been covered before - I searched and did not find a solution - I am having no luck filtering on HEADERS 0 CONTAINS X-IMAIL-SPAM-PHRASE and on HEADERS 0 CONTAIN X-IMAIL-SPAM-URL-DBL I cut and paste into an email from Imails phrase-list.txt send it to myself, the received email header is marked X-IMAIL-SPAM-PHRASE: 1010fast com however DJMP is not triggered. These Imail tests occur *after* DJM has run? Thanks Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist Auth ??
It will whitelist email from authenticated users. YOu must be using Imail 8 for this option to work. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alejandro Valenzuela Sent: Friday, November 28, 2003 6:14 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Whitelist Auth ?? What this options does ?? WHITELIST AUTH Can't find it on the manual.. Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How to white list some ISP ips ??
Is this a user of yours that authenticates? If it is and you are on Imail 8.x user Whitelist Auth. I would not reccomend whitleising dial up ip addresses. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alejandro Valenzuela Sent: Friday, November 28, 2003 6:24 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] How to white list some ISP ips ?? What would be the option to whitelist this domain ?? It comes from the IP of the conection.. Nothing to do with the real sender.. The header is.. X-Note: This E-mail was sent from dup-148-233-101-61.prodigy.net.mx I tried WHITELIST REVDNS .prodigy.net.mx Didn't work.. Thanks.. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SKIPIFWEIGHT and MAXWEIGHT
Does any one have more information on these SKIPIFWEIGHT and MAXWEIGHT Thanks. Fred - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 10:37 AM Subject: Re: [Declude.JunkMail] improved performance using ramdrive? Frederick - I suggest you try the new feature in the latest intrim release that has these commands avail: SKIPIFWEIGHT and MAXWEIGHT Place your compensatory filters [ones that reduce scoring] in the global config ahead of the other filter files. For me frankly most of my filters do not even now run - the dns tests take care of the load so cpu use is way down -Nick From: Frederick Samarelli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject:Re: [Declude.JunkMail] improved performance using ramdrive? Date sent: Wed, 26 Nov 2003 09:44:37 -0500 Send reply to: [EMAIL PROTECTED] I have some big filters and see very little disk access. I don't think it would help. What Delcude uses is CPU CPU CPU CPU ... - Original Message - From: Gufler Markus [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 9:21 AM Subject: [Declude.JunkMail] improved performance using ramdrive? Hi all, Anyone has experiences using a ramdrive for all declude exe, config and filter files? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] %TESTSFAILED%
John I understand how the ipnotinmx works i just want an easy way (%variable%) to put in the header that will show all tests that contributed to the total weight, and their individual contribution that mean if a mail passes ipnotinmx, then ipnotinmx (-3) should show in the above %variable% This can be a failed test, a passed test, a negative weight, or a positive weight, in summary, any test with a non zero weight added or substracted It will save us going to the logs every time to see how the weight was calculated the above is even more important with the new option that will hide ipnotinmx, since now, when we do not see ipnotinmx in testfailed, we know that we have a -3 but if we hide ipnotinmx, we will not know if it was passed or failed, and wont know if it contributed to total weight. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 6:24 AM Subject: RE: [Declude.JunkMail] %TESTSFAILED% In the case of IPNOTINMX and NOLEGITCONTENT, it works just the opposite. If the messages fails, no weight is added or subtracted. If the test passes, the negative weight is subtracted. Therefore, if one of those tests is listed under %TESTSFAILED%, it means nothing was done. Likewise, the actions for those tests should be INGNORE or LOG only, as again if the tests failed means nothing. Only if the messages passes the test is weight subtracted. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of serge Sent: Thursday, November 27, 2003 7:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] %TESTSFAILED% Scott I do not think it is a good idea to hide tests like ipnotinmx, because we wont know their weight contribution we need a hidetest when weight =0, but that will show the negative value when passed test something like %weightnot0test% variable with all tests that contributed to the total weight (negative, positive, passed, or failed) this will show ipnotinmx and nonlegitcontent type tests whey they pass Hope you understand what i'm trying to say - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 7:01 PM Subject: Re: [Declude.JunkMail] %TESTSFAILED% Any progress/word on when certain tests can be excluded from this variable? This will be in the next release. :) The next release will allow for an option HIDETESTS in the global.cfg file (the default setting will be HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT), which will prevent those tests from showing up in the X-Spam-Tests-Failed: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamDomains
Looks like it did fail the spamdomains test: X-RBL-Warning: TESTS FAILED: SORBS-DUL, NOABUSE, NOPOSTMASTER, BADHEADERS, WHITEFILTER1, SPAMCHECK, SPAMDOMAINS Why do you ask, don't the log entries for this message support this? Bill - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 5:24 PM Subject: [Declude.JunkMail] SpamDomains Why didn't this message fail spamdomains? Received: from bzq-218-101-218.red.bezeqint.net [81.218.101.218] by mail.localdomain.moc (SMTPD32-8.04) id A88A13960090; Fri, 28 Nov 2003 14:56:58 -0500 Received: from [51.180.2.49] by bzq-218-101-218.red.bezeqint.net id 5JCQ8r8Lw22M; Fri, 28 Nov 2003 23:57:03 +0400 Message-ID: [EMAIL PROTECTED] From: Alden Parham [EMAIL PROTECTED] Reply-To: Alden Parham [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: 20 Free amateur Pics - Hot xgnvnb Date: Fri, 28 Nov 03 23:57:03 GMT X-Mailer: Microsoft Outlook, Build 10.0.2616 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=EF.F4.__.45 X-Priority: 3 X-MSMail-Priority: Normal X-RBL-Warning: SORBS-DUL: Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=81.218.101.218 X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8014000f]. X-RBL-Warning: WHITEFILTER1: Message failed WHITEFILTER1 test (line 67, weight -5) X-RBL-Warning: SPAMCHECK: Message failed SPAMCHECK: 4. X-Declude-Sender: [EMAIL PROTECTED] [81.218.101.218] X-Declude-Spoolname: Da88a13960090f6a9.SMD X-RBL-Warning: Total weight: 30 X-RBL-Warning: TESTS FAILED: SORBS-DUL, NOABUSE, NOPOSTMASTER, BADHEADERS, WHITEFILTER1, SPAMCHECK, SPAMDOMAINS X-Note: This E-mail was sent from bzq-218-101-218.red.bezeqint.net ([81.218.101.218]). From the spamdomains.txt file: amazon.com ameritech.net yahoo.com aol.com netscape.net @att. .att. attbi.com bellatlantic.net verizon.net bellsouth.net charter.net china.com comcast.net compuserve. .aol.com concentric. .cnchost.com cox.net @cs.com .aol.com earthlink. email.it webmessenger.it excite.com excitenetwork.com geocities.com .yahoo. @go.com .go.com gte.net verizon.net hotmail.com msn.com juno.com untd.com lycos.com lycos.at spray.net mac.com apple.com mailcity.com lycos.com mindspring. earthlink. msn.com hotmail.com netscape.net aol.com netzero.com untd.com prodigy.net qwest. .uswest. rocketmail.com yahoo. .rr.com sbc.com sympatico.ca bellnexxia.net t-online.de t-online.com usa.net mx.net verizon.net .bellatlantic. wanadoo.fr @yahoo. .yahoo. zzn.com mailcentro.com @aol.ca @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com @australiamail.com outblaze.com @berlin.com outblaze.com @bikerider.com outblaze.com @catlover.com outblaze.com @cheerful.com outblaze.com @chemist.com outblaze.com @clerk.com outblaze.com @cliffhanger.com outblaze.com @columnist.com outblaze.com @comic.com outblaze.com @consultant.com outblaze.com @counsellor.com outblaze.com @cutey.com outblaze.com @deliveryman.com outblaze.com @diplomats.com outblaze.com @doctor.com outblaze.com @doglover.com outblaze.com @dr.com outblaze.com @dublin.com outblaze.com @earthling.net outblaze.com @email.com outblaze.com @engineer.com outblaze.com @europe.com outblaze.com @execs.com outblaze.com @financier.com outblaze.com @gardener.com outblaze.com @geologist.com outblaze.com @graphic-designer.com outblaze.com @hairdresser.net outblaze.com @hot-shot.com outblaze.com @iname.com outblaze.com @inorbit.com outblaze.com @insurer.com outblaze.com @japan.com outblaze.com @journalist.com outblaze.com @lawyer.com outblaze.com @legislator.com outblaze.com @lobbyist.com outblaze.com @london.com outblaze.com @loveable.com outblaze.com @mad.scientist.com outblaze.com @madrid.com outblaze.com @mail.com outblaze.com @mindless.com outblaze.com @minister.com outblaze.com @moscowmail.com outblaze.com @munich.com outblaze.com @musician.org outblaze.com @myself.com outblaze.com @nycmail.com outblaze.com @optician.com outblaze.com @paris.com outblaze.com @pediatrician.com outblaze.com @playful.com outblaze.com @poetic.com outblaze.com @popstar.com outblaze.com @post.com outblaze.com @presidency.com outblaze.com @priest.com outblaze.com @programmer.net outblaze.com @publicist.com outblaze.com @realtyagent.com outblaze.com @registerednurses.com outblaze.com @repairman.com outblaze.com @representative.com outblaze.com @rescueteam.com outblaze.com @rome.com outblaze.com @saintly.com outblaze.com @samerica.com outblaze.com @sanfranmail.com
Re: [Declude.JunkMail] Filtering on Imail spam tests
Check the placement of the IMail headers from one of these messages. If the IMail headers show up under all of the Declude messages, then that would indicate that they are run after Declude, if above all of the Declude headers, then they were run before passed onto Declude. However, I think that only the IMail Statistical Filtering test runs after Declude. Let us know what you find... Bill - Original Message - From: nick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 28, 2003 6:42 PM Subject: Re: [Declude.JunkMail] Filtering on Imail spam tests Hi, Very sorry if this has been covered before - I searched and did not find a solution - I am having no luck filtering on HEADERS 0 CONTAINS X-IMAIL-SPAM-PHRASE and on HEADERS 0 CONTAIN X-IMAIL-SPAM-URL-DBL I cut and paste into an email from Imails phrase-list.txt send it to myself, the received email header is marked X-IMAIL-SPAM-PHRASE: 1010fast com however DJMP is not triggered. These Imail tests occur *after* DJM has run? Thanks Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.